123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163 |
- <?php
- /**
- * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
- namespace OC\Repair\Owncloud;
- use OC\DB\Connection;
- use OC\DB\SchemaWrapper;
- use OCP\DB\QueryBuilder\IQueryBuilder;
- use OCP\Migration\IOutput;
- use OCP\Migration\IRepairStep;
- class MigrateOauthTables implements IRepairStep {
- /** @var Connection */
- protected $db;
- /**
- * @param Connection $db
- */
- public function __construct(Connection $db) {
- $this->db = $db;
- }
- /**
- * @return string
- */
- public function getName() {
- return 'Migrate oauth2_clients table to nextcloud schema';
- }
- public function run(IOutput $output) {
- $schema = new SchemaWrapper($this->db);
- if (!$schema->hasTable('oauth2_clients')) {
- $output->info('oauth2_clients table does not exist.');
- return;
- }
- $output->info('Update the oauth2_access_tokens table schema.');
- $schema = new SchemaWrapper($this->db);
- $table = $schema->getTable('oauth2_access_tokens');
- if (!$table->hasColumn('hashed_code')) {
- $table->addColumn('hashed_code', 'string', [
- 'notnull' => true,
- 'length' => 128,
- ]);
- }
- if (!$table->hasColumn('encrypted_token')) {
- $table->addColumn('encrypted_token', 'string', [
- 'notnull' => true,
- 'length' => 786,
- ]);
- }
- if (!$table->hasIndex('oauth2_access_hash_idx')) {
- $table->addUniqueIndex(['hashed_code'], 'oauth2_access_hash_idx');
- }
- if (!$table->hasIndex('oauth2_access_client_id_idx')) {
- $table->addIndex(['client_id'], 'oauth2_access_client_id_idx');
- }
- $output->info('Update the oauth2_clients table schema.');
- $schema = new SchemaWrapper($this->db);
- $table = $schema->getTable('oauth2_clients');
- if ($table->getColumn('name')->getLength() !== 64) {
- // shorten existing values before resizing the column
- $qb = $this->db->getQueryBuilder();
- $qb->update('oauth2_clients')
- ->set('name', $qb->createParameter('shortenedName'))
- ->where($qb->expr()->eq('id', $qb->createParameter('theId')));
- $qbSelect = $this->db->getQueryBuilder();
- $qbSelect->select('id', 'name')
- ->from('oauth2_clients');
- $result = $qbSelect->executeQuery();
- while ($row = $result->fetch()) {
- $id = $row['id'];
- $shortenedName = mb_substr($row['name'], 0, 64);
- $qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
- $qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
- $qb->executeStatement();
- }
- $result->closeCursor();
- // safely set the new column length
- $table->getColumn('name')->setLength(64);
- }
- if ($table->hasColumn('allow_subdomains')) {
- $table->dropColumn('allow_subdomains');
- }
- if ($table->hasColumn('trusted')) {
- $table->dropColumn('trusted');
- }
- if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
- $table->addColumn('client_identifier', 'string', [
- 'notnull' => true,
- 'length' => 64,
- 'default' => ''
- ]);
- $table->addIndex(['client_identifier'], 'oauth2_client_id_idx');
- }
- $this->db->migrateToSchema($schema->getWrappedSchema());
- if ($schema->getTable('oauth2_clients')->hasColumn('identifier')) {
- $output->info("Move identifier column's data to the new client_identifier column.");
- // 1. Fetch all [id, identifier] couple.
- $selectQuery = $this->db->getQueryBuilder();
- $selectQuery->select('id', 'identifier')->from('oauth2_clients');
- $result = $selectQuery->executeQuery();
- $identifiers = $result->fetchAll();
- $result->closeCursor();
- // 2. Insert them into the client_identifier column.
- foreach ($identifiers as ['id' => $id, 'identifier' => $clientIdentifier]) {
- $insertQuery = $this->db->getQueryBuilder();
- $insertQuery->update('oauth2_clients')
- ->set('client_identifier', $insertQuery->createNamedParameter($clientIdentifier, IQueryBuilder::PARAM_STR))
- ->where($insertQuery->expr()->eq('id', $insertQuery->createNamedParameter($id, IQueryBuilder::PARAM_INT)))
- ->executeStatement();
- }
- $output->info('Drop the identifier column.');
- $schema = new SchemaWrapper($this->db);
- $table = $schema->getTable('oauth2_clients');
- $table->dropColumn('identifier');
- $this->db->migrateToSchema($schema->getWrappedSchema());
- }
- $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
- // delete the access tokens
- $qbDeleteAccessTokens = $this->db->getQueryBuilder();
- $qbSelectClientId = $this->db->getQueryBuilder();
- $qbSelectClientId->select('id')
- ->from('oauth2_clients')
- ->where(
- $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
- )
- ->orWhere(
- $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
- );
- $qbDeleteAccessTokens->delete('oauth2_access_tokens')
- ->where(
- $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
- );
- $qbDeleteAccessTokens->executeStatement();
- // delete the clients
- $qbDeleteClients = $this->db->getQueryBuilder();
- $qbDeleteClients->delete('oauth2_clients')
- ->where(
- $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
- )
- ->orWhere(
- $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
- );
- $qbDeleteClients->executeStatement();
- }
- }
|