Add migrator for removed StorePassword

[ReneWerner87]

Summary

• add migration helper to comment out removed StorePassword option
• include new migrator in migration list
• test that the migrator comments out the field

Testing

• go run gotest.tools/gotestsum@latest -f testname -- ./... -race -count=1 -shuffle=on

---

https://chatgpt.com/codex/tasks/task_e_688c9bbe30a88326b43d494955195944

Summary by CodeRabbit

• New Features

  • Migration now automatically comments out deprecated StorePassword options in basicauth configurations, adding a TODO note for user review.

• Tests

  • Added tests to verify that deprecated StorePassword options are properly handled and users are notified during migration.

[coderabbitai]

Walkthrough

A new migration function, MigrateBasicauthStorePassword, was introduced to handle the removal of the StorePassword option from basicauth middleware configurations. This function was added to the migration sequence and is accompanied by a dedicated test to validate its behavior.

Changes

Cohort / File(s)	Change Summary
Migration Function Registration cmd/internal/migrations/lists.go	Added MigrateBasicauthStorePassword to the migration function list for versions 2.x to <4.0.0-0.
Migration Implementation cmd/internal/migrations/v3/common.go	Implemented MigrateBasicauthStorePassword to comment out and annotate removed StorePassword fields.
Migration Testing cmd/internal/migrations/v3/common_test.go	Added Test_MigrateBasicauthStorePassword to verify correct migration and output log for the removed field.

Sequence Diagram(s)

sequenceDiagram
    participant Test as Test Runner
    participant Migration as MigrateBasicauthStorePassword
    participant File as Config File

    Test->>File: Write config with StorePassword field
    Test->>Migration: Call MigrateBasicauthStorePassword
    Migration->>File: Read config
    Migration->>File: Find StorePassword field via regex
    Migration->>File: Comment out StorePassword with TODO note
    Migration->>File: Write updated config
    Migration->>Test: Print migration message
    Test->>File: Read updated config
    Test->>Test: Assert StorePassword is commented and message is present

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• Add basicauth config migrator #150: Adds a different migration (MigrateBasicauthConfig) for updating basicauth config fields and password hashing, also modifying basicauth migrations but targeting distinct configuration aspects.

Suggested labels

✏️ Feature

Poem

A hop and a skip through the config’s old store,
The rabbit found passwords that don’t fit anymore.
With a whisk of its paw, a migration appeared—
Out went old fields, with a comment endeared.
Now tests give a cheer,
For the code’s crystal clear!
🐇✨

Note

⚡️ Unit Test Generation is now available in beta!

Learn more here, or try it out under "Finishing Touches" below.

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3351898 and 655095d.

📒 Files selected for processing (3)

• cmd/internal/migrations/lists.go (1 hunks)
• cmd/internal/migrations/v3/common.go (1 hunks)
• cmd/internal/migrations/v3/common_test.go (1 hunks)

🧰 Additional context used

🧠 Learnings (11)

📓 Common learnings

Learnt from: gaby
PR: gofiber/fiber#3056
File: middleware/encryptcookie/utils.go:20-23
Timestamp: 2024-10-08T19:06:06.583Z
Learning: Unit tests for key length enforcement in both `EncryptCookie` and `DecryptCookie` functions have been added to ensure robust validation and prevent potential runtime errors.

Learnt from: gaby
PR: gofiber/fiber#3056
File: middleware/encryptcookie/utils.go:20-23
Timestamp: 2024-07-01T03:44:03.672Z
Learning: Unit tests for key length enforcement in both `EncryptCookie` and `DecryptCookie` functions have been added to ensure robust validation and prevent potential runtime errors.

Learnt from: sixcolors
PR: gofiber/fiber#3016
File: middleware/csrf/csrf_test.go:164-165
Timestamp: 2024-09-25T17:08:07.693Z
Learning: In the `Test_CSRF_WithSession_Middleware` function, calling `session.NewWithStore()` without arguments is acceptable, as the default configuration is sufficient.

Learnt from: sixcolors
PR: gofiber/fiber#3016
File: middleware/csrf/csrf_test.go:164-165
Timestamp: 2024-10-08T19:06:06.583Z
Learning: In the `Test_CSRF_WithSession_Middleware` function, calling `session.NewWithStore()` without arguments is acceptable, as the default configuration is sufficient.

Learnt from: gaby
PR: gofiber/fiber#3056
File: middleware/encryptcookie/utils.go:51-54
Timestamp: 2024-10-08T19:06:06.583Z
Learning: Unit tests for key length enforcement in `DecryptCookie` have been added to ensure consistency and security in the encryption processes.

Learnt from: gaby
PR: gofiber/fiber#3056
File: middleware/encryptcookie/utils.go:51-54
Timestamp: 2024-07-01T03:33:22.283Z
Learning: Unit tests for key length enforcement in `DecryptCookie` have been added to ensure consistency and security in the encryption processes.

📚 Learning: in the fiber framework, breaking changes are acceptable when moving from version 2 to version 3, inc...

Learnt from: ReneWerner87
PR: gofiber/fiber#3161
File: app.go:923-932
Timestamp: 2024-11-15T07:56:21.623Z
Learning: In the Fiber framework, breaking changes are acceptable when moving from version 2 to version 3, including modifications to method signatures such as in the `Test` method in `app.go`.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: parallel tests for `session.save` already exist in the `middleware/session/session_test.go` file, sp...

Learnt from: sixcolors
PR: gofiber/fiber#3051
File: middleware/session/session.go:215-216
Timestamp: 2024-10-08T19:06:06.583Z
Learning: Parallel tests for `Session.Save` already exist in the `middleware/session/session_test.go` file, specifically in the `Test_Session_Save` and `Test_Session_Save_Expiration` functions.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: in test code within `clean-code/app/datasources/database/db_mock.go`, adding safety checks like cont...

Learnt from: norri
PR: gofiber/recipes#2701
File: clean-code/app/datasources/database/db_mock.go:13-19
Timestamp: 2024-11-23T19:50:06.387Z
Learning: In test code within `clean-code/app/datasources/database/db_mock.go`, adding safety checks like context validation, safe type assertions, and extra documentation is not necessary.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: the `encryptcookie_test.go` file contains unit tests that validate key lengths for both `encryptcook...

Learnt from: gaby
PR: gofiber/fiber#3056
File: middleware/encryptcookie/utils.go:22-25
Timestamp: 2024-07-02T13:29:56.992Z
Learning: The `encryptcookie_test.go` file contains unit tests that validate key lengths for both `EncryptCookie` and `DecryptCookie` functions, ensuring that invalid key lengths raise appropriate errors.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: in go test files, prefer using the `require` methods from the `testify` package for assertions inste...

Learnt from: efectn
PR: gofiber/fiber#3162
File: hooks_test.go:228-228
Timestamp: 2024-12-13T08:14:22.851Z
Learning: In Go test files, prefer using the `require` methods from the `testify` package for assertions instead of manual comparisons and calls to `t.Fatal` or `t.Fatalf`.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: in the `test_session_next` function in `middleware/session/middleware_test.go`, the variable `donext...

Learnt from: sixcolors
PR: gofiber/fiber#3016
File: middleware/session/middleware_test.go:400-407
Timestamp: 2024-09-25T17:09:03.756Z
Learning: In the `Test_Session_Next` function in `middleware/session/middleware_test.go`, the variable `doNext` is properly synchronized with the `muNext` mutex for both read and write access.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: unit tests in this project use testify require....

Learnt from: sixcolors
PR: gofiber/fiber#3016
File: middleware/session/store.go:164-167
Timestamp: 2024-10-02T23:03:31.727Z
Learning: Unit tests in this project use testify require.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: in the `test_app_shutdownwithcontext` function in `app_test.go`, the `clientdone` channel is used to...

Learnt from: efectn
PR: gofiber/fiber#3162
File: app_test.go:893-895
Timestamp: 2024-11-29T12:37:27.581Z
Learning: In the `Test_App_ShutdownWithContext` function in `app_test.go`, the `clientDone` channel is used to synchronize the client's request completion before proceeding, eliminating the need for additional `time.Sleep` calls.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: when testing session `idletimeout` expiration, it's acceptable to use `time.sleep` to simulate the p...

Learnt from: sixcolors
PR: gofiber/fiber#3016
File: middleware/session/middleware_test.go:190-191
Timestamp: 2024-10-12T10:01:44.206Z
Learning: When testing session `IdleTimeout` expiration, it's acceptable to use `time.Sleep` to simulate the passage of time in tests.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

📚 Learning: the project uses the testify/assert package for assertions in unit tests....

Learnt from: sixcolors
PR: gofiber/fiber#2922
File: middleware/cors/utils.go:63-71
Timestamp: 2024-07-26T21:00:12.902Z
Learning: The project uses the testify/assert package for assertions in unit tests.

Applied to files:

• cmd/internal/migrations/v3/common_test.go

🧬 Code Graph Analysis (3)

cmd/internal/migrations/lists.go (1)

cmd/internal/migrations/v3/common.go (1)

• MigrateBasicauthStorePassword (780-791)

cmd/internal/migrations/v3/common.go (1)

cmd/internal/helpers.go (1)

• ChangeFileContent (36-68)

cmd/internal/migrations/v3/common_test.go (1)

cmd/internal/migrations/v3/common.go (1)

• MigrateBasicauthStorePassword (780-791)

🔇 Additional comments (3)

cmd/internal/migrations/v3/common.go (1)

778-791: LGTM! Clean migration implementation.

The MigrateBasicauthStorePassword function follows the established pattern of other migration functions in this file. The regex pattern correctly captures whitespace, the field value, and optional comma, while the replacement preserves formatting and includes a helpful TODO comment with the original value.

cmd/internal/migrations/lists.go (1)

63-63: LGTM! Proper integration into migration list.

The MigrateBasicauthStorePassword function is correctly positioned after MigrateBasicauthConfig and before MigrateReqHeaderParser, which makes logical sense for basicauth-related migrations. The version constraint ">=2.0.0" to "<4.0.0-0" is appropriate for this v3 migration.

cmd/internal/migrations/v3/common_test.go (1)

1034-1058: LGTM! Comprehensive test coverage.

The test implementation follows the established pattern of other migration tests in this file and provides thorough validation:

• Creates realistic test input with StorePassword: true in basicauth configuration
• Verifies both the removal of the original field and addition of the TODO comment
• Checks the migration log message output
• Uses proper testify assertions and error handling
• Includes parallel execution and proper cleanup

The test effectively validates that the migration function works as intended.

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/2025-08-01-13-14-30

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai or @coderabbitai title anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[gemini-code-assist]

Summary of Changes

Hello @ReneWerner87, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request implements a new migration step to gracefully handle the deprecation and removal of the StorePassword configuration option from the basicauth middleware. The change ensures that existing user configurations are automatically updated by commenting out the removed field, thereby preventing potential issues during system upgrades and providing clear guidance for developers.

Highlights

• Migration Helper Added: A new migration helper, MigrateBasicauthStorePassword, has been introduced to address the removal of the StorePassword option within basicauth middleware configurations.
• Configuration Handling: This migrator identifies and comments out instances of StorePassword in configuration files, replacing them with a // TODO: StorePassword removed comment to indicate the change.
• Migration Integration: The new MigrateBasicauthStorePassword function has been added to the list of version 3 migrations, ensuring it runs as part of the upgrade process.
• Test Coverage: A dedicated test case, Test_MigrateBasicauthStorePassword, has been added to verify the correct functionality of the new migrator, ensuring it accurately comments out the specified field and logs the migration.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments or fill out our survey to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request adds a migration script to handle the removal of the StorePassword option from the basicauth middleware. The implementation correctly uses a regular expression to find and comment out the deprecated option, leaving a TODO for the developer. The change is also correctly added to the migration list. I've suggested an improvement to the test to cover more scenarios using a table-driven approach, which will increase confidence in the migration script's correctness.

[gemini-code-assist]

The current test covers a single scenario. To improve test coverage and ensure the migration is robust, I recommend converting this to a table-driven test. This would make it easy to check various scenarios, such as when StorePassword is the last item in the config (no trailing comma) versus when it's followed by other fields (with a trailing comma).

func Test_MigrateBasicauthStorePassword(t *testing.T) {
	t.Parallel()

	testCases := []struct {
		name  string
		input string
		want  string
	}{
		{
			name: "without trailing comma",
			input: `package main\nimport (\n    "github.com/gofiber/fiber/v2"\n    "github.com/gofiber/fiber/v2/middleware/basicauth"\n)\nvar _ = basicauth.New(basicauth.Config{\n    StorePassword: true,\n})`,
			want: `// TODO: StorePassword removed (true)`,
		},
		{
			name: "with trailing comma",
			input: `package main\nimport (\n    "github.com/gofiber/fiber/v2"\n    "github.com/gofiber/fiber/v2/middleware/basicauth"\n)\nvar _ = basicauth.New(basicauth.Config{\n    StorePassword: true,\n    Users: map[string]string{},\n})`,
			want: `// TODO: StorePassword removed (true),`,
		},
	}

	for _, tc := range testCases {
		tc := tc
		t.Run(tc.name, func(t *testing.T) {
			t.Parallel()

			dir, err := os.MkdirTemp("", "mbasicstore")
			require.NoError(t, err)
			defer func() { require.NoError(t, os.RemoveAll(dir)) }()

			file := writeTempFile(t, dir, tc.input)

			var buf bytes.Buffer
			cmd := newCmd(&buf)
			require.NoError(t, v3.MigrateBasicauthStorePassword(cmd, dir, nil, nil))

			content := readFile(t, file)
			assert.NotContains(t, content, "StorePassword:")
			assert.Contains(t, content, tc.want)
			assert.Contains(t, buf.String(), "Migrating basicauth StorePassword option")
		})
	}
}