MigrateOauthTables.php 5.5 KB

  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OC\Repair\Owncloud;
  7. use OC\DB\Connection;
  8. use OC\DB\SchemaWrapper;
  9. use OCP\DB\QueryBuilder\IQueryBuilder;
  10. use OCP\Migration\IOutput;
  11. use OCP\Migration\IRepairStep;
  12. class MigrateOauthTables implements IRepairStep {
  13. /** @var Connection */
  14. protected $db;
  15. /**
  16. * @param Connection $db
  17. */
  18. public function __construct(Connection $db) {
  19. $this->db = $db;
  20. }
  21. /**
  22. * @return string
  23. */
  24. public function getName() {
  25. return 'Migrate oauth2_clients table to nextcloud schema';
  26. }
  27. public function run(IOutput $output) {
  28. $schema = new SchemaWrapper($this->db);
  29. if (!$schema->hasTable('oauth2_clients')) {
  30. $output->info("oauth2_clients table does not exist.");
  31. return;
  32. }
  33. $output->info("Update the oauth2_access_tokens table schema.");
  34. $schema = new SchemaWrapper($this->db);
  35. $table = $schema->getTable('oauth2_access_tokens');
  36. if (!$table->hasColumn('hashed_code')) {
  37. $table->addColumn('hashed_code', 'string', [
  38. 'notnull' => true,
  39. 'length' => 128,
  40. ]);
  41. }
  42. if (!$table->hasColumn('encrypted_token')) {
  43. $table->addColumn('encrypted_token', 'string', [
  44. 'notnull' => true,
  45. 'length' => 786,
  46. ]);
  47. }
  48. if (!$table->hasIndex('oauth2_access_hash_idx')) {
  49. $table->addUniqueIndex(['hashed_code'], 'oauth2_access_hash_idx');
  50. }
  51. if (!$table->hasIndex('oauth2_access_client_id_idx')) {
  52. $table->addIndex(['client_id'], 'oauth2_access_client_id_idx');
  53. }
  54. $output->info("Update the oauth2_clients table schema.");
  55. $schema = new SchemaWrapper($this->db);
  56. $table = $schema->getTable('oauth2_clients');
  57. if ($table->getColumn('name')->getLength() !== 64) {
  58. // shorten existing values before resizing the column
  59. $qb = $this->db->getQueryBuilder();
  60. $qb->update('oauth2_clients')
  61. ->set('name', $qb->createParameter('shortenedName'))
  62. ->where($qb->expr()->eq('id', $qb->createParameter('theId')));
  63. $qbSelect = $this->db->getQueryBuilder();
  64. $qbSelect->select('id', 'name')
  65. ->from('oauth2_clients');
  66. $result = $qbSelect->executeQuery();
  67. while ($row = $result->fetch()) {
  68. $id = $row['id'];
  69. $shortenedName = mb_substr($row['name'], 0, 64);
  70. $qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
  71. $qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
  72. $qb->executeStatement();
  73. }
  74. $result->closeCursor();
  75. // safely set the new column length
  76. $table->getColumn('name')->setLength(64);
  77. }
  78. if ($table->hasColumn('allow_subdomains')) {
  79. $table->dropColumn('allow_subdomains');
  80. }
  81. if ($table->hasColumn('trusted')) {
  82. $table->dropColumn('trusted');
  83. }
  84. if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
  85. $table->addColumn('client_identifier', 'string', [
  86. 'notnull' => true,
  87. 'length' => 64,
  88. 'default' => ''
  89. ]);
  90. $table->addIndex(['client_identifier'], 'oauth2_client_id_idx');
  91. }
  92. $this->db->migrateToSchema($schema->getWrappedSchema());
  93. if ($schema->getTable('oauth2_clients')->hasColumn('identifier')) {
  94. $output->info("Move identifier column's data to the new client_identifier column.");
  95. // 1. Fetch all [id, identifier] couple.
  96. $selectQuery = $this->db->getQueryBuilder();
  97. $selectQuery->select('id', 'identifier')->from('oauth2_clients');
  98. $result = $selectQuery->executeQuery();
  99. $identifiers = $result->fetchAll();
  100. $result->closeCursor();
  101. // 2. Insert them into the client_identifier column.
  102. foreach ($identifiers as ["id" => $id, "identifier" => $clientIdentifier]) {
  103. $insertQuery = $this->db->getQueryBuilder();
  104. $insertQuery->update('oauth2_clients')
  105. ->set('client_identifier', $insertQuery->createNamedParameter($clientIdentifier, IQueryBuilder::PARAM_STR))
  106. ->where($insertQuery->expr()->eq('id', $insertQuery->createNamedParameter($id, IQueryBuilder::PARAM_INT)))
  107. ->executeStatement();
  108. }
  109. $output->info("Drop the identifier column.");
  110. $schema = new SchemaWrapper($this->db);
  111. $table = $schema->getTable('oauth2_clients');
  112. $table->dropColumn('identifier');
  113. $this->db->migrateToSchema($schema->getWrappedSchema());
  114. }
  115. $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
  116. // delete the access tokens
  117. $qbDeleteAccessTokens = $this->db->getQueryBuilder();
  118. $qbSelectClientId = $this->db->getQueryBuilder();
  119. $qbSelectClientId->select('id')
  120. ->from('oauth2_clients')
  121. ->where(
  122. $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
  123. )
  124. ->orWhere(
  125. $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
  126. );
  127. $qbDeleteAccessTokens->delete('oauth2_access_tokens')
  128. ->where(
  129. $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
  130. );
  131. $qbDeleteAccessTokens->executeStatement();
  132. // delete the clients
  133. $qbDeleteClients = $this->db->getQueryBuilder();
  134. $qbDeleteClients->delete('oauth2_clients')
  135. ->where(
  136. $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
  137. )
  138. ->orWhere(
  139. $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
  140. );
  141. $qbDeleteClients->executeStatement();
  142. }
  143. }