|
5 | 5 | use OCP\Migration\ISimpleMigration; |
6 | 6 | use OCP\Migration\IOutput; |
7 | 7 | use OCP\Files\External\Service\IGlobalStoragesService; |
| 8 | +use OCP\Files\External\IStorageConfig; |
8 | 9 | use OCP\Files\External\DefinitionParameter; |
9 | 10 | use OCP\Security\ICrypto; |
10 | 11 | use OCP\IConfig; |
@@ -44,50 +45,63 @@ public function run(IOutput $out) { |
44 | 45 | $configId = $storageConfig->getId(); |
45 | 46 | $changedOptions = []; |
46 | 47 | foreach ($backendOptions as $key => $value) { |
47 | | - $realValue = $value; |
48 | | - if ($key === 'password') { |
49 | | - try { |
50 | | - $realValue = $this->crypto->decrypt($value); |
51 | | - } catch (\Exception $ex) { |
52 | | - $out->warning("Storage configuration with id = {$configId}: Cannot decrypt value for key {$key}, assuming unencrypted value"); |
53 | | - } |
54 | | - } |
55 | | - |
| 48 | + $realValue = $this->conditionalDecrypt($key, $value, $out, $configId); |
56 | 49 | if ($this->shouldBeEncrypted($storageConfig, $key)) { |
57 | 50 | $changedOptions[$key] = $realValue; |
58 | 51 | } |
59 | 52 | } |
60 | 53 | if ($changedOptions) { |
61 | | - // need to force a fake password change to update the password later |
62 | | - foreach ($changedOptions as $key => $value) { |
63 | | - $storageConfig->setBackendOption($key, "{$value}0"); |
64 | | - } |
65 | | - $this->storageService->updateStorage($storageConfig); |
66 | | - // re-insert the old password so it will be encrypted now |
67 | | - foreach ($changedOptions as $key => $value) { |
68 | | - $storageConfig->setBackendOption($key, $value); |
69 | | - } |
70 | | - $this->storageService->updateStorage($storageConfig); |
| 54 | + $this->updateConfig($storageConfig, $changedOptions); |
71 | 55 | $out->info("Storage configuration with id = {$configId} updated correctly"); |
72 | 56 | } |
73 | 57 | } |
74 | 58 | } |
75 | 59 |
|
| 60 | + private function conditionalDecrypt($key, $value, IOutput $out, $configId) { |
| 61 | + // only attempt to decrypt the "password" key |
| 62 | + if ($key === 'password') { |
| 63 | + try { |
| 64 | + return $this->crypto->decrypt($value); |
| 65 | + } catch (\Exception $ex) { |
| 66 | + $out->warning("Storage configuration with id = {$configId}: Cannot decrypt value for key {$key}, assuming unencrypted value"); |
| 67 | + } |
| 68 | + } else { |
| 69 | + return $value; |
| 70 | + } |
| 71 | + } |
| 72 | + |
76 | 73 | private function shouldBeEncrypted($storageConfig, $key) { |
77 | 74 | $backend = $storageConfig->getBackend(); |
78 | 75 | $backendParameters = $backend->getParameters(); |
79 | 76 |
|
80 | 77 | $auth = $storageConfig->getAuthMechanism(); |
81 | 78 | $authParameters = $auth->getParameters(); |
82 | 79 |
|
83 | | - if (isset($backendParameters[$key]) && $backendParameters[$key]->getType() === DefinitionParameter::VALUE_PASSWORD) { |
| 80 | + if ( |
| 81 | + ( |
| 82 | + isset($backendParameters[$key]) && |
| 83 | + $backendParameters[$key]->getType() === DefinitionParameter::VALUE_PASSWORD |
| 84 | + ) || ( |
| 85 | + isset($authParameters[$key]) && |
| 86 | + $authParameters[$key]->getType() === DefinitionParameter::VALUE_PASSWORD |
| 87 | + ) |
| 88 | + ) { |
84 | 89 | return true; |
85 | 90 | } |
| 91 | + return false; |
| 92 | + } |
86 | 93 |
|
87 | | - if (isset($authParameters[$key]) && $authParameters[$key]->getType() === DefinitionParameter::VALUE_PASSWORD) { |
88 | | - return true; |
| 94 | + private function updateConfig(IStorageConfig $storageConfig, $changedOptions) { |
| 95 | + // need to force a fake password change to update the password later |
| 96 | + foreach ($changedOptions as $key => $value) { |
| 97 | + $storageConfig->setBackendOption($key, "{$value}0"); |
89 | 98 | } |
90 | | - return false; |
| 99 | + $this->storageService->updateStorage($storageConfig); |
| 100 | + // re-insert the old password so it will be encrypted now |
| 101 | + foreach ($changedOptions as $key => $value) { |
| 102 | + $storageConfig->setBackendOption($key, $value); |
| 103 | + } |
| 104 | + $this->storageService->updateStorage($storageConfig); |
91 | 105 | } |
92 | 106 |
|
93 | 107 | /** |
|
0 commit comments