aboutsummaryrefslogtreecommitdiffstats
path: root/apps/oauth2/lib/Migration
diff options
context:
space:
mode:
Diffstat (limited to 'apps/oauth2/lib/Migration')
-rw-r--r--apps/oauth2/lib/Migration/SetTokenExpiration.php46
-rw-r--r--apps/oauth2/lib/Migration/Version010401Date20181207190718.php21
-rw-r--r--apps/oauth2/lib/Migration/Version010402Date20190107124745.php21
-rw-r--r--apps/oauth2/lib/Migration/Version011601Date20230522143227.php65
-rw-r--r--apps/oauth2/lib/Migration/Version011602Date20230613160650.php39
-rw-r--r--apps/oauth2/lib/Migration/Version011603Date20230620111039.php69
-rw-r--r--apps/oauth2/lib/Migration/Version011901Date20240829164356.php49
7 files changed, 235 insertions, 75 deletions
diff --git a/apps/oauth2/lib/Migration/SetTokenExpiration.php b/apps/oauth2/lib/Migration/SetTokenExpiration.php
index 7188985f3f5..dc925e26bb2 100644
--- a/apps/oauth2/lib/Migration/SetTokenExpiration.php
+++ b/apps/oauth2/lib/Migration/SetTokenExpiration.php
@@ -3,54 +3,26 @@
declare(strict_types=1);
/**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\OAuth2\Migration;
-use OC\Authentication\Exceptions\InvalidTokenException;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessToken;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\IDBConnection;
use OCP\Migration\IOutput;
use OCP\Migration\IRepairStep;
class SetTokenExpiration implements IRepairStep {
- /** @var IDBConnection */
- private $connection;
-
- /** @var ITimeFactory */
- private $time;
-
- /** @var TokenProvider */
- private $tokenProvider;
-
- public function __construct(IDBConnection $connection,
- ITimeFactory $timeFactory,
- TokenProvider $tokenProvider) {
- $this->connection = $connection;
- $this->time = $timeFactory;
- $this->tokenProvider = $tokenProvider;
+ public function __construct(
+ private IDBConnection $connection,
+ private ITimeFactory $time,
+ private TokenProvider $tokenProvider,
+ ) {
}
public function getName(): string {
@@ -62,7 +34,7 @@ class SetTokenExpiration implements IRepairStep {
$qb->select('*')
->from('oauth2_access_tokens');
- $cursor = $qb->execute();
+ $cursor = $qb->executeQuery();
while ($row = $cursor->fetch()) {
$token = AccessToken::fromRow($row);
diff --git a/apps/oauth2/lib/Migration/Version010401Date20181207190718.php b/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
index 51fd77c5528..8648826d53c 100644
--- a/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
+++ b/apps/oauth2/lib/Migration/Version010401Date20181207190718.php
@@ -3,25 +3,8 @@
declare(strict_types=1);
/**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\OAuth2\Migration;
diff --git a/apps/oauth2/lib/Migration/Version010402Date20190107124745.php b/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
index b80e3a9575f..08099c625f7 100644
--- a/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
+++ b/apps/oauth2/lib/Migration/Version010402Date20190107124745.php
@@ -3,25 +3,8 @@
declare(strict_types=1);
/**
- * @copyright Copyright 2018, Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- *
- * @license GNU AGPL version 3 or any later version
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- *
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\OAuth2\Migration;
diff --git a/apps/oauth2/lib/Migration/Version011601Date20230522143227.php b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php
new file mode 100644
index 00000000000..f2998202e02
--- /dev/null
+++ b/apps/oauth2/lib/Migration/Version011601Date20230522143227.php
@@ -0,0 +1,65 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OAuth2\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use OCP\Security\ICrypto;
+
+class Version011601Date20230522143227 extends SimpleMigrationStep {
+
+ public function __construct(
+ private IDBConnection $connection,
+ private ICrypto $crypto,
+ ) {
+ }
+
+ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+ /** @var ISchemaWrapper $schema */
+ $schema = $schemaClosure();
+
+ if ($schema->hasTable('oauth2_clients')) {
+ $table = $schema->getTable('oauth2_clients');
+ if ($table->hasColumn('secret')) {
+ $column = $table->getColumn('secret');
+ $column->setLength(512);
+ return $schema;
+ }
+ }
+
+ return null;
+ }
+
+ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) {
+ $qbUpdate = $this->connection->getQueryBuilder();
+ $qbUpdate->update('oauth2_clients')
+ ->set('secret', $qbUpdate->createParameter('updateSecret'))
+ ->where(
+ $qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId'))
+ );
+
+ $qbSelect = $this->connection->getQueryBuilder();
+ $qbSelect->select('id', 'secret')
+ ->from('oauth2_clients');
+ $req = $qbSelect->executeQuery();
+ while ($row = $req->fetch()) {
+ $id = $row['id'];
+ $secret = $row['secret'];
+ $encryptedSecret = $this->crypto->encrypt($secret);
+ $qbUpdate->setParameter('updateSecret', $encryptedSecret, IQueryBuilder::PARAM_STR);
+ $qbUpdate->setParameter('updateId', $id, IQueryBuilder::PARAM_INT);
+ $qbUpdate->executeStatement();
+ }
+ $req->closeCursor();
+ }
+}
diff --git a/apps/oauth2/lib/Migration/Version011602Date20230613160650.php b/apps/oauth2/lib/Migration/Version011602Date20230613160650.php
new file mode 100644
index 00000000000..06efce324b2
--- /dev/null
+++ b/apps/oauth2/lib/Migration/Version011602Date20230613160650.php
@@ -0,0 +1,39 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OAuth2\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version011602Date20230613160650 extends SimpleMigrationStep {
+
+ public function __construct(
+ ) {
+ }
+
+ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) {
+ /** @var ISchemaWrapper $schema */
+ $schema = $schemaClosure();
+
+ if ($schema->hasTable('oauth2_clients')) {
+ $table = $schema->getTable('oauth2_clients');
+ if ($table->hasColumn('secret')) {
+ $column = $table->getColumn('secret');
+ // we still change the column length in case Version011601Date20230522143227
+ // has run before it was changed to set the length to 512
+ $column->setLength(512);
+ return $schema;
+ }
+ }
+
+ return null;
+ }
+}
diff --git a/apps/oauth2/lib/Migration/Version011603Date20230620111039.php b/apps/oauth2/lib/Migration/Version011603Date20230620111039.php
new file mode 100644
index 00000000000..853eacd2873
--- /dev/null
+++ b/apps/oauth2/lib/Migration/Version011603Date20230620111039.php
@@ -0,0 +1,69 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OAuth2\Migration;
+
+use Closure;
+use OCP\DB\ISchemaWrapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\DB\Types;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+
+class Version011603Date20230620111039 extends SimpleMigrationStep {
+
+ public function __construct(
+ private IDBConnection $connection,
+ ) {
+ }
+
+ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper {
+ /** @var ISchemaWrapper $schema */
+ $schema = $schemaClosure();
+
+ if ($schema->hasTable('oauth2_access_tokens')) {
+ $table = $schema->getTable('oauth2_access_tokens');
+ $dbChanged = false;
+ if (!$table->hasColumn('code_created_at')) {
+ $table->addColumn('code_created_at', Types::BIGINT, [
+ 'notnull' => true,
+ 'default' => 0,
+ 'unsigned' => true,
+ ]);
+ $dbChanged = true;
+ }
+ if (!$table->hasColumn('token_count')) {
+ $table->addColumn('token_count', Types::BIGINT, [
+ 'notnull' => true,
+ 'default' => 0,
+ 'unsigned' => true,
+ ]);
+ $dbChanged = true;
+ }
+ if (!$table->hasIndex('oauth2_tk_c_created_idx')) {
+ $table->addIndex(['token_count', 'code_created_at'], 'oauth2_tk_c_created_idx');
+ $dbChanged = true;
+ }
+ if ($dbChanged) {
+ return $schema;
+ }
+ }
+
+ return null;
+ }
+
+ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+ // we consider that existing access_tokens have already produced at least one oauth token
+ // which prevents cleaning them up
+ $qbUpdate = $this->connection->getQueryBuilder();
+ $qbUpdate->update('oauth2_access_tokens')
+ ->set('token_count', $qbUpdate->createNamedParameter(1, IQueryBuilder::PARAM_INT));
+ $qbUpdate->executeStatement();
+ }
+}
diff --git a/apps/oauth2/lib/Migration/Version011901Date20240829164356.php b/apps/oauth2/lib/Migration/Version011901Date20240829164356.php
new file mode 100644
index 00000000000..20f5754bf11
--- /dev/null
+++ b/apps/oauth2/lib/Migration/Version011901Date20240829164356.php
@@ -0,0 +1,49 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\OAuth2\Migration;
+
+use Closure;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+use OCP\Migration\IOutput;
+use OCP\Migration\SimpleMigrationStep;
+use OCP\Security\ICrypto;
+
+class Version011901Date20240829164356 extends SimpleMigrationStep {
+
+ public function __construct(
+ private IDBConnection $connection,
+ private ICrypto $crypto,
+ ) {
+ }
+
+ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void {
+ $qbUpdate = $this->connection->getQueryBuilder();
+ $qbUpdate->update('oauth2_clients')
+ ->set('secret', $qbUpdate->createParameter('updateSecret'))
+ ->where(
+ $qbUpdate->expr()->eq('id', $qbUpdate->createParameter('updateId'))
+ );
+
+ $qbSelect = $this->connection->getQueryBuilder();
+ $qbSelect->select('id', 'secret')
+ ->from('oauth2_clients');
+ $req = $qbSelect->executeQuery();
+ while ($row = $req->fetch()) {
+ $id = $row['id'];
+ $storedEncryptedSecret = $row['secret'];
+ $secret = $this->crypto->decrypt($storedEncryptedSecret);
+ $hashedSecret = bin2hex($this->crypto->calculateHMAC($secret));
+ $qbUpdate->setParameter('updateSecret', $hashedSecret, IQueryBuilder::PARAM_STR);
+ $qbUpdate->setParameter('updateId', $id, IQueryBuilder::PARAM_INT);
+ $qbUpdate->executeStatement();
+ }
+ $req->closeCursor();
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 05:59:25 +0000