diff options
author | Julien Veyssier <julien-nc@posteo.net> | 2023-06-01 14:51:01 +0200 |
---|---|---|
committer | Julien Veyssier <julien-nc@posteo.net> | 2023-06-06 15:27:46 +0200 |
commit | b2a75fcbfb4d8926149ec8620935a822bec8a375 (patch) | |
tree | fd1d607642a47ce0f51460328b571312a21a25f9 /lib | |
parent | f96afcf85e08090fff6b8c0df9945b7144449d4e (diff) | |
download | nextcloud-server-b2a75fcbfb4d8926149ec8620935a822bec8a375.tar.gz nextcloud-server-b2a75fcbfb4d8926149ec8620935a822bec8a375.zip |
drop the oauth2_clients trusted column, delete unsupported clients and their access tokens
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/Repair/Owncloud/MigrateOauthTables.php | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/lib/private/Repair/Owncloud/MigrateOauthTables.php b/lib/private/Repair/Owncloud/MigrateOauthTables.php index 10481a966f2..0b54793ebe2 100644 --- a/lib/private/Repair/Owncloud/MigrateOauthTables.php +++ b/lib/private/Repair/Owncloud/MigrateOauthTables.php @@ -82,6 +82,9 @@ class MigrateOauthTables implements IRepairStep { if ($table->hasColumn('allow_subdomains')) { $table->dropColumn('allow_subdomains'); } + if ($table->hasColumn('trusted')) { + $table->dropColumn('trusted'); + } if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) { $table->addColumn('client_identifier', 'string', [ @@ -119,5 +122,36 @@ class MigrateOauthTables implements IRepairStep { $table->dropColumn('identifier'); $this->db->migrateToSchema($schema->getWrappedSchema()); } + + $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *'); + // delete the access tokens + $qbDeleteAccessTokens = $this->db->getQueryBuilder(); + + $qbSelectClientId = $this->db->getQueryBuilder(); + $qbSelectClientId->select('id') + ->from('oauth2_clients') + ->where( + $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR)) + ) + ->orWhere( + $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR)) + ); + + $qbDeleteAccessTokens->delete('oauth2_access_tokens') + ->where( + $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY) + ); + $qbDeleteAccessTokens->executeStatement(); + + // delete the clients + $qbDeleteClients = $this->db->getQueryBuilder(); + $qbDeleteClients->delete('oauth2_clients') + ->where( + $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR)) + ) + ->orWhere( + $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR)) + ); + $qbDeleteClients->executeStatement(); } } |