Change column names to ldap_dn and ldap_dn_hash and add migration

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2021-11-04 12:06:59 +0100
committer: Côme Chilliet <come.chilliet@nextcloud.com> 2021-11-23 09:19:50 +0100
commit: 31a503b387aea7d47f1e071dc16a9bf757e4cbb3 (patch)
tree: e8a877dae67e58a9347b1eb0d969978f43cbc290
parent: 662e3240b098b8cb1e5b618ed4e16c1aa52e11a4 (diff)
download: nextcloud-server-31a503b387aea7d47f1e071dc16a9bf757e4cbb3.tar.gz
nextcloud-server-31a503b387aea7d47f1e071dc16a9bf757e4cbb3.zip
3 files changed, 158 insertions, 29 deletions
diff --git a/apps/user_ldap/lib/Mapping/AbstractMapping.php b/apps/user_ldap/lib/Mapping/AbstractMapping.php
index 6113d7a12d5..f578b553d54 100644
--- a/apps/user_ldap/lib/Mapping/AbstractMapping.php
+++ b/apps/user_ldap/lib/Mapping/AbstractMapping.php
@@ -67,8 +67,8 @@ abstract class AbstractMapping {
 	 */
 	public function isColNameValid($col) {
 		switch ($col) {
-			case 'ldap_full_dn':
 			case 'ldap_dn':
+			case 'ldap_dn_hash':
 			case 'owncloud_name':
 			case 'directory_uuid':
 				return true;
@@ -135,7 +135,7 @@ abstract class AbstractMapping {
 	 */
 	public function getDNByName($name) {
 		$dn = array_search($name, $this->cache);
-		if ($dn === false && ($dn = $this->getXbyY('ldap_full_dn', 'owncloud_name', $name)) !== false) {
+		if ($dn === false && ($dn = $this->getXbyY('ldap_dn', 'owncloud_name', $name)) !== false) {
 			$this->cache[$dn] = $name;
 		}
 		return $dn;
@@ -152,7 +152,7 @@ abstract class AbstractMapping {
 		$oldDn = $this->getDnByUUID($uuid);
 		$statement = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
-			SET `ldap_dn` = ?, `ldap_full_dn` = ?
+			SET `ldap_dn_hash` = ?, `ldap_dn` = ?
 			WHERE `directory_uuid` = ?
 		');
 
@@ -179,7 +179,7 @@ abstract class AbstractMapping {
 		$statement = $this->dbc->prepare('
 			UPDATE `' . $this->getTableName() . '`
 			SET `directory_uuid` = ?
-			WHERE `ldap_dn` = ?
+			WHERE `ldap_dn_hash` = ?
 		');
 
 		unset($this->cache[$fdn]);
@@ -188,7 +188,7 @@ abstract class AbstractMapping {
 	}
 
 	/**
-	 * Get the hash to store in database column ldap_dn for a given dn
+	 * Get the hash to store in database column ldap_dn_hash for a given dn
 	 */
 	protected function getDNHash(string $fdn): string {
 		return (string)hash('sha256', $fdn, false);
@@ -202,7 +202,7 @@ abstract class AbstractMapping {
 	 */
 	public function getNameByDN($fdn) {
 		if (!isset($this->cache[$fdn])) {
-			$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn', $this->getDNHash($fdn));
+			$this->cache[$fdn] = $this->getXbyY('owncloud_name', 'ldap_dn_hash', $this->getDNHash($fdn));
 		}
 		return $this->cache[$fdn];
 	}
@@ -212,17 +212,17 @@ abstract class AbstractMapping {
 	 */
 	protected function prepareListOfIdsQuery(array $hashList): IQueryBuilder {
 		$qb = $this->dbc->getQueryBuilder();
-		$qb->select('owncloud_name', 'ldap_dn', 'ldap_full_dn')
+		$qb->select('owncloud_name', 'ldap_dn_hash', 'ldap_dn')
 			->from($this->getTableName(false))
-			->where($qb->expr()->in('ldap_dn', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY)));
+			->where($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($hashList, QueryBuilder::PARAM_STR_ARRAY)));
 		return $qb;
 	}
 
 	protected function collectResultsFromListOfIdsQuery(IQueryBuilder $qb, array &$results): void {
 		$stmt = $qb->execute();
 		while ($entry = $stmt->fetch(\Doctrine\DBAL\FetchMode::ASSOCIATIVE)) {
-			$results[$entry['ldap_full_dn']] = $entry['owncloud_name'];
-			$this->cache[$entry['ldap_full_dn']] = $entry['owncloud_name'];
+			$results[$entry['ldap_dn']] = $entry['owncloud_name'];
+			$this->cache[$entry['ldap_dn']] = $entry['owncloud_name'];
 		}
 		$stmt->closeCursor();
 	}
@@ -256,7 +256,7 @@ abstract class AbstractMapping {
 			}
 
 			if (!empty($fdnsSlice)) {
-				$qb->orWhere($qb->expr()->in('ldap_dn', $qb->createNamedParameter($fdnsSlice, QueryBuilder::PARAM_STR_ARRAY)));
+				$qb->orWhere($qb->expr()->in('ldap_dn_hash', $qb->createNamedParameter($fdnsSlice, QueryBuilder::PARAM_STR_ARRAY)));
 			}
 
 			if ($slice % $maxSlices === 0) {
@@ -310,7 +310,7 @@ abstract class AbstractMapping {
 	}
 
 	public function getDnByUUID($uuid) {
-		return $this->getXbyY('ldap_full_dn', 'directory_uuid', $uuid);
+		return $this->getXbyY('ldap_dn', 'directory_uuid', $uuid);
 	}
 
 	/**
@@ -321,7 +321,7 @@ abstract class AbstractMapping {
 	 * @throws \Exception
 	 */
 	public function getUUIDByDN($dn) {
-		return $this->getXbyY('directory_uuid', 'ldap_dn', $this->getDNHash($dn));
+		return $this->getXbyY('directory_uuid', 'ldap_dn_hash', $this->getDNHash($dn));
 	}
 
 	/**
@@ -334,7 +334,7 @@ abstract class AbstractMapping {
 	public function getList($offset = null, $limit = null) {
 		$query = $this->dbc->prepare('
 			SELECT
-				`ldap_full_dn` AS `dn`,
+				`ldap_dn` AS `dn`,
 				`owncloud_name` AS `name`,
 				`directory_uuid` AS `uuid`
 			FROM `' . $this->getTableName() . '`',
@@ -356,8 +356,8 @@ abstract class AbstractMapping {
 	 */
 	public function map($fdn, $name, $uuid) {
 		$row = [
-			'ldap_dn' => $this->getDNHash($fdn),
-			'ldap_full_dn' => $fdn,
+			'ldap_dn_hash' => $this->getDNHash($fdn),
+			'ldap_dn' => $fdn,
 			'owncloud_name' => $name,
 			'directory_uuid' => $uuid
 		];
@@ -439,7 +439,7 @@ abstract class AbstractMapping {
 	 */
 	public function count() {
 		$qb = $this->dbc->getQueryBuilder();
-		$query = $qb->select($qb->func()->count('ldap_dn'))
+		$query = $qb->select($qb->func()->count('ldap_dn_hash'))
 			->from($this->getTableName());
 		$res = $query->execute();
 		$count = $res->fetchOne();
diff --git a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
index 9f0faf752a3..e2c78ed59f8 100644
--- a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
+++ b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
@@ -47,12 +47,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
 			$table = $schema->createTable('ldap_user_mapping');
 			$table->addColumn('ldap_dn', Types::STRING, [
 				'notnull' => true,
-				'length' => 64,
-				'default' => '',
-			]);
-			$table->addColumn('ldap_full_dn', Types::STRING, [
-				'notnull' => true,
-				'length' => 4096,
+				'length' => 255,
 				'default' => '',
 			]);
 			$table->addColumn('owncloud_name', Types::STRING, [
@@ -73,12 +68,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
 			$table = $schema->createTable('ldap_group_mapping');
 			$table->addColumn('ldap_dn', Types::STRING, [
 				'notnull' => true,
-				'length' => 64,
-				'default' => '',
-			]);
-			$table->addColumn('ldap_full_dn', Types::STRING, [
-				'notnull' => true,
-				'length' => 4096,
+				'length' => 255,
 				'default' => '',
 			]);
 			$table->addColumn('owncloud_name', Types::STRING, [
diff --git a/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php
new file mode 100644
index 00000000000..1d8ec577b9c
--- /dev/null
+++ b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php
@@ -0,0 +1,139 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\User_LDAP\Migration;
+
+use Closure;
+use OCP\DB\Exception;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\DB\Types;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use Psr\Log\LoggerInterface;
+
+class Version1130Date20211102154716 extends SimpleMigrationStep {
+
+	/** @var IDBConnection */
+	private $dbc;
+	/** @var LoggerInterface */
+	private $logger;
+
+	public function __construct(IDBConnection $dbc, LoggerInterface $logger) {
+		$this->dbc = $dbc;
+		$this->logger = $logger;
+	}
+
+	public function getName() {
+		return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns';
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		$changeSchema = false;
+		foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) {
+			$table = $schema->getTable($tableName);
+			$column = $table->getColumn('ldap_dn_hash');
+			if (!$column) {
+				$table->addColumn('ldap_dn_hash', Types::STRING, [
+					'notnull' => true,
+					'length' => 64,
+					'default' => '',
+				]);
+				$changeSchema = true;
+			}
+			$column = $table->getColumn('ldap_dn');
+			if ($column->getLength() < 4096) {
+				$column->setLength(4096);
+				$changeSchema = true;
+			}
+			if ($table === 'ldap_user_mapping') {
+				if ($table->hasIndex('ldap_dn_users')) {
+					$table->dropIndex('ldap_dn_users');
+					$changeSchema = true;
+				}
+				if (!$table->hasIndex('ldap_user_dn_hashes')) {
+					$table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes');
+					$changeSchema = true;
+				}
+			} else {
+				if ($table->hasIndex('owncloud_name_groups')) {
+					$table->dropIndex('owncloud_name_groups');
+					$changeSchema = true;
+				}
+				if (!$table->hasIndex('ldap_group_dn_hashes')) {
+					$table->addUniqueIndex(['ldap_dn_hash'], 'ldap_group_dn_hashes');
+					$changeSchema = true;
+				}
+				if ($table->getPrimaryKeyColumns() !== ['owncloud_name']) {
+					$table->setPrimaryKey(['owncloud_name']);
+					$changeSchema = true;
+				}
+			}
+		}
+
+		return $changeSchema ? $schema : null;
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 */
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
+		$this->handleDNHashes('ldap_group_mapping');
+		$this->handleDNHashes('ldap_user_mapping');
+	}
+
+	protected function handleDNHashes(string $table): void {
+		$q = $this->getSelectQuery($table);
+		$u = $this->getUpdateQuery($table);
+
+		$r = $q->executeQuery();
+		while ($row = $r->fetch()) {
+			$dnHash = hash('sha256', $row['ldap_dn'], false);
+			$u->setParameter('name', $row['owncloud_name']);
+			$u->setParameter('dn_hash', $dnHash);
+			try {
+				$u->executeStatement();
+			} catch (Exception $e) {
+				$this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})',
+					[
+						'app' => 'user_ldap',
+						'name' => $row['owncloud_name'],
+						'dnHash' => $dnHash,
+						'table' => $table,
+						'exception' => $e,
+					]
+				);
+			}
+		}
+		$r->closeCursor();
+	}
+
+	protected function getSelectQuery(string $table): IQueryBuilder {
+		$q = $this->dbc->getQueryBuilder();
+		$q->select('owncloud_name', 'ldap_dn', 'ldap_dn_hash')
+			->from($table)
+			->where($q->expr()->isNull('ldap_dn_hash'));
+		return $q;
+	}
+
+	protected function getUpdateQuery(string $table): IQueryBuilder {
+		$q = $this->dbc->getQueryBuilder();
+		$q->update($table)
+			->set('ldap_dn_hash', $query->createParameter('dn_hash'))
+			->where($q->expr()->eq('owncloud_name', $q->createParameter('name')));
+		return $q;
+	}
+}
author	Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-04 12:06:59 +0100
committer	Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-23 09:19:50 +0100
commit	31a503b387aea7d47f1e071dc16a9bf757e4cbb3 (patch)
tree	e8a877dae67e58a9347b1eb0d969978f43cbc290
parent	662e3240b098b8cb1e5b618ed4e16c1aa52e11a4 (diff)
download	nextcloud-server-31a503b387aea7d47f1e071dc16a9bf757e4cbb3.tar.gz nextcloud-server-31a503b387aea7d47f1e071dc16a9bf757e4cbb3.zip