From 3532802a3cccd880c82fe85796a3f7f548e3a251 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 13 Dec 2021 09:28:13 +0100 Subject: [PATCH 1/4] Add a primary key to ratelimit_entries table Signed-off-by: Joas Schilling --- .../Version23000Date20210906132259.php | 43 ++++++------ .../Version24000Date20211213081506.php | 50 ++++++++++++++ .../Version24000Date20211213081604.php | 66 +++++++++++++++++++ 3 files changed, 139 insertions(+), 20 deletions(-) create mode 100644 core/Migrations/Version24000Date20211213081506.php create mode 100644 core/Migrations/Version24000Date20211213081604.php diff --git a/core/Migrations/Version23000Date20210906132259.php b/core/Migrations/Version23000Date20210906132259.php index 26d18edc8f10a..d4476a4d36d94 100644 --- a/core/Migrations/Version23000Date20210906132259.php +++ b/core/Migrations/Version23000Date20210906132259.php @@ -11,8 +11,6 @@ use OCP\Migration\SimpleMigrationStep; class Version23000Date20210906132259 extends SimpleMigrationStep { - private const TABLE_NAME = 'ratelimit_entries'; - /** * @param IOutput $output * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` @@ -20,24 +18,29 @@ class Version23000Date20210906132259 extends SimpleMigrationStep { * @return null|ISchemaWrapper */ public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { - /** @var ISchemaWrapper $schema */ - $schema = $schemaClosure(); - - $hasTable = $schema->hasTable(self::TABLE_NAME); - - if (!$hasTable) { - $table = $schema->createTable(self::TABLE_NAME); - $table->addColumn('hash', Types::STRING, [ - 'notnull' => true, - 'length' => 128, - ]); - $table->addColumn('delete_after', Types::DATETIME, [ - 'notnull' => true, - ]); - $table->addIndex(['hash'], 'ratelimit_hash'); - $table->addIndex(['delete_after'], 'ratelimit_delete_after'); - return $schema; - } + /** + * Table was missing a primary key + * Therefore it was dropped with Version24000Date20211213081506 + * and then recreated with a primary key in Version24000Date20211213081604 + */ +// /** @var ISchemaWrapper $schema */ +// $schema = $schemaClosure(); +// +// $hasTable = $schema->hasTable(self::TABLE_NAME); +// +// if (!$hasTable) { +// $table = $schema->createTable(self::TABLE_NAME); +// $table->addColumn('hash', Types::STRING, [ +// 'notnull' => true, +// 'length' => 128, +// ]); +// $table->addColumn('delete_after', Types::DATETIME, [ +// 'notnull' => true, +// ]); +// $table->addIndex(['hash'], 'ratelimit_hash'); +// $table->addIndex(['delete_after'], 'ratelimit_delete_after'); +// return $schema; +// } return null; } diff --git a/core/Migrations/Version24000Date20211213081506.php b/core/Migrations/Version24000Date20211213081506.php new file mode 100644 index 0000000000000..dd9d2626e1849 --- /dev/null +++ b/core/Migrations/Version24000Date20211213081506.php @@ -0,0 +1,50 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\Core\Migrations; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version24000Date20211213081506 extends SimpleMigrationStep { + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $hasTable = $schema->hasTable('ratelimit_entries'); + if ($hasTable) { + $schema->dropTable('ratelimit_entries'); + return $schema; + } + + return null; + } +} diff --git a/core/Migrations/Version24000Date20211213081604.php b/core/Migrations/Version24000Date20211213081604.php new file mode 100644 index 0000000000000..38ceba93b2e99 --- /dev/null +++ b/core/Migrations/Version24000Date20211213081604.php @@ -0,0 +1,66 @@ + + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + */ + +namespace OC\Core\Migrations; + +use Closure; +use OCP\DB\ISchemaWrapper; +use OCP\DB\Types; +use OCP\Migration\IOutput; +use OCP\Migration\SimpleMigrationStep; + +class Version24000Date20211213081604 extends SimpleMigrationStep { + /** + * @param IOutput $output + * @param Closure $schemaClosure The `\Closure` returns a `ISchemaWrapper` + * @param array $options + * @return null|ISchemaWrapper + */ + public function changeSchema(IOutput $output, Closure $schemaClosure, array $options): ?ISchemaWrapper { + /** @var ISchemaWrapper $schema */ + $schema = $schemaClosure(); + + $hasTable = $schema->hasTable('ratelimit_entries'); + + if (!$hasTable) { + $table = $schema->createTable('ratelimit_entries'); + $table->addColumn('id', Types::BIGINT, [ + 'autoincrement' => true, + 'notnull' => true, + ]); + $table->addColumn('hash', Types::STRING, [ + 'notnull' => true, + 'length' => 128, + ]); + $table->addColumn('delete_after', Types::DATETIME, [ + 'notnull' => true, + ]); + $table->setPrimaryKey(['id']); + $table->addIndex(['hash'], 'ratelimit_hash'); + $table->addIndex(['delete_after'], 'ratelimit_delete_after'); + return $schema; + } + + return null; + } +} From 4fe5cef95a7b508a7ddf6eb21335363d984da3a6 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Mon, 13 Dec 2021 09:28:35 +0100 Subject: [PATCH 2/4] Make the DB query simpler (as we just deleted all other entries) Signed-off-by: Joas Schilling --- lib/private/Security/RateLimiting/Backend/DatabaseBackend.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php b/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php index 1415b5c4131c3..ea4bd87d6cd9a 100644 --- a/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php +++ b/lib/private/Security/RateLimiting/Backend/DatabaseBackend.php @@ -82,9 +82,6 @@ private function getExistingAttemptCount( ->from(self::TABLE_NAME) ->where( $qb->expr()->eq('hash', $qb->createNamedParameter($identifier, IQueryBuilder::PARAM_STR)) - ) - ->andWhere( - $qb->expr()->gte('delete_after', $qb->createNamedParameter($currentTime, IQueryBuilder::PARAM_DATE)) ); $cursor = $qb->executeQuery(); From 1e2e3d118c33446254aaa9077bb66808ec1b9b0a Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 10 Mar 2022 14:21:44 +0100 Subject: [PATCH 3/4] Update autoloader Signed-off-by: Joas Schilling --- lib/composer/composer/autoload_classmap.php | 2 ++ lib/composer/composer/autoload_static.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 203079853d84e..c16cfbf0dfbf0 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -971,6 +971,8 @@ 'OC\\Core\\Migrations\\Version21000Date20210309185127' => $baseDir . '/core/Migrations/Version21000Date20210309185127.php', 'OC\\Core\\Migrations\\Version22000Date20210216080825' => $baseDir . '/core/Migrations/Version22000Date20210216080825.php', 'OC\\Core\\Migrations\\Version23000Date20210906132259' => $baseDir . '/core/Migrations/Version23000Date20210906132259.php', + 'OC\\Core\\Migrations\\Version24000Date20211213081506' => $baseDir . '/core/Migrations/Version24000Date20211213081506.php', + 'OC\\Core\\Migrations\\Version24000Date20211213081604' => $baseDir . '/core/Migrations/Version24000Date20211213081604.php', 'OC\\Core\\Migrations\\Version24000Date20211230140012' => $baseDir . '/core/Migrations/Version24000Date20211230140012.php', 'OC\\Core\\Notification\\CoreNotifier' => $baseDir . '/core/Notification/CoreNotifier.php', 'OC\\Core\\Service\\LoginFlowV2Service' => $baseDir . '/core/Service/LoginFlowV2Service.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index 7e74dff2f22bc..dc08e6ed639c6 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -1000,6 +1000,8 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c 'OC\\Core\\Migrations\\Version21000Date20210309185127' => __DIR__ . '/../../..' . '/core/Migrations/Version21000Date20210309185127.php', 'OC\\Core\\Migrations\\Version22000Date20210216080825' => __DIR__ . '/../../..' . '/core/Migrations/Version22000Date20210216080825.php', 'OC\\Core\\Migrations\\Version23000Date20210906132259' => __DIR__ . '/../../..' . '/core/Migrations/Version23000Date20210906132259.php', + 'OC\\Core\\Migrations\\Version24000Date20211213081506' => __DIR__ . '/../../..' . '/core/Migrations/Version24000Date20211213081506.php', + 'OC\\Core\\Migrations\\Version24000Date20211213081604' => __DIR__ . '/../../..' . '/core/Migrations/Version24000Date20211213081604.php', 'OC\\Core\\Migrations\\Version24000Date20211230140012' => __DIR__ . '/../../..' . '/core/Migrations/Version24000Date20211230140012.php', 'OC\\Core\\Notification\\CoreNotifier' => __DIR__ . '/../../..' . '/core/Notification/CoreNotifier.php', 'OC\\Core\\Service\\LoginFlowV2Service' => __DIR__ . '/../../..' . '/core/Service/LoginFlowV2Service.php', From c818ac6de4bd631e57772e3602fba1eaff180ff6 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 10 Mar 2022 14:24:15 +0100 Subject: [PATCH 4/4] Bump version Signed-off-by: Joas Schilling --- version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.php b/version.php index 80623f2ff45e4..3c58ce2f0253f 100644 --- a/version.php +++ b/version.php @@ -30,7 +30,7 @@ // between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel // when updating major/minor version number. -$OC_Version = [22, 2, 5, 1]; +$OC_Version = [22, 2, 5, 2]; // The human readable string $OC_VersionString = '22.2.5';