diff options
Diffstat (limited to 'apps/user_ldap/lib/Migration')
17 files changed, 1104 insertions, 137 deletions
diff --git a/apps/user_ldap/lib/Migration/GroupMappingMigration.php b/apps/user_ldap/lib/Migration/GroupMappingMigration.php new file mode 100644 index 00000000000..7dfb8705770 --- /dev/null +++ b/apps/user_ldap/lib/Migration/GroupMappingMigration.php @@ -0,0 +1,50 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use OCP\IDBConnection; +use OCP\Migration\SimpleMigrationStep; + +abstract class GroupMappingMigration extends SimpleMigrationStep { + + public function __construct( + private IDBConnection $dbc, + ) { + } + + protected function copyGroupMappingData(string $sourceTable, string $destinationTable): void { + $insert = $this->dbc->getQueryBuilder(); + $insert->insert($destinationTable) + ->values([ + 'ldap_dn' => $insert->createParameter('ldap_dn'), + 'owncloud_name' => $insert->createParameter('owncloud_name'), + 'directory_uuid' => $insert->createParameter('directory_uuid'), + 'ldap_dn_hash' => $insert->createParameter('ldap_dn_hash'), + ]); + + $query = $this->dbc->getQueryBuilder(); + $query->select('*') + ->from($sourceTable); + + + $result = $query->executeQuery(); + while ($row = $result->fetch()) { + $insert + ->setParameter('ldap_dn', $row['ldap_dn']) + ->setParameter('owncloud_name', $row['owncloud_name']) + ->setParameter('directory_uuid', $row['directory_uuid']) + ->setParameter('ldap_dn_hash', $row['ldap_dn_hash']) + ; + + $insert->executeStatement(); + } + $result->closeCursor(); + } +} diff --git a/apps/user_ldap/lib/Migration/RemoveRefreshTime.php b/apps/user_ldap/lib/Migration/RemoveRefreshTime.php new file mode 100644 index 00000000000..88ac56ccb84 --- /dev/null +++ b/apps/user_ldap/lib/Migration/RemoveRefreshTime.php @@ -0,0 +1,44 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\User_LDAP\Migration; + +use OCP\IConfig; +use OCP\IDBConnection; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +/** + * Class RmRefreshTime + * + * this can be removed with Nextcloud 21 + * + * @package OCA\User_LDAP\Migration + */ +class RemoveRefreshTime implements IRepairStep { + + public function __construct( + private IDBConnection $dbc, + private IConfig $config, + ) { + } + + public function getName() { + return 'Remove deprecated refresh time markers for LDAP user records'; + } + + public function run(IOutput $output) { + $this->config->deleteAppValue('user_ldap', 'updateAttributesInterval'); + + $qb = $this->dbc->getQueryBuilder(); + $qb->delete('preferences') + ->where($qb->expr()->eq('appid', $qb->createNamedParameter('user_ldap'))) + ->andWhere($qb->expr()->eq('configkey', $qb->createNamedParameter('lastFeatureRefresh'))) + ->executeStatement(); + } +} diff --git a/apps/user_ldap/lib/Migration/SetDefaultProvider.php b/apps/user_ldap/lib/Migration/SetDefaultProvider.php new file mode 100644 index 00000000000..0bb04438a1d --- /dev/null +++ b/apps/user_ldap/lib/Migration/SetDefaultProvider.php @@ -0,0 +1,35 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\User_LDAP\Migration; + +use OCA\User_LDAP\Helper; +use OCA\User_LDAP\LDAPProviderFactory; +use OCP\IConfig; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +class SetDefaultProvider implements IRepairStep { + + public function __construct( + private IConfig $config, + private Helper $helper, + ) { + } + + public function getName(): string { + return 'Set default LDAP provider'; + } + + public function run(IOutput $output): void { + $current = $this->config->getSystemValue('ldapProviderFactory', null); + if ($current === null) { + $this->config->setSystemValue('ldapProviderFactory', LDAPProviderFactory::class); + } + } +} diff --git a/apps/user_ldap/lib/Migration/UUIDFix.php b/apps/user_ldap/lib/Migration/UUIDFix.php index 5b9e5e2231d..e853f3bba66 100644 --- a/apps/user_ldap/lib/Migration/UUIDFix.php +++ b/apps/user_ldap/lib/Migration/UUIDFix.php @@ -1,60 +1,32 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Migration; - -use OC\BackgroundJob\QueuedJob; use OCA\User_LDAP\Mapping\AbstractMapping; use OCA\User_LDAP\Proxy; use OCA\User_LDAP\User_Proxy; +use OCP\BackgroundJob\QueuedJob; abstract class UUIDFix extends QueuedJob { - /** @var AbstractMapping */ - protected $mapper; - - /** @var Proxy */ - protected $proxy; + protected AbstractMapping $mapper; + protected Proxy $proxy; public function run($argument) { $isUser = $this->proxy instanceof User_Proxy; - foreach($argument['records'] as $record) { + foreach ($argument['records'] as $record) { $access = $this->proxy->getLDAPAccess($record['name']); $uuid = $access->getUUID($record['dn'], $isUser); - if($uuid === false) { + if ($uuid === false) { // record not found, no prob, continue with the next continue; } - if($uuid !== $record['uuid']) { + if ($uuid !== $record['uuid']) { $this->mapper->setUUIDbyDN($uuid, $record['dn']); } } } - - /** - * @param Proxy $proxy - */ - public function overrideProxy(Proxy $proxy) { - $this->proxy = $proxy; - } } diff --git a/apps/user_ldap/lib/Migration/UUIDFixGroup.php b/apps/user_ldap/lib/Migration/UUIDFixGroup.php index 7258029dfd1..3924c91e7ba 100644 --- a/apps/user_ldap/lib/Migration/UUIDFixGroup.php +++ b/apps/user_ldap/lib/Migration/UUIDFixGroup.php @@ -1,41 +1,19 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Roger Szabo <roger.szabo@web.de> - * @author Vinicius Cubas Brand <vinicius@eita.org.br> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Migration; -use OCA\User_LDAP\Helper; -use OCA\User_LDAP\LDAP; +use OCA\User_LDAP\Group_Proxy; use OCA\User_LDAP\Mapping\GroupMapping; -use OCA\User_LDAP\User_Proxy; -use OCP\IConfig; +use OCP\AppFramework\Utility\ITimeFactory; class UUIDFixGroup extends UUIDFix { - public function __construct(GroupMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { + public function __construct(ITimeFactory $time, GroupMapping $mapper, Group_Proxy $proxy) { + parent::__construct($time); $this->mapper = $mapper; - $this->proxy = new User_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $config, - \OC::$server->getNotificationManager(), \OC::$server->getUserSession(), - \OC::$server->query('LDAPUserPluginManager')); + $this->proxy = $proxy; } } diff --git a/apps/user_ldap/lib/Migration/UUIDFixInsert.php b/apps/user_ldap/lib/Migration/UUIDFixInsert.php index 4a1104f2c6f..bb92314d93a 100644 --- a/apps/user_ldap/lib/Migration/UUIDFixInsert.php +++ b/apps/user_ldap/lib/Migration/UUIDFixInsert.php @@ -1,26 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Migration; use OCA\User_LDAP\Mapping\GroupMapping; @@ -32,23 +15,12 @@ use OCP\Migration\IRepairStep; class UUIDFixInsert implements IRepairStep { - /** @var IConfig */ - protected $config; - - /** @var UserMapping */ - protected $userMapper; - - /** @var GroupMapping */ - protected $groupMapper; - - /** @var IJobList */ - protected $jobList; - - public function __construct(IConfig $config, UserMapping $userMapper, GroupMapping $groupMapper, IJobList $jobList) { - $this->config = $config; - $this->userMapper = $userMapper; - $this->groupMapper = $groupMapper; - $this->jobList = $jobList; + public function __construct( + protected IConfig $config, + protected UserMapping $userMapper, + protected GroupMapping $groupMapper, + protected IJobList $jobList, + ) { } /** @@ -71,7 +43,7 @@ class UUIDFixInsert implements IRepairStep { */ public function run(IOutput $output) { $installedVersion = $this->config->getAppValue('user_ldap', 'installed_version', '1.2.1'); - if(version_compare($installedVersion, '1.2.1') !== -1) { + if (version_compare($installedVersion, '1.2.1') !== -1) { return; } @@ -82,20 +54,19 @@ class UUIDFixInsert implements IRepairStep { do { $retry = false; $records = $mapper->getList($offset, $batchSize); - if(count($records) === 0){ + if (count($records) === 0) { continue; } try { $this->jobList->add($jobClass, ['records' => $records]); $offset += $batchSize; } catch (\InvalidArgumentException $e) { - if(strpos($e->getMessage(), 'Background job arguments can\'t exceed 4000') !== false) { - $batchSize = intval(floor(count($records) * 0.8)); + if (str_contains($e->getMessage(), 'Background job arguments can\'t exceed 4000')) { + $batchSize = (int)floor(count($records) * 0.8); $retry = true; } } } while (count($records) === $batchSize || $retry); } - } } diff --git a/apps/user_ldap/lib/Migration/UUIDFixUser.php b/apps/user_ldap/lib/Migration/UUIDFixUser.php index 28765917ae0..71c3f638095 100644 --- a/apps/user_ldap/lib/Migration/UUIDFixUser.php +++ b/apps/user_ldap/lib/Migration/UUIDFixUser.php @@ -1,39 +1,19 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Vinicius Cubas Brand <vinicius@eita.org.br> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - namespace OCA\User_LDAP\Migration; -use OCA\User_LDAP\Helper; -use OCA\User_LDAP\LDAP; use OCA\User_LDAP\Mapping\UserMapping; -use OCA\User_LDAP\Group_Proxy; -use OCP\IConfig; +use OCA\User_LDAP\User_Proxy; +use OCP\AppFramework\Utility\ITimeFactory; class UUIDFixUser extends UUIDFix { - public function __construct(UserMapping $mapper, LDAP $ldap, IConfig $config, Helper $helper) { + public function __construct(ITimeFactory $time, UserMapping $mapper, User_Proxy $proxy) { + parent::__construct($time); $this->mapper = $mapper; - $groupPluginManager = \OC::$server->query('LDAPGroupPluginManager'); - $this->proxy = new Group_Proxy($helper->getServerConfigurationPrefixes(true), $ldap, $groupPluginManager); + $this->proxy = $proxy; } } diff --git a/apps/user_ldap/lib/Migration/UnsetDefaultProvider.php b/apps/user_ldap/lib/Migration/UnsetDefaultProvider.php new file mode 100644 index 00000000000..025415cf712 --- /dev/null +++ b/apps/user_ldap/lib/Migration/UnsetDefaultProvider.php @@ -0,0 +1,33 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\User_LDAP\Migration; + +use OCA\User_LDAP\LDAPProviderFactory; +use OCP\IConfig; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +class UnsetDefaultProvider implements IRepairStep { + + public function __construct( + private IConfig $config, + ) { + } + + public function getName(): string { + return 'Unset default LDAP provider'; + } + + public function run(IOutput $output): void { + $current = $this->config->getSystemValue('ldapProviderFactory', null); + if ($current === LDAPProviderFactory::class) { + $this->config->deleteSystemValue('ldapProviderFactory'); + } + } +} diff --git a/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php new file mode 100644 index 00000000000..1464e50e359 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1010Date20200630192842.php @@ -0,0 +1,94 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version1010Date20200630192842 extends SimpleMigrationStep { + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_user_mapping')) { + $table = $schema->createTable('ldap_user_mapping'); + $table->addColumn('ldap_dn', Types::STRING, [ + 'notnull' => true, + 'length' => 4000, + 'default' => '', + ]); + $table->addColumn('owncloud_name', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('directory_uuid', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => false, + 'length' => 64, + ]); + $table->setPrimaryKey(['owncloud_name']); + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes'); + $table->addUniqueIndex(['directory_uuid'], 'ldap_user_directory_uuid'); + } + + if (!$schema->hasTable('ldap_group_mapping')) { + $table = $schema->createTable('ldap_group_mapping'); + $table->addColumn('ldap_dn', Types::STRING, [ + 'notnull' => true, + 'length' => 4000, + 'default' => '', + ]); + $table->addColumn('owncloud_name', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('directory_uuid', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => false, + 'length' => 64, + ]); + $table->setPrimaryKey(['owncloud_name']); + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_group_dn_hashes'); + $table->addUniqueIndex(['directory_uuid'], 'ldap_group_directory_uuid'); + } + + if (!$schema->hasTable('ldap_group_members')) { + $table = $schema->createTable('ldap_group_members'); + $table->addColumn('owncloudname', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('owncloudusers', Types::TEXT, [ + 'notnull' => true, + ]); + $table->setPrimaryKey(['owncloudname']); + } + return $schema; + } +} diff --git a/apps/user_ldap/lib/Migration/Version1120Date20210917155206.php b/apps/user_ldap/lib/Migration/Version1120Date20210917155206.php new file mode 100644 index 00000000000..dc3823bf771 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1120Date20210917155206.php @@ -0,0 +1,131 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OC\Hooks\PublicEmitter; +use OCP\DB\Exception; +use OCP\DB\ISchemaWrapper; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\IDBConnection; +use OCP\IUserManager; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; +use Psr\Log\LoggerInterface; + +class Version1120Date20210917155206 extends SimpleMigrationStep { + + public function __construct( + private IDBConnection $dbc, + private IUserManager $userManager, + private LoggerInterface $logger, + ) { + } + + public function getName() { + return 'Adjust LDAP user and group id column lengths to match server lengths'; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + */ + public function preSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void { + // ensure that there is no user or group id longer than 64char in LDAP table + $this->handleIDs('ldap_group_mapping', false); + $this->handleIDs('ldap_user_mapping', true); + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $changeSchema = false; + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $table = $schema->getTable($tableName); + $column = $table->getColumn('owncloud_name'); + if ($column->getLength() > 64) { + $column->setLength(64); + $changeSchema = true; + } + } + + return $changeSchema ? $schema : null; + } + + protected function handleIDs(string $table, bool $emitHooks) { + $select = $this->getSelectQuery($table); + $update = $this->getUpdateQuery($table); + + $result = $select->executeQuery(); + while ($row = $result->fetch()) { + $newId = hash('sha256', $row['owncloud_name'], false); + if ($emitHooks) { + $this->emitUnassign($row['owncloud_name'], true); + } + $update->setParameter('uuid', $row['directory_uuid']); + $update->setParameter('newId', $newId); + try { + $update->executeStatement(); + if ($emitHooks) { + $this->emitUnassign($row['owncloud_name'], false); + $this->emitAssign($newId); + } + } catch (Exception $e) { + $this->logger->error('Failed to shorten owncloud_name "{oldId}" to "{newId}" (UUID: "{uuid}" of {table})', + [ + 'app' => 'user_ldap', + 'oldId' => $row['owncloud_name'], + 'newId' => $newId, + 'uuid' => $row['directory_uuid'], + 'table' => $table, + 'exception' => $e, + ] + ); + } + } + $result->closeCursor(); + } + + protected function getSelectQuery(string $table): IQueryBuilder { + $qb = $this->dbc->getQueryBuilder(); + $qb->select('owncloud_name', 'directory_uuid') + ->from($table) + ->where($qb->expr()->gt($qb->func()->octetLength('owncloud_name'), $qb->createNamedParameter('64'), IQueryBuilder::PARAM_INT)); + return $qb; + } + + protected function getUpdateQuery(string $table): IQueryBuilder { + $qb = $this->dbc->getQueryBuilder(); + $qb->update($table) + ->set('owncloud_name', $qb->createParameter('newId')) + ->where($qb->expr()->eq('directory_uuid', $qb->createParameter('uuid'))); + return $qb; + } + + protected function emitUnassign(string $oldId, bool $pre): void { + if ($this->userManager instanceof PublicEmitter) { + $this->userManager->emit('\OC\User', $pre ? 'pre' : 'post' . 'UnassignedUserId', [$oldId]); + } + } + + protected function emitAssign(string $newId): void { + if ($this->userManager instanceof PublicEmitter) { + $this->userManager->emit('\OC\User', 'assignedUserId', [$newId]); + } + } +} diff --git a/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php new file mode 100644 index 00000000000..2457acd840d --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1130Date20211102154716.php @@ -0,0 +1,266 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use Generator; +use OCP\DB\Exception; +use OCP\DB\ISchemaWrapper; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\DB\Types; +use OCP\IDBConnection; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; +use Psr\Log\LoggerInterface; + +class Version1130Date20211102154716 extends SimpleMigrationStep { + + /** @var string[] */ + private $hashColumnAddedToTables = []; + + public function __construct( + private IDBConnection $dbc, + private LoggerInterface $logger, + ) { + } + + public function getName() { + return 'Adjust LDAP user and group ldap_dn column lengths and add ldap_dn_hash columns'; + } + + public function preSchemaChange(IOutput $output, \Closure $schemaClosure, array $options) { + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $this->processDuplicateUUIDs($tableName); + } + + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + if ($schema->hasTable('ldap_group_mapping_backup')) { + // Previous upgrades of a broken release might have left an incomplete + // ldap_group_mapping_backup table. No need to recreate, but it + // should be empty. + // TRUNCATE is not available from Query Builder, but faster than DELETE FROM. + $sql = $this->dbc->getDatabasePlatform()->getTruncateTableSQL('`*PREFIX*ldap_group_mapping_backup`', false); + $this->dbc->executeStatement($sql); + } + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $changeSchema = false; + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $table = $schema->getTable($tableName); + if (!$table->hasColumn('ldap_dn_hash')) { + $table->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => false, + 'length' => 64, + ]); + $changeSchema = true; + $this->hashColumnAddedToTables[] = $tableName; + } + $column = $table->getColumn('ldap_dn'); + if ($tableName === 'ldap_user_mapping') { + if ($column->getLength() < 4000) { + $column->setLength(4000); + $changeSchema = true; + } + + if ($table->hasIndex('ldap_dn_users')) { + $table->dropIndex('ldap_dn_users'); + $changeSchema = true; + } + if (!$table->hasIndex('ldap_user_dn_hashes')) { + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_user_dn_hashes'); + $changeSchema = true; + } + if (!$table->hasIndex('ldap_user_directory_uuid')) { + $table->addUniqueIndex(['directory_uuid'], 'ldap_user_directory_uuid'); + $changeSchema = true; + } + } elseif (!$schema->hasTable('ldap_group_mapping_backup')) { + // We need to copy the table twice to be able to change primary key, prepare the backup table + $table2 = $schema->createTable('ldap_group_mapping_backup'); + $table2->addColumn('ldap_dn', Types::STRING, [ + 'notnull' => true, + 'length' => 4000, + 'default' => '', + ]); + $table2->addColumn('owncloud_name', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table2->addColumn('directory_uuid', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table2->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => false, + 'length' => 64, + ]); + $table2->setPrimaryKey(['owncloud_name'], 'lgm_backup_primary'); + $changeSchema = true; + } + } + + return $changeSchema ? $schema : null; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + */ + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { + $this->handleDNHashes('ldap_group_mapping'); + $this->handleDNHashes('ldap_user_mapping'); + } + + protected function handleDNHashes(string $table): void { + $select = $this->getSelectQuery($table); + $update = $this->getUpdateQuery($table); + + $result = $select->executeQuery(); + while ($row = $result->fetch()) { + $dnHash = hash('sha256', $row['ldap_dn'], false); + $update->setParameter('name', $row['owncloud_name']); + $update->setParameter('dn_hash', $dnHash); + try { + $update->executeStatement(); + } catch (Exception $e) { + $this->logger->error('Failed to add hash "{dnHash}" ("{name}" of {table})', + [ + 'app' => 'user_ldap', + 'name' => $row['owncloud_name'], + 'dnHash' => $dnHash, + 'table' => $table, + 'exception' => $e, + ] + ); + } + } + $result->closeCursor(); + } + + protected function getSelectQuery(string $table): IQueryBuilder { + $qb = $this->dbc->getQueryBuilder(); + $qb->select('owncloud_name', 'ldap_dn') + ->from($table); + + // when added we may run into risk that it's read from a DB node + // where the column is not present. Then the where clause is also + // not necessary since all rows qualify. + if (!in_array($table, $this->hashColumnAddedToTables, true)) { + $qb->where($qb->expr()->isNull('ldap_dn_hash')); + } + + return $qb; + } + + protected function getUpdateQuery(string $table): IQueryBuilder { + $qb = $this->dbc->getQueryBuilder(); + $qb->update($table) + ->set('ldap_dn_hash', $qb->createParameter('dn_hash')) + ->where($qb->expr()->eq('owncloud_name', $qb->createParameter('name'))); + return $qb; + } + + /** + * @throws Exception + */ + protected function processDuplicateUUIDs(string $table): void { + $uuids = $this->getDuplicatedUuids($table); + $idsWithUuidToInvalidate = []; + foreach ($uuids as $uuid) { + array_push($idsWithUuidToInvalidate, ...$this->getNextcloudIdsByUuid($table, $uuid)); + } + $this->invalidateUuids($table, $idsWithUuidToInvalidate); + } + + /** + * @throws Exception + */ + protected function invalidateUuids(string $table, array $idList): void { + $update = $this->dbc->getQueryBuilder(); + $update->update($table) + ->set('directory_uuid', $update->createParameter('invalidatedUuid')) + ->where($update->expr()->eq('owncloud_name', $update->createParameter('nextcloudId'))); + + while ($nextcloudId = array_shift($idList)) { + $update->setParameter('nextcloudId', $nextcloudId); + $update->setParameter('invalidatedUuid', 'invalidated_' . \bin2hex(\random_bytes(6))); + try { + $update->executeStatement(); + $this->logger->warning( + 'LDAP user or group with ID {nid} has a duplicated UUID value which therefore was invalidated. You may double-check your LDAP configuration and trigger an update of the UUID.', + [ + 'app' => 'user_ldap', + 'nid' => $nextcloudId, + ] + ); + } catch (Exception $e) { + // Catch possible, but unlikely duplications if new invalidated errors. + // There is the theoretical chance of an infinity loop is, when + // the constraint violation has a different background. I cannot + // think of one at the moment. + if ($e->getReason() !== Exception::REASON_CONSTRAINT_VIOLATION) { + throw $e; + } + $idList[] = $nextcloudId; + } + } + } + + /** + * @throws \OCP\DB\Exception + * @return array<string> + */ + protected function getNextcloudIdsByUuid(string $table, string $uuid): array { + $select = $this->dbc->getQueryBuilder(); + $select->select('owncloud_name') + ->from($table) + ->where($select->expr()->eq('directory_uuid', $select->createNamedParameter($uuid))); + + $result = $select->executeQuery(); + $idList = []; + while (($id = $result->fetchOne()) !== false) { + $idList[] = $id; + } + $result->closeCursor(); + return $idList; + } + + /** + * @return Generator<string> + * @throws \OCP\DB\Exception + */ + protected function getDuplicatedUuids(string $table): Generator { + $select = $this->dbc->getQueryBuilder(); + $select->select('directory_uuid') + ->from($table) + ->groupBy('directory_uuid') + ->having($select->expr()->gt($select->func()->count('owncloud_name'), $select->createNamedParameter(1))); + + $result = $select->executeQuery(); + while (($uuid = $result->fetchOne()) !== false) { + yield $uuid; + } + $result->closeCursor(); + } +} diff --git a/apps/user_ldap/lib/Migration/Version1130Date20220110154717.php b/apps/user_ldap/lib/Migration/Version1130Date20220110154717.php new file mode 100644 index 00000000000..80960373edf --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1130Date20220110154717.php @@ -0,0 +1,60 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\Migration\IOutput; + +class Version1130Date20220110154717 extends GroupMappingMigration { + public function getName() { + return 'Copy ldap_group_mapping data to backup table if needed'; + } + + /** + * @param IOutput $output + * @param \Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @since 13.0.0 + */ + public function preSchemaChange(IOutput $output, \Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_mapping_backup')) { + // Backup table does not exist + return; + } + + $output->startProgress(); + $this->copyGroupMappingData('ldap_group_mapping', 'ldap_group_mapping_backup'); + $output->finishProgress(); + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_mapping_backup')) { + // Backup table does not exist + return null; + } + + $schema->dropTable('ldap_group_mapping'); + + return $schema; + } +} diff --git a/apps/user_ldap/lib/Migration/Version1130Date20220110154718.php b/apps/user_ldap/lib/Migration/Version1130Date20220110154718.php new file mode 100644 index 00000000000..f67b791daad --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1130Date20220110154718.php @@ -0,0 +1,82 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\Migration\IOutput; + +class Version1130Date20220110154718 extends GroupMappingMigration { + public function getName() { + return 'Copy ldap_group_mapping data from backup table and if needed'; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_mapping_backup')) { + // Backup table does not exist + return null; + } + + $table = $schema->createTable('ldap_group_mapping'); + $table->addColumn('ldap_dn', Types::STRING, [ + 'notnull' => true, + 'length' => 4000, + 'default' => '', + ]); + $table->addColumn('owncloud_name', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->addColumn('directory_uuid', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('ldap_dn_hash', Types::STRING, [ + 'notnull' => false, + 'length' => 64, + ]); + $table->setPrimaryKey(['owncloud_name']); + $table->addUniqueIndex(['ldap_dn_hash'], 'ldap_group_dn_hashes'); + $table->addUniqueIndex(['directory_uuid'], 'ldap_group_directory_uuid'); + + return $schema; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + */ + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options) { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_mapping_backup')) { + // Backup table does not exist + return; + } + + $output->startProgress(); + $this->copyGroupMappingData('ldap_group_mapping_backup', 'ldap_group_mapping'); + $output->finishProgress(); + } +} diff --git a/apps/user_ldap/lib/Migration/Version1130Date20220110154719.php b/apps/user_ldap/lib/Migration/Version1130Date20220110154719.php new file mode 100644 index 00000000000..c34ee5357f5 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1130Date20220110154719.php @@ -0,0 +1,39 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version1130Date20220110154719 extends SimpleMigrationStep { + public function getName() { + return 'Drop ldap_group_mapping_backup'; + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if ($schema->hasTable('ldap_group_mapping_backup')) { + $schema->dropTable('ldap_group_mapping_backup'); + return $schema; + } + + return null; + } +} diff --git a/apps/user_ldap/lib/Migration/Version1141Date20220323143801.php b/apps/user_ldap/lib/Migration/Version1141Date20220323143801.php new file mode 100644 index 00000000000..ecedbf1de20 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1141Date20220323143801.php @@ -0,0 +1,95 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\QueryBuilder\IQueryBuilder; +use OCP\IDBConnection; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version1141Date20220323143801 extends SimpleMigrationStep { + + public function __construct( + private IDBConnection $dbc, + ) { + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + */ + public function preSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void { + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $qb = $this->dbc->getQueryBuilder(); + $qb->select('ldap_dn') + ->from($tableName) + ->where($qb->expr()->gt($qb->func()->octetLength('ldap_dn'), $qb->createNamedParameter('4000'), IQueryBuilder::PARAM_INT)); + + $dnsTooLong = []; + $result = $qb->executeQuery(); + while (($dn = $result->fetchOne()) !== false) { + $dnsTooLong[] = $dn; + } + $result->closeCursor(); + $this->shortenDNs($dnsTooLong, $tableName); + } + } + + protected function shortenDNs(array $dns, string $table): void { + $qb = $this->dbc->getQueryBuilder(); + $qb->update($table) + ->set('ldap_dn', $qb->createParameter('shortenedDn')) + ->where($qb->expr()->eq('ldap_dn', $qb->createParameter('originalDn'))); + + $pageSize = 1000; + $page = 0; + do { + $subset = array_slice($dns, $page * $pageSize, $pageSize); + try { + $this->dbc->beginTransaction(); + foreach ($subset as $dn) { + $shortenedDN = mb_substr($dn, 0, 4000); + $qb->setParameter('shortenedDn', $shortenedDN); + $qb->setParameter('originalDn', $dn); + $qb->executeStatement(); + } + $this->dbc->commit(); + } catch (\Throwable $t) { + $this->dbc->rollBack(); + throw $t; + } + $page++; + } while (count($subset) === $pageSize); + } + + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + foreach (['ldap_user_mapping', 'ldap_group_mapping'] as $tableName) { + $table = $schema->getTable($tableName); + $column = $table->getColumn('ldap_dn'); + if ($column->getLength() > 4000) { + $column->setLength(4000); + } + } + + return $schema; + } +} diff --git a/apps/user_ldap/lib/Migration/Version1190Date20230706134108.php b/apps/user_ldap/lib/Migration/Version1190Date20230706134108.php new file mode 100644 index 00000000000..85b046ab7c9 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1190Date20230706134108.php @@ -0,0 +1,108 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\IDBConnection; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version1190Date20230706134108 extends SimpleMigrationStep { + public function __construct( + private IDBConnection $dbc, + ) { + } + + public function preSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void { + } + + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_membership')) { + $table = $schema->createTable('ldap_group_membership'); + $table->addColumn('id', Types::BIGINT, [ + 'autoincrement' => true, + 'notnull' => true, + ]); + $table->addColumn('groupid', Types::STRING, [ + 'notnull' => true, + 'length' => 255, + 'default' => '', + ]); + $table->addColumn('userid', Types::STRING, [ + 'notnull' => true, + 'length' => 64, + 'default' => '', + ]); + $table->setPrimaryKey(['id']); + $table->addUniqueIndex(['groupid', 'userid'], 'user_ldap_membership_unique'); + return $schema; + } else { + return null; + } + } + + public function postSchemaChange(IOutput $output, Closure $schemaClosure, array $options): void { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if (!$schema->hasTable('ldap_group_members')) { + // Old table does not exist + return; + } + + $output->startProgress(); + $this->copyGroupMembershipData(); + $output->finishProgress(); + } + + protected function copyGroupMembershipData(): void { + $insert = $this->dbc->getQueryBuilder(); + $insert->insert('ldap_group_membership') + ->values([ + 'userid' => $insert->createParameter('userid'), + 'groupid' => $insert->createParameter('groupid'), + ]); + + $query = $this->dbc->getQueryBuilder(); + $query->select('*') + ->from('ldap_group_members'); + + $result = $query->executeQuery(); + while ($row = $result->fetch()) { + $knownUsers = unserialize($row['owncloudusers']); + if (!is_array($knownUsers)) { + /* Unserialize failed or data was incorrect in database, ignore */ + continue; + } + $knownUsers = array_unique($knownUsers); + foreach ($knownUsers as $knownUser) { + try { + $insert + ->setParameter('groupid', $row['owncloudname']) + ->setParameter('userid', $knownUser) + ; + + $insert->executeStatement(); + } catch (\OCP\DB\Exception $e) { + /* + * If it fails on unique constaint violation it may just be left over value from previous half-migration + * If it fails on something else, ignore as well, data will be filled by background job later anyway + */ + } + } + } + $result->closeCursor(); + } +} diff --git a/apps/user_ldap/lib/Migration/Version1190Date20230706134109.php b/apps/user_ldap/lib/Migration/Version1190Date20230706134109.php new file mode 100644 index 00000000000..2d3c26f0d49 --- /dev/null +++ b/apps/user_ldap/lib/Migration/Version1190Date20230706134109.php @@ -0,0 +1,29 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\User_LDAP\Migration; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version1190Date20230706134109 extends SimpleMigrationStep { + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + if ($schema->hasTable('ldap_group_members')) { + $schema->dropTable('ldap_group_members'); + return $schema; + } + + return null; + } +} |