Add repair job that will ensure that secret and passwordsalt are set

Signed-off-by: Carl Schwan <carl@carlschwan.eu>

diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index 6f2d7ceaf6ab6c25bb1f15bec4539d60923450c7..d8016e10b79922cd4f5d15874a8d98b81428673a 100644 (file)
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -1470,6 +1470,7 @@ return array(
     'OC\\Repair\\NC21\\ValidatePhoneNumber' => $baseDir . '/lib/private/Repair/NC21/ValidatePhoneNumber.php',
     'OC\\Repair\\NC22\\LookupServerSendCheck' => $baseDir . '/lib/private/Repair/NC22/LookupServerSendCheck.php',
     'OC\\Repair\\NC24\\AddTokenCleanupJob' => $baseDir . '/lib/private/Repair/NC24/AddTokenCleanupJob.php',
+    'OC\\Repair\\NC25\\AddMissingSecretJob' => $baseDir . '/lib/private/Repair/NC25/AddMissingSecretJob.php',
     'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php',
     'OC\\Repair\\Owncloud\\CleanPreviews' => $baseDir . '/lib/private/Repair/Owncloud/CleanPreviews.php',
     'OC\\Repair\\Owncloud\\CleanPreviewsBackgroundJob' => $baseDir . '/lib/private/Repair/Owncloud/CleanPreviewsBackgroundJob.php',

diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index 7c2ba76d29b2700265e3b0ceeb577e7eaac5d198..595c7ec3736d9e9aaffd1ffb40a70f1b367e0382 100644 (file)
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -1503,6 +1503,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2
         'OC\\Repair\\NC21\\ValidatePhoneNumber' => __DIR__ . '/../../..' . '/lib/private/Repair/NC21/ValidatePhoneNumber.php',
         'OC\\Repair\\NC22\\LookupServerSendCheck' => __DIR__ . '/../../..' . '/lib/private/Repair/NC22/LookupServerSendCheck.php',
         'OC\\Repair\\NC24\\AddTokenCleanupJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC24/AddTokenCleanupJob.php',
+        'OC\\Repair\\NC25\\AddMissingSecretJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC25/AddMissingSecretJob.php',
         'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php',
         'OC\\Repair\\Owncloud\\CleanPreviews' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/CleanPreviews.php',
         'OC\\Repair\\Owncloud\\CleanPreviewsBackgroundJob' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/CleanPreviewsBackgroundJob.php',

diff --git a/lib/private/Repair.php b/lib/private/Repair.php
index 5f4747721ca3ace038f6ba9f97f42e234356711e..9ca3ece6dd493c55eaeaa8551823be35c8011ec6 100644 (file)
--- a/lib/private/Repair.php
+++ b/lib/private/Repair.php
@@ -71,6 +71,7 @@ use OC\Repair\NC21\AddCheckForUserCertificatesJob;
 use OC\Repair\NC21\ValidatePhoneNumber;
 use OC\Repair\NC22\LookupServerSendCheck;
 use OC\Repair\NC24\AddTokenCleanupJob;
+use OC\Repair\NC25\AddMissingSecretJob;
 use OC\Repair\OldGroupMembershipShares;
 use OC\Repair\Owncloud\CleanPreviews;
 use OC\Repair\Owncloud\DropAccountTermsTable;
@@ -209,6 +210,7 @@ class Repair implements IOutput {
                        \OCP\Server::get(LookupServerSendCheck::class),
                        \OCP\Server::get(AddTokenCleanupJob::class),
                        \OCP\Server::get(CleanUpAbandonedApps::class),
+                       \OCP\Server::get(AddMissingSecretJob::class),
                ];
        }
 

diff --git a/lib/private/Repair/NC25/AddMissingSecretJob.php b/lib/private/Repair/NC25/AddMissingSecretJob.php
new file mode 100644 (file)
index 0000000..0aca640
--- /dev/null
+++ b/lib/private/Repair/NC25/AddMissingSecretJob.php
@@ -0,0 +1,64 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2022 Carl Schwan <carl@carlschwan.eu>
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OC\Repair\NC25;
+
+use OC\Authentication\Token\TokenCleanupJob;
+use OCP\HintException;
+use OCP\IConfig;
+use OCP\Migration\IOutput;
+use OCP\Migration\IRepairStep;
+use OCP\Security\ISecureRandom;
+
+class AddMissingSecretJob implements IRepairStep {
+       private IConfig $config;
+       private ISecureRandom $random;
+
+       public function __construct(IConfig $config, ISecureRandom $random) {
+               $this->config = $config;
+               $this->random = $random;
+       }
+
+       public function getName(): string {
+               return 'Add possibly missing system config';
+       }
+
+       public function run(IOutput $output): void {
+               $passwordSalt = $this->config->getSystemValue('passwordsalt', null);
+               if ($passwordSalt === null || $passwordSalt === '') {
+                       try {
+                               $this->config->setSystemValue('passwordsalt', $this->random->generate(30));
+                       } catch (HintException $e) {
+                               $output->warning("passwordsalt is missing from your config.php and your config.php is read only. Please fix it manually.");
+                       }
+               }
+
+               $secret = $this->config->getSystemValue('secret', null);
+               if ($secret === null || $secret === '') {
+                       try {
+                               $this->config->setSystemValue('secret', $this->random->generate(48));
+                       } catch (HintException $e) {
+                               $output->warning("secret is missing from your config.php and your config.php is read only. Please fix it manually.");
+                       }
+               }
+       }
+}