aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJulien Veyssier <julien-nc@posteo.net>2023-06-01 14:51:01 +0200
committerJulien Veyssier <julien-nc@posteo.net>2023-06-06 15:27:46 +0200
commitb2a75fcbfb4d8926149ec8620935a822bec8a375 (patch)
treefd1d607642a47ce0f51460328b571312a21a25f9 /lib
parentf96afcf85e08090fff6b8c0df9945b7144449d4e (diff)
downloadnextcloud-server-b2a75fcbfb4d8926149ec8620935a822bec8a375.tar.gz
nextcloud-server-b2a75fcbfb4d8926149ec8620935a822bec8a375.zip
drop the oauth2_clients trusted column, delete unsupported clients and their access tokens
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Repair/Owncloud/MigrateOauthTables.php34
1 files changed, 34 insertions, 0 deletions
diff --git a/lib/private/Repair/Owncloud/MigrateOauthTables.php b/lib/private/Repair/Owncloud/MigrateOauthTables.php
index 10481a966f2..0b54793ebe2 100644
--- a/lib/private/Repair/Owncloud/MigrateOauthTables.php
+++ b/lib/private/Repair/Owncloud/MigrateOauthTables.php
@@ -82,6 +82,9 @@ class MigrateOauthTables implements IRepairStep {
if ($table->hasColumn('allow_subdomains')) {
$table->dropColumn('allow_subdomains');
}
+ if ($table->hasColumn('trusted')) {
+ $table->dropColumn('trusted');
+ }
if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
$table->addColumn('client_identifier', 'string', [
@@ -119,5 +122,36 @@ class MigrateOauthTables implements IRepairStep {
$table->dropColumn('identifier');
$this->db->migrateToSchema($schema->getWrappedSchema());
}
+
+ $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
+ // delete the access tokens
+ $qbDeleteAccessTokens = $this->db->getQueryBuilder();
+
+ $qbSelectClientId = $this->db->getQueryBuilder();
+ $qbSelectClientId->select('id')
+ ->from('oauth2_clients')
+ ->where(
+ $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
+ )
+ ->orWhere(
+ $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
+ );
+
+ $qbDeleteAccessTokens->delete('oauth2_access_tokens')
+ ->where(
+ $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
+ );
+ $qbDeleteAccessTokens->executeStatement();
+
+ // delete the clients
+ $qbDeleteClients = $this->db->getQueryBuilder();
+ $qbDeleteClients->delete('oauth2_clients')
+ ->where(
+ $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
+ )
+ ->orWhere(
+ $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
+ );
+ $qbDeleteClients->executeStatement();
}
}