diff options
| author | Richard Steinmetz <richard@steinmetz.cloud> | 2025-02-17 14:34:01 +0100 |
|---|---|---|
| committer | Richard Steinmetz <richard@steinmetz.cloud> | 2025-04-01 11:25:52 +0200 |
| commit | 246da73a363c11d02eed69e80e76d7c9a9a04c7b (patch) | |
| tree | 925d2a3109f1cd3327a0721380471c773d7d2b04 /lib | |
| parent | b03ffab5f0f39139c71cb2b8c370ca3f3d1ad391 (diff) | |
| download | nextcloud-server-246da73a363c11d02eed69e80e76d7c9a9a04c7b.tar.gz nextcloud-server-246da73a363c11d02eed69e80e76d7c9a9a04c7b.zip | |
fix(oauth2): retain support for legacy ownCloud clientsfix/oauth2/retain-legacy-oc-client-support
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/Repair/Owncloud/MigrateOauthTables.php | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/lib/private/Repair/Owncloud/MigrateOauthTables.php b/lib/private/Repair/Owncloud/MigrateOauthTables.php index cd5087cb588..de26a907e02 100644 --- a/lib/private/Repair/Owncloud/MigrateOauthTables.php +++ b/lib/private/Repair/Owncloud/MigrateOauthTables.php @@ -15,6 +15,7 @@ use OCA\OAuth2\Db\AccessTokenMapper; use OCP\AppFramework\Utility\ITimeFactory; use OCP\Authentication\Token\IToken; use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\IConfig; use OCP\Migration\IOutput; use OCP\Migration\IRepairStep; use OCP\Security\ICrypto; @@ -29,6 +30,7 @@ class MigrateOauthTables implements IRepairStep { private ISecureRandom $random, private ITimeFactory $timeFactory, private ICrypto $crypto, + private IConfig $config, ) { } @@ -169,7 +171,12 @@ class MigrateOauthTables implements IRepairStep { $schema = new SchemaWrapper($this->db); } - $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *'); + $enableOcClients = $this->config->getSystemValueBool('oauth2.enable_oc_clients', false); + if ($enableOcClients) { + $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc://'); + } else { + $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *'); + } // delete the access tokens $qbDeleteAccessTokens = $this->db->getQueryBuilder(); @@ -178,10 +185,12 @@ class MigrateOauthTables implements IRepairStep { ->from('oauth2_clients') ->where( $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR)) - ) - ->orWhere( + ); + if (!$enableOcClients) { + $qbSelectClientId->orWhere( $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR)) ); + } $qbDeleteAccessTokens->delete('oauth2_access_tokens') ->where( @@ -194,10 +203,12 @@ class MigrateOauthTables implements IRepairStep { $qbDeleteClients->delete('oauth2_clients') ->where( $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR)) - ) - ->orWhere( + ); + if (!$enableOcClients) { + $qbDeleteClients->orWhere( $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR)) ); + } $qbDeleteClients->executeStatement(); // Migrate legacy refresh tokens from oc |