aboutsummaryrefslogtreecommitdiffstats
path: root/lib
diff options
context:
space:
mode:
authorJulien Veyssier <julien-nc@posteo.net>2023-06-01 14:51:01 +0200
committerAndy Scherzinger <info@andy-scherzinger.de>2023-07-10 21:13:20 +0200
commit47a19f2217fc9d0b2937d2512106ea71e5848709 (patch)
tree63ddc97fd09e6fec8b57531bb7ca45b1f9154a92 /lib
parent70e2243f0f8287121454eeb67389654ac8e11b04 (diff)
downloadnextcloud-server-47a19f2217fc9d0b2937d2512106ea71e5848709.tar.gz
nextcloud-server-47a19f2217fc9d0b2937d2512106ea71e5848709.zip
drop the oauth2_clients trusted column, delete unsupported clients and their access tokens
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Diffstat (limited to 'lib')
-rw-r--r--lib/private/Repair/Owncloud/MigrateOauthTables.php34
1 files changed, 34 insertions, 0 deletions
diff --git a/lib/private/Repair/Owncloud/MigrateOauthTables.php b/lib/private/Repair/Owncloud/MigrateOauthTables.php
index 10481a966f2..0b54793ebe2 100644
--- a/lib/private/Repair/Owncloud/MigrateOauthTables.php
+++ b/lib/private/Repair/Owncloud/MigrateOauthTables.php
@@ -82,6 +82,9 @@ class MigrateOauthTables implements IRepairStep {
if ($table->hasColumn('allow_subdomains')) {
$table->dropColumn('allow_subdomains');
}
+ if ($table->hasColumn('trusted')) {
+ $table->dropColumn('trusted');
+ }
if (!$schema->getTable('oauth2_clients')->hasColumn('client_identifier')) {
$table->addColumn('client_identifier', 'string', [
@@ -119,5 +122,36 @@ class MigrateOauthTables implements IRepairStep {
$table->dropColumn('identifier');
$this->db->migrateToSchema($schema->getWrappedSchema());
}
+
+ $output->info('Delete clients (and their related access tokens) with the redirect_uri starting with oc:// or ending with *');
+ // delete the access tokens
+ $qbDeleteAccessTokens = $this->db->getQueryBuilder();
+
+ $qbSelectClientId = $this->db->getQueryBuilder();
+ $qbSelectClientId->select('id')
+ ->from('oauth2_clients')
+ ->where(
+ $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
+ )
+ ->orWhere(
+ $qbSelectClientId->expr()->iLike('redirect_uri', $qbDeleteAccessTokens->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
+ );
+
+ $qbDeleteAccessTokens->delete('oauth2_access_tokens')
+ ->where(
+ $qbSelectClientId->expr()->in('client_id', $qbDeleteAccessTokens->createFunction($qbSelectClientId->getSQL()), IQueryBuilder::PARAM_STR_ARRAY)
+ );
+ $qbDeleteAccessTokens->executeStatement();
+
+ // delete the clients
+ $qbDeleteClients = $this->db->getQueryBuilder();
+ $qbDeleteClients->delete('oauth2_clients')
+ ->where(
+ $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('oc://%', IQueryBuilder::PARAM_STR))
+ )
+ ->orWhere(
+ $qbDeleteClients->expr()->iLike('redirect_uri', $qbDeleteClients->createNamedParameter('%*', IQueryBuilder::PARAM_STR))
+ );
+ $qbDeleteClients->executeStatement();
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 01:07:57 +0000