1919use OCP \IUserManager ;
2020use OCP \Migration \IOutput ;
2121use OCP \Migration \SimpleMigrationStep ;
22- use OCP \Security \ISecureRandom ;
2322use OCP \Server ;
2423use OCP \Share \IShare ;
2524
2827 * as permanent tokens, which is required for the OCM token exchange flow.
2928 *
3029 * Shares created before this fork used TokenHandler (15-char tokens) and never
31- * registered in oc_authtoken. Those tokens are replaced with new 32-char tokens.
32- * Note: the remote's copy of a replaced token becomes stale; affected shares will
33- * need to be re-created.
30+ * registered in oc_authtoken. Those legacy short tokens are left untouched so
31+ * that the receiving instance can continue to authenticate via Basic auth with
32+ * the original token. They will never participate in the token exchange flow,
33+ * but they will keep working until the share is re-created with a new token.
3434 *
3535 * Shares created by this fork (32-char tokens) that are somehow missing from
3636 * oc_authtoken are silently repaired.
@@ -43,7 +43,6 @@ public function changeSchema(IOutput $output, Closure $schemaClosure, array $opt
4343 public function postSchemaChange (IOutput $ outputClosure $ schemaClosurearray $ optionsvoid {
4444 $ dbget (IDBConnection::class);
4545 $ tokenProviderget (PublicKeyTokenProvider::class);
46- $ randomget (ISecureRandom::class);
4746 $ userManagerget (IUserManager::class);
4847
4948 $ qb$ dbgetQueryBuilder ();
@@ -58,7 +57,6 @@ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array
5857 ))
5958 ->executeQuery ();
6059
61- $ replaced0 ;
6260 $ registered0 ;
6361 $ skipped0 ;
6462
@@ -68,30 +66,21 @@ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array
6866 $ uidstring )$ row'uid_initiator ' ];
6967
7068 if (strlen ($ tokenTOKEN_MIN_LENGTH ) {
71- // Old short token from TokenHandler — cannot register in oc_authtoken.
72- // Generate a new 32-char token and update oc_share.
73- $ newToken$ randomgenerate (
74- 32 ,
75- ISecureRandom::CHAR_UPPER . ISecureRandom::CHAR_LOWER . ISecureRandom::CHAR_DIGITS
76- );
77-
78- $ updateQb$ dbgetQueryBuilder ();
79- $ updateQbupdate ('share ' )
80- ->set ('token ' , $ updateQbcreateNamedParameter ($ newToken
81- ->where ($ updateQbexpr ()->eq ('id ' , $ updateQbcreateNamedParameter ($ shareIdPARAM_INT )));
82- $ updateQbexecuteStatement ();
69+ // Old short token from TokenHandler — leave it as-is.
70+ // Replacing it would invalidate the token stored on the receiving instance,
71+ // breaking Basic-auth access to those shares. These shares keep working via
72+ // Basic auth and are simply not eligible for the OCM token exchange flow.
73+ $ skipped
74+ continue ;
75+ }
8376
84- $ token$ newToken
85- $ replaced
86- } else {
87- // Long token — check if it's already in oc_authtoken.
88- try {
89- $ tokenProvidergetToken ($ token
90- $ skipped
91- continue ;
92- } catch (InvalidTokenException
93- // Not registered yet — fall through to create it.
94- }
77+ // Long token — check if it's already in oc_authtoken.
78+ try {
79+ $ tokenProvidergetToken ($ token
80+ $ skipped
81+ continue ;
82+ } catch (InvalidTokenException
83+ // Not registered yet — fall through to create it.
9584 }
9685
9786 $ user$ userManagerget ($ uid
@@ -120,18 +109,9 @@ public function postSchemaChange(IOutput $output, Closure $schemaClosure, array
120109 $ resultcloseCursor ();
121110
122111 $ outputinfo (sprintf (
123- 'Federated share token migration: %d replaced (short tokens), %d registered, %d already up-to-date. ' ,
124- $ replaced
112+ 'Federated share token migration: %d registered, %d skipped (already up-to-date or legacy short token). ' ,
125113 $ registered
126114 $ skipped
127115 ));
128-
129- if ($ replaced0 ) {
130- $ outputwarning (sprintf (
131- '%d federated share(s) had their token replaced. The remote side \'s copy of the '
132- . 'old token is now stale — those shares will need to be re-created. ' ,
133- $ replaced
134- ));
135- }
136116 }
137117}
0 commit comments