Change column names to ldap_dn and ldap_dn_hash and add migration

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

2 files changed, 141 insertions, 12 deletions

diff --git a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
index 9f0faf752a3..e2c78ed59f8 100644
--- a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
+++ b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php
@@ -47,12 +47,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
 			$table = $schema->createTable('ldap_user_mapping');
 			$table->addColumn('ldap_dn', Types::STRING, [
 				'notnull' => true,
-				'length' => 64,
-				'default' => '',
-			]);
-			$table->addColumn('ldap_full_dn', Types::STRING, [
-				'notnull' => true,
-				'length' => 4096,
+				'length' => 255,
 				'default' => '',
 			]);
 			$table->addColumn('owncloud_name', Types::STRING, [
@@ -73,12 +68,7 @@ class Version1010Date20200630192842 extends SimpleMigrationStep {
 			$table = $schema->createTable('ldap_group_mapping');
 			$table->addColumn('ldap_dn', Types::STRING, [
 				'notnull' => true,
-				'length' => 64,
-				'default' => '',
-			]);
-			$table->addColumn('ldap_full_dn', Types::STRING, [
-				'notnull' => true,
-				'length' => 4096,
+				'length' => 255,
 				'default' => '',
 			]);
 			$table->addColumn('owncloud_name', Types::STRING, [
diff --git a/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php
new file mode 100644
index 00000000000..1d8ec577b9c
--- /dev/null
+++ b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php
@@ -0,0 +1,139 @@
+<?php
+
+declare(strict_types=1);
+
+namespace OCA\User_LDAP\Migration;
+
+use Closure;
+use OCP\DB\Exception;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\DB\Types;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use Psr\Log\LoggerInterface;
+
+class Version1130Date20211102154716 extends SimpleMigrationStep {
+
+	/** @var IDBConnection */
+	private $dbc;
+	/** @var LoggerInterface */
+	private $logger;
+
+	public function __construct(IDBConnection $dbc, LoggerInterface $logger) {
+		$this->dbc = $dbc;
+		$this->logger = $logger;
+	}
+
+	public function getName() {
+		return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns';
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 * @return null|ISchemaWrapper
+	 */
+	public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+		/** @var ISchemaWrapper $schema */
+		$schema = $schemaClosure();
+
+		$changeSchema = false;
+		foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) {
+			$table = $schema->getTable($tableName);
+			$column = $table->getColumn('ldap_dn_hash');
+			if (!$column) {
+				$table->addColumn('ldap_dn_hash', Types::STRING, [
+					'notnull' => true,
+					'length' => 64,
+					'default' => '',
+				]);
+				$changeSchema = true;
+			}
+			$column = $table->getColumn('ldap_dn');
+			if ($column->getLength() < 4096) {
+				$column->setLength(4096);
+				$changeSchema = true;
+			}
+			if ($table === 'ldap_user_mapping') {
+				if ($table->hasIndex('ldap_dn_users')) {
+					$table->dropIndex('ldap_dn_users');
+					$changeSchema = true;
+				}
+				if (!$table->hasIndex('ldap_user_dn_hashes')) {
+					$table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes');
+					$changeSchema = true;
+				}
+			} else {
+				if ($table->hasIndex('owncloud_name_groups')) {
+					$table->dropIndex('owncloud_name_groups');
+					$changeSchema = true;
+				}
+				if (!$table->hasIndex('ldap_group_dn_hashes')) {
+					$table->addUniqueIndex(['ldap_dn_hash'], 'ldap_group_dn_hashes');
+					$changeSchema = true;
+				}
+				if ($table->getPrimaryKeyColumns() !== ['owncloud_name']) {
+					$table->setPrimaryKey(['owncloud_name']);
+					$changeSchema = true;
+				}
+			}
+		}
+
+		return $changeSchema ? $schema : null;
+	}
+
+	/**
+	 * @param IOutput $output
+	 * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper`
+	 * @param array $options
+	 */
+	public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
+		$this->handleDNHashes('ldap_group_mapping');
+		$this->handleDNHashes('ldap_user_mapping');
+	}
+
+	protected function handleDNHashes(string $table): void {
+		$q = $this->getSelectQuery($table);
+		$u = $this->getUpdateQuery($table);
+
+		$r = $q->executeQuery();
+		while ($row = $r->fetch()) {
+			$dnHash = hash('sha256', $row['ldap_dn'], false);
+			$u->setParameter('name', $row['owncloud_name']);
+			$u->setParameter('dn_hash', $dnHash);
+			try {
+				$u->executeStatement();
+			} catch (Exception $e) {
+				$this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})',
+					[
+						'app' => 'user_ldap',
+						'name' => $row['owncloud_name'],
+						'dnHash' => $dnHash,
+						'table' => $table,
+						'exception' => $e,
+					]
+				);
+			}
+		}
+		$r->closeCursor();
+	}
+
+	protected function getSelectQuery(string $table): IQueryBuilder {
+		$q = $this->dbc->getQueryBuilder();
+		$q->select('owncloud_name', 'ldap_dn', 'ldap_dn_hash')
+			->from($table)
+			->where($q->expr()->isNull('ldap_dn_hash'));
+		return $q;
+	}
+
+	protected function getUpdateQuery(string $table): IQueryBuilder {
+		$q = $this->dbc->getQueryBuilder();
+		$q->update($table)
+			->set('ldap_dn_hash', $query->createParameter('dn_hash'))
+			->where($q->expr()->eq('owncloud_name', $q->createParameter('name')));
+		return $q;
+	}
+}