mirror of
https://github.com/nextcloud/server.git
synced 2024-11-14 20:36:50 +00:00
162 lines
5.4 KiB
PHP
162 lines
5.4 KiB
PHP
<?php
|
|
/**
|
|
* SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
|
|
* SPDX-License-Identifier: AGPL-3.0-or-later
|
|
*/
|
|
namespace OC\Repair\Owncloud;
|
|
|
|
use OC\DB\Connection;
|
|
use OC\DB\SchemaWrapper;
|
|
use OCP\DB\QueryBuilder\IQueryBuilder;
|
|
use OCP\Migration\IOutput;
|
|
use OCP\Migration\IRepairStep;
|
|
|
|
class MigrateOauthTables implements IRepairStep {
|
|
/** @var Connection */
|
|
protected $db;
|
|
|
|
/**
|
|
* @param Connection $db
|
|
*/
|
|
public function __construct(Connection $db) {
|
|
$this->db = $db;
|
|
}
|
|
|
|
/**
|
|
* @return string
|
|
*/
|
|
public function getName() {
|
|
return 'Migrate oauth2_clients table to nextcloud schema';
|
|
}
|
|
|
|
public function run(IOutput $output) {
|
|
$schema = new SchemaWrapper($this->db);
|
|
if (!$schema->hasTable('oauth2_clients')) {
|
|
$output->info('oauth2_clients table does not exist.');
|
|
return;
|
|
}
|
|
|
|
$output->info('Update the oauth2_access_tokens table schema.');
|
|
$table = $schema->getTable('oauth2_access_tokens');
|
|
if (!$table->hasColumn('hashed_code')) {
|
|
$table->addColumn('hashed_code', 'string', [
|
|
'notnull' => true,
|
|
'length' => 128,
|
|
]);
|
|
}
|
|
if (!$table->hasColumn('encrypted_token')) {
|
|
$table->addColumn('encrypted_token', 'string', [
|
|
'notnull' => true,
|
|
'length' => 786,
|
|
]);
|
|
}
|
|
if (!$table->hasIndex('oauth2_access_hash_idx')) {
|
|
$table->addUniqueIndex(['hashed_code'], 'oauth2_access_hash_idx');
|
|
}
|
|
if (!$table->hasIndex('oauth2_access_client_id_idx')) {
|
|
$table->addIndex(['client_id'], 'oauth2_access_client_id_idx');
|
|
}
|
|
|
|
$output->info('Update the oauth2_clients table schema.');
|
|
$table = $schema->getTable('oauth2_clients');
|
|
if ($table->getColumn('name')->getLength() !== 64) {
|
|
// shorten existing values before resizing the column
|
|
$qb = $this->db->getQueryBuilder();
|
|
$qb->update('oauth2_clients')
|
|
->set('name', $qb->createParameter('shortenedName'))
|
|
->where($qb->expr()->eq('id', $qb->createParameter('theId')));
|
|
|
|
$qbSelect = $this->db->getQueryBuilder();
|
|
$qbSelect->select('id', 'name')
|
|
->from('oauth2_clients');
|
|
|
|
$result = $qbSelect->executeQuery();
|
|
while ($row = $result->fetch()) {
|
|
$id = $row['id'];
|
|
$shortenedName = mb_substr($row['name'], 0, 64);
|
|
$qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
|
|
$qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
|
|
$qb->executeStatement();
|
|
}
|
|
$result->closeCursor();
|
|
|
|
// safely set the new column length
|
|
$table->getColumn('name')->setLength(64);
|
|
}
|
|
if ($table->hasColumn('allow_subdomains')) {
|
|
$table->dropColumn('allow_subdomains');
|
|
}
|
|
if ($table->hasColumn('trusted')) {
|
|
$table->dropColumn('trusted');
|
|
}
|
|
|
|
if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
|
|
$table->addColumn('client_identifier', 'string', [
|
|
'notnull' => true,
|
|
'length' => 64,
|
|
'default' => ''
|
|
]);
|
|
$table->addIndex(['client_identifier'], 'oauth2_client_id_idx');
|
|
}
|
|
|
|
$this->db->migrateToSchema($schema->getWrappedSchema());
|
|
|
|
// Regenerate schema after migrating to it
|
|
$schema = new SchemaWrapper($this->db);
|
|
if ($schema->getTable('oauth2_clients')->hasColumn('identifier')) {
|
|
$output->info("Move identifier column's data to the new client_identifier column.");
|
|
// 1. Fetch all [id, identifier] couple.
|
|
$selectQuery = $this->db->getQueryBuilder();
|
|
$selectQuery->select('id', 'identifier')->from('oauth2_clients');
|
|
$result = $selectQuery->executeQuery();
|
|
$identifiers = $result->fetchAll();
|
|
$result->closeCursor();
|
|
|
|
// 2. Insert them into the client_identifier column.
|
|
foreach ($identifiers as ['id' => $id, 'identifier' => $clientIdentifier]) {
|
|
$insertQuery = $this->db->getQueryBuilder();
|
|
$insertQuery->update('oauth2_clients')
|
|
->set('client_identifier', $insertQuery->createNamedParameter($clientIdentifier, IQueryBuilder::PARAM_STR))
|
|
->where($insertQuery->expr()->eq('id', $insertQuery->createNamedParameter($id, IQueryBuilder::PARAM_INT)))
|
|
->executeStatement();
|
|
}
|
|
|
|
$output->info('Drop the identifier column.');
|
|
$table = $schema->getTable('oauth2_clients');
|
|
$table->dropColumn('identifier');
|
|
$this->db->migrateToSchema($schema->getWrappedSchema());
|
|
}
|
|
|
|
$output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
|
|
// delete the access tokens
|
|
$qbDeleteAccessTokens = $this->db->getQueryBuilder();
|
|
|
|
$qbSelectClientId = $this->db->getQueryBuilder();
|
|
$qbSelectClientId->select('id')
|
|
->from('oauth2_clients')
|
|
->where(
|
|
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
|
|
)
|
|
->orWhere(
|
|
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
|
|
);
|
|
|
|
$qbDeleteAccessTokens->delete('oauth2_access_tokens')
|
|
->where(
|
|
$qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
|
|
);
|
|
$qbDeleteAccessTokens->executeStatement();
|
|
|
|
// delete the clients
|
|
$qbDeleteClients = $this->db->getQueryBuilder();
|
|
$qbDeleteClients->delete('oauth2_clients')
|
|
->where(
|
|
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
|
|
)
|
|
->orWhere(
|
|
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
|
|
);
|
|
$qbDeleteClients->executeStatement();
|
|
}
|
|
}
|