Skip to content

Commit

Permalink
drop the oauth2_clients trusted column, delete unsupported clients an…
Browse files Browse the repository at this point in the history
…d their access tokens, shorten oauth2 client names

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
  • Loading branch information
julien-nc committed Jun 7, 2023
1 parent 943bcb4 commit 3188f68
Showing 1 changed file with 55 additions and 0 deletions.
55 changes: 55 additions & 0 deletions lib/private/Repair/Owncloud/MigrateOauthTables.php
Original file line number Diff line number Diff line change
Expand Up @@ -78,11 +78,35 @@ public function run(IOutput $output) {
$schema = new SchemaWrapper($this->db);
$table = $schema->getTable('oauth2_clients');
if ($table->getColumn('name')->getLength() !== 64) {
// shorten existing values before resizing the column
$qb = $this->db->getQueryBuilder();
$qb->update('oauth2_clients')
->set('name', $qb->createParameter('shortenedName'))
->where($qb->expr()->eq('id', $qb->createParameter('theId')));

$qbSelect = $this->db->getQueryBuilder();
$qbSelect->select('id', 'name')
->from('oauth2_clients');

$result = $qbSelect->executeQuery();
while ($row = $result->fetch()) {
$id = $row['id'];
$shortenedName = mb_substr($row['name'], 0, 64);
$qb->setParameter('theId', $id, IQueryBuilder::PARAM_INT);
$qb->setParameter('shortenedName', $shortenedName, IQueryBuilder::PARAM_STR);
$qb->executeStatement();
}
$result->closeCursor();

// safely set the new column length
$table->getColumn('name')->setLength(64);
}
if ($table->hasColumn('allow_subdomains')) {
$table->dropColumn('allow_subdomains');
}
if ($table->hasColumn('trusted')) {
$table->dropColumn('trusted');
}

if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
$table->addColumn('client_identifier', 'string', [
Expand Down Expand Up @@ -120,5 +144,36 @@ public function run(IOutput $output) {
$table->dropColumn('identifier');
$this->db->migrateToSchema($schema->getWrappedSchema());
}

$output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
// delete the access tokens
$qbDeleteAccessTokens = $this->db->getQueryBuilder();

$qbSelectClientId = $this->db->getQueryBuilder();
$qbSelectClientId->select('id')
->from('oauth2_clients')
->where(
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
)
->orWhere(
$qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
);

$qbDeleteAccessTokens->delete('oauth2_access_tokens')
->where(
$qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
);
$qbDeleteAccessTokens->executeStatement();

// delete the clients
$qbDeleteClients = $this->db->getQueryBuilder();
$qbDeleteClients->delete('oauth2_clients')
->where(
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
)
->orWhere(
$qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
);
$qbDeleteClients->executeStatement();
}
}

0 comments on commit 3188f68

Please sign in to comment.