1
0

MigrateOauthTables.php 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178
  1. <?php
  2. /**
  3. * @copyright 2021 Louis Chemineau <louis@chmn.me>
  4. *
  5. * @license GNU AGPL version 3 or any later version
  6. *
  7. * This program is free software: you can redistribute it and/or modify
  8. * it under the terms of the GNU Affero General Public License as
  9. * published by the Free Software Foundation, either version 3 of the
  10. * License, or (at your option) any later version.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. *
  20. */
  21. namespace OC\Repair\Owncloud;
  22. use OCP\Migration\IOutput;
  23. use OCP\Migration\IRepairStep;
  24. use OC\DB\Connection;
  25. use OC\DB\SchemaWrapper;
  26. use OCP\DB\QueryBuilder\IQueryBuilder;
  27. class MigrateOauthTables implements IRepairStep {
  28. /** @var Connection */
  29. protected $db;
  30. /**
  31. * @param Connection $db
  32. */
  33. public function __construct(Connection $db) {
  34. $this->db = $db;
  35. }
  36. /**
  37. * @return string
  38. */
  39. public function getName() {
  40. return 'Migrate oauth2_clients table to nextcloud schema';
  41. }
  42. public function run(IOutput $output) {
  43. $schema = new SchemaWrapper($this->db);
  44. if (!$schema->hasTable('oauth2_clients')) {
  45. $output->info("oauth2_clients table does not exist.");
  46. return;
  47. }
  48. $output->info("Update the oauth2_access_tokens table schema.");
  49. $schema = new SchemaWrapper($this->db);
  50. $table = $schema->getTable('oauth2_access_tokens');
  51. if (!$table->hasColumn('hashed_code')) {
  52. $table->addColumn('hashed_code', 'string', [
  53. 'notnull' => true,
  54. 'length' => 128,
  55. ]);
  56. }
  57. if (!$table->hasColumn('encrypted_token')) {
  58. $table->addColumn('encrypted_token', 'string', [
  59. 'notnull' => true,
  60. 'length' => 786,
  61. ]);
  62. }
  63. if (!$table->hasIndex('oauth2_access_hash_idx')) {
  64. $table->addUniqueIndex(['hashed_code'], 'oauth2_access_hash_idx');
  65. }
  66. if (!$table->hasIndex('oauth2_access_client_id_idx')) {
  67. $table->addIndex(['client_id'], 'oauth2_access_client_id_idx');
  68. }
  69. $output->info("Update the oauth2_clients table schema.");
  70. $schema = new SchemaWrapper($this->db);
  71. $table = $schema->getTable('oauth2_clients');
  72. if ($table->getColumn('name')->getLength() !== 64) {
  73. // shorten existing values before resizing the column
  74. $qb = $this->db->getQueryBuilder();
  75. $qb->update('oauth2_clients')
  76. ->set('name', $qb->createParameter('shortenedName'))
  77. ->where($qb->expr()->eq('id', $qb->createParameter('theId')));
  78. $qbSelect = $this->db->getQueryBuilder();
  79. $qbSelect->select('id', 'name')
  80. ->from('oauth2_clients');
  81. $result = $qbSelect->executeQuery();
  82. while ($row = $result->fetch()) {
  83. $id = $row['id'];
  84. $shortenedName = mb_substr($row['name'], 0, 64);
  85. $qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
  86. $qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
  87. $qb->executeStatement();
  88. }
  89. $result->closeCursor();
  90. // safely set the new column length
  91. $table->getColumn('name')->setLength(64);
  92. }
  93. if ($table->hasColumn('allow_subdomains')) {
  94. $table->dropColumn('allow_subdomains');
  95. }
  96. if ($table->hasColumn('trusted')) {
  97. $table->dropColumn('trusted');
  98. }
  99. if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
  100. $table->addColumn('client_identifier', 'string', [
  101. 'notnull' => true,
  102. 'length' => 64,
  103. 'default' => ''
  104. ]);
  105. $table->addIndex(['client_identifier'], 'oauth2_client_id_idx');
  106. }
  107. $this->db->migrateToSchema($schema->getWrappedSchema());
  108. if ($schema->getTable('oauth2_clients')->hasColumn('identifier')) {
  109. $output->info("Move identifier column's data to the new client_identifier column.");
  110. // 1. Fetch all [id, identifier] couple.
  111. $selectQuery = $this->db->getQueryBuilder();
  112. $selectQuery->select('id', 'identifier')->from('oauth2_clients');
  113. $result = $selectQuery->executeQuery();
  114. $identifiers = $result->fetchAll();
  115. $result->closeCursor();
  116. // 2. Insert them into the client_identifier column.
  117. foreach ($identifiers as ["id" => $id, "identifier" => $clientIdentifier]) {
  118. $insertQuery = $this->db->getQueryBuilder();
  119. $insertQuery->update('oauth2_clients')
  120. ->set('client_identifier', $insertQuery->createNamedParameter($clientIdentifier, IQueryBuilder::PARAM_STR))
  121. ->where($insertQuery->expr()->eq('id', $insertQuery->createNamedParameter($id, IQueryBuilder::PARAM_INT)))
  122. ->executeStatement();
  123. }
  124. $output->info("Drop the identifier column.");
  125. $schema = new SchemaWrapper($this->db);
  126. $table = $schema->getTable('oauth2_clients');
  127. $table->dropColumn('identifier');
  128. $this->db->migrateToSchema($schema->getWrappedSchema());
  129. }
  130. $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
  131. // delete the access tokens
  132. $qbDeleteAccessTokens = $this->db->getQueryBuilder();
  133. $qbSelectClientId = $this->db->getQueryBuilder();
  134. $qbSelectClientId->select('id')
  135. ->from('oauth2_clients')
  136. ->where(
  137. $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
  138. )
  139. ->orWhere(
  140. $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
  141. );
  142. $qbDeleteAccessTokens->delete('oauth2_access_tokens')
  143. ->where(
  144. $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
  145. );
  146. $qbDeleteAccessTokens->executeStatement();
  147. // delete the clients
  148. $qbDeleteClients = $this->db->getQueryBuilder();
  149. $qbDeleteClients->delete('oauth2_clients')
  150. ->where(
  151. $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
  152. )
  153. ->orWhere(
  154. $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
  155. );
  156. $qbDeleteClients->executeStatement();
  157. }
  158. }