mirror of
https://github.com/nextcloud/server.git
synced 2026-03-02 05:20:46 -05:00
drop the oauth2_clients trusted column, delete unsupported clients and their access tokens, shorten oauth2 client names
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
This commit is contained in:
Julien Veyssier
parent
943bcb4443
commit
3188f68fb5
1 changed files with 55 additions and 0 deletions
|
|
@ -78,11 +78,35 @@ class MigrateOauthTables implements IRepairStep {
|
|||
$schema = new SchemaWrapper($this->db);
|
||||
$table = $schema->getTable('oauth2_clients');
|
||||
if ($table->getColumn('name')->getLength() !== 64) {
|
||||
// shorten existing values before resizing the column
|
||||
$qb = $this->db->getQueryBuilder();
|
||||
$qb->update('oauth2_clients')
|
||||
->set('name', $qb->createParameter('shortenedName'))
|
||||
->where($qb->expr()->eq('id', $qb->createParameter('theId')));
|
||||
|
||||
$qbSelect = $this->db->getQueryBuilder();
|
||||
$qbSelect->select('id', 'name')
|
||||
->from('oauth2_clients');
|
||||
|
||||
$result = $qbSelect->executeQuery();
|
||||
while ($row = $result->fetch()) {
|
||||
$id = $row['id'];
|
||||
$shortenedName = mb_substr($row['name'], 0, 64);
|
||||
$qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
|
||||
$qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
|
||||
$qb->executeStatement();
|
||||
}
|
||||
$result->closeCursor();
|
||||
|
||||
// safely set the new column length
|
||||
$table->getColumn('name')->setLength(64);
|
||||
}
|
||||
if ($table->hasColumn('allow_subdomains')) {
|
||||
$table->dropColumn('allow_subdomains');
|
||||
}
|
||||
if ($table->hasColumn('trusted')) {
|
||||
$table->dropColumn('trusted');
|
||||
}
|
||||
|
||||
if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
|
||||
$table->addColumn('client_identifier', 'string', [
|
||||
|
|
@ -120,5 +144,36 @@ class MigrateOauthTables implements IRepairStep {
|
|||
$table->dropColumn('identifier');
|
||||
$this->db->migrateToSchema($schema->getWrappedSchema());
|
||||
}
|
||||
|
||||
$output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
|
||||
// delete the access tokens
|
||||
$qbDeleteAccessTokens = $this->db->getQueryBuilder();
|
||||
|
||||
$qbSelectClientId = $this->db->getQueryBuilder();
|
||||
$qbSelectClientId->select('id')
|
||||
->from('oauth2_clients')
|
||||
->where(
|
||||
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
|
||||
)
|
||||
->orWhere(
|
||||
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
|
||||
);
|
||||
|
||||
$qbDeleteAccessTokens->delete('oauth2_access_tokens')
|
||||
->where(
|
||||
$qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
|
||||
);
|
||||
$qbDeleteAccessTokens->executeStatement();
|
||||
|
||||
// delete the clients
|
||||
$qbDeleteClients = $this->db->getQueryBuilder();
|
||||
$qbDeleteClients->delete('oauth2_clients')
|
||||
->where(
|
||||
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
|
||||
)
|
||||
->orWhere(
|
||||
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
|
||||
);
|
||||
$qbDeleteClients->executeStatement();
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue