Merge pull request #12134 from nextcloud/feat/user-migration

feat: support user migration

Author: ChristophWurst

lib/AppInfo/Application.php

@@ -68,6 +68,7 @@
 use OCA\Mail\Service\UserPreferenceService;
 use OCA\Mail\SetupChecks\MailConnectionPerformance;
 use OCA\Mail\SetupChecks\MailTransport;
+use OCA\Mail\UserMigration\MailAccountMigrator;
 use OCA\Mail\Vendor\Favicon\Favicon;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
@@ -87,6 +88,9 @@
 
 include_once __DIR__ . '/../../vendor/autoload.php';
 
+/**
+ * @codeCoverageIgnore
+ */
 final class Application extends App implements IBootstrap {
 	public const APP_ID = 'mail';
 
@@ -164,6 +168,8 @@ public function register(IRegistrationContext $context): void {
 		$context->registerSetupCheck(MailTransport::class);
 		$context->registerSetupCheck(MailConnectionPerformance::class);
 
+		$context->registerUserMigrator(MailAccountMigrator::class);
+
 		// bypass Horde Translation system
 		Horde_Translation::setHandler('Horde_Imap_Client', new HordeTranslationHandler());
 		Horde_Translation::setHandler('Horde_Mime', new HordeTranslationHandler());

lib/Controller/AccountsController.php

@@ -31,6 +31,7 @@
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\IConfig;
 use OCP\IL10N;
 use OCP\IRequest;
@@ -52,7 +53,8 @@ class AccountsController extends Controller {
 	private IRemoteHostValidator $hostValidator;
 	private MailboxSync $mailboxSync;
 
-	public function __construct(string $appName,
+	public function __construct(
+		string $appName,
 		IRequest $request,
 		AccountService $accountService,
 		$UserId,
@@ -66,6 +68,7 @@ public function __construct(string $appName,
 		IConfig $config,
 		IRemoteHostValidator $hostValidator,
 		MailboxSync $mailboxSync,
+		private ITimeFactory $timeFactory,
 	) {
 		parent::__construct($appName, $request);
 		$this->accountService = $accountService;
@@ -386,6 +389,13 @@ public function create(string $accountName,
 		}
 		try {
 			$account = $this->setup->createNewAccount($accountName, $emailAddress, $imapHost, $imapPort, $imapSslMode, $imapUser, $imapPassword, $smtpHost, $smtpPort, $smtpSslMode, $smtpUser, $smtpPassword, $this->currentUserId, $authMethod, null, $classificationEnabled);
+			// Set initial heartbeat
+			$this->config->setUserValue(
+				$account->getUserId(),
+				Application::APP_ID,
+				'ui-heartbeat',
+				(string)$this->timeFactory->getTime(),
+			);
 		} catch (CouldNotConnectException $e) {
 			$data = [
 				'error' => $e->getReason(),

lib/Db/MailAccount.php

@@ -83,12 +83,12 @@
  * @method void setAuthMethod(string $method)
  * @method int getSignatureMode()
  * @method void setSignatureMode(int $signatureMode)
- * @method string getOauthAccessToken()
+ * @method string|null getOauthAccessToken()
  * @method void setOauthAccessToken(string $token)
- * @method string getOauthRefreshToken()
+ * @method string|null getOauthRefreshToken()
  * @method void setOauthRefreshToken(string $token)
  * @method int|null getOauthTokenTtl()
- * @method void setOauthTokenTtl(int $ttl)
+ * @method void setOauthTokenTtl(int|null $ttl)
  * @method int|null getSmimeCertificateId()
  * @method void setSmimeCertificateId(int|null $smimeCertificateId)
  * @method int|null getQuotaPercentage()
@@ -302,6 +302,7 @@ public function toJson() {
 			'name' => $this->getName(),
 			'order' => $this->getOrder(),
 			'emailAddress' => $this->getEmail(),
+			'authMethod' => $this->getAuthMethod() ?? 'password',
 			'imapHost' => $this->getInboundHost(),
 			'imapPort' => $this->getInboundPort(),
 			'imapUser' => $this->getInboundUser(),

lib/IMAP/IMAPClientFactory.php

@@ -101,9 +101,13 @@ public function getClient(Account $account, bool $useCache = true): Horde_Imap_C
 		];
 		if ($account->getMailAccount()->getAuthMethod() === 'xoauth2') {
 			try {
-				$decryptedAccessToken = $this->crypto->decrypt($account->getMailAccount()->getOauthAccessToken());
+				$oauthAccessToken = $account->getMailAccount()->getOauthAccessToken();
+				if ($oauthAccessToken === null) {
+					throw new ServiceException('Missing access token for xoauth2 account');
+				}
+				$decryptedAccessToken = $this->crypto->decrypt($oauthAccessToken);
 			} catch (Exception $e) {
-				throw new ServiceException('Could not decrypt account password: ' . $e->getMessage(), 0, $e);
+				throw new ServiceException('Could not decrypt account access token: ' . $e->getMessage(), 0, $e);
 			}
 
 			$params['password'] = $decryptedAccessToken; // Not used, but Horde wants this

lib/Integration/GoogleIntegration.php

@@ -119,7 +119,8 @@ public function finishConnect(Account $account,
 	}
 
 	public function refresh(Account $account): Account {
-		if ($account->getMailAccount()->getOauthTokenTtl() === null || $account->getMailAccount()->getOauthRefreshToken() === null) {
+		$oauthRefreshToken = $account->getMailAccount()->getOauthRefreshToken();
+		if ($account->getMailAccount()->getOauthTokenTtl() === null || $oauthRefreshToken === null) {
 			// Account is not authorized yet
 			return $account;
 		}
@@ -137,7 +138,7 @@ public function refresh(Account $account): Account {
 			return $account;
 		}
 
-		$refreshToken = $this->crypto->decrypt($account->getMailAccount()->getOauthRefreshToken());
+		$refreshToken = $this->crypto->decrypt($oauthRefreshToken);
 		$clientSecret = $this->crypto->decrypt($encryptedClientSecret);
 		$httpClient = $this->clientService->newClient();
 		try {

lib/Integration/MicrosoftIntegration.php

@@ -133,7 +133,8 @@ public function finishConnect(Account $account,
 	}
 
 	public function refresh(Account $account): Account {
-		if ($account->getMailAccount()->getOauthTokenTtl() === null || $account->getMailAccount()->getOauthRefreshToken() === null) {
+		$oauthRefreshToken = $account->getMailAccount()->getOauthRefreshToken();
+		if ($account->getMailAccount()->getOauthTokenTtl() === null || $oauthRefreshToken === null) {
 			// Account is not authorized yet
 			return $account;
 		}
@@ -152,7 +153,7 @@ public function refresh(Account $account): Account {
 			return $account;
 		}
 
-		$refreshToken = $this->crypto->decrypt($account->getMailAccount()->getOauthRefreshToken());
+		$refreshToken = $this->crypto->decrypt($oauthRefreshToken);
 		$clientSecret = $this->crypto->decrypt($encryptedClientSecret);
 		$httpClient = $this->clientService->newClient();
 		try {

lib/SMTP/SmtpClientFactory.php

@@ -9,10 +9,12 @@
 
 namespace OCA\Mail\SMTP;
 
+use Exception;
 use Horde_Mail_Transport;
 use Horde_Mail_Transport_Smtphorde;
 use Horde_Smtp_Password_Xoauth2;
 use OCA\Mail\Account;
+use OCA\Mail\Exception\ServiceException;
 use OCA\Mail\Support\HostNameFactory;
 use OCP\IConfig;
 use OCP\Security\ICrypto;
@@ -64,7 +66,15 @@ public function create(Account $account): Horde_Mail_Transport {
 			],
 		];
 		if ($account->getMailAccount()->getAuthMethod() === 'xoauth2') {
-			$decryptedAccessToken = $this->crypto->decrypt($account->getMailAccount()->getOauthAccessToken());
+			try {
+				$oauthAccessToken = $account->getMailAccount()->getOauthAccessToken();
+				if ($oauthAccessToken === null) {
+					throw new ServiceException('Missing access token for xoauth2 account');
+				}
+				$decryptedAccessToken = $this->crypto->decrypt($oauthAccessToken);
+			} catch (Exception $e) {
+				throw new ServiceException('Could not decrypt account access token: ' . $e->getMessage(), 0, $e);
+			}
 
 			$params['password'] = $decryptedAccessToken; // Not used, but Horde wants this
 			$params['xoauth2_token'] = new Horde_Smtp_Password_Xoauth2(

lib/Service/AccountService.php

@@ -11,7 +11,6 @@
 namespace OCA\Mail\Service;
 
 use OCA\Mail\Account;
-use OCA\Mail\AppInfo\Application;
 use OCA\Mail\BackgroundJob\PreviewEnhancementProcessingJob;
 use OCA\Mail\BackgroundJob\QuotaJob;
 use OCA\Mail\BackgroundJob\RepairSyncJob;
@@ -176,14 +175,6 @@ public function save(MailAccount $newAccount): MailAccount {
 		// Insert background jobs for this account
 		$this->scheduleBackgroundJobs($newAccount->getId());
 
-		// Set initial heartbeat
-		$this->config->setUserValue(
-			$newAccount->getUserId(),
-			Application::APP_ID,
-			'ui-heartbeat',
-			(string)$this->timeFactory->getTime(),
-		);
-
 		return $newAccount;
 	}