Can't migrate encryption keys (oc7 -> oc8) for users using IMAP auth.

[muppeth]

Like in the title. I tried migrating keys using occ but seems like the only table being used is oc_users. All my users use user_external (IMAP authentication) so they are in oc_users_external. Any hint on how to modify migration script to look at other table? where is the script located?

[DeepDiver1975]

Hmm .... we need to have a look into this.

Note to self: just another case of we-need-one-central-user-table-in-the-db

[MorrisJobke]

Note to self: just another case of we-need-one-central-user-table-in-the-db

No. We need code, that properly uses the public APIs for retrieval of users and not some "we use simple SQL, because it's the way we did it 10 years ago so it should work"

[MorrisJobke]

Looks good so far in the migration code:

core/apps/files_encryption/lib/migration.php

Line 49 in 485d415

$users = \OCP\User::getUsers('', $limit, $offset);

[MorrisJobke]

Also the backend setup looks good:

core/lib/private/user.php

Line 170 in 5f66f86

public static function setupBackends() {

[MorrisJobke]

@icewind1991 Do you want to check what is broken here?

[DeepDiver1975]

Most probably the app is not loaded.

[DeepDiver1975]

Morris: think before rant please. We had issues in this area with many user backends. The issue is bigger then publuc apis.

Operations like this key migration or counting users in group etc rely on the backend being available at any time - temporary downtime in such scenarios are dangerous.

We discussed this already in the past: all user information has to available at any time under any condition. Therefore we need s central storage of user data.

[muppeth]

The app (external user backed) seems to be on. At least thats what occ says. I do red somewhwere that backends are off while in maintenance mode although I'm not sure of that statement.

[MorrisJobke]

We discussed this already in the past: all user information has to available at any time under any condition. Therefore we need s central storage of user data.

I guess a central storage isn't possible, but rather the backends need to add this caching mechanism to provide the needed info when the backend service isn't available. Or is this also bad?

[DeepDiver1975]

The central storage is possible. As soon as a user authenticates we can add the one to a new table - let's call it oc-accounts.

This table can then hold further information about a user like display name, email, auth backends and so on.

In case an auth backend is offline we still know the user and can act accordingly.
This needs further thinking but thats the basic idea.

[muppeth]

in that case if the server is in maintenance mode is the external user backend off or not? occ says it is enabled but I'm not so sure. If so, can the migration be run on the server with maintenance mode on.

[muppeth]

if I try to migrate the keys with maintenance mode off i get:

An unhandled exception has been thrown:
exception 'OCA\Files_Encryption\Exception\EncryptionException' with message 'Could not determine user' in /var/www/owncloud/apps/files_encryption/lib/helper.php:306
Stack trace:
#0 /var/www/owncloud/apps/files_encryption/lib/helper.php(283): OCA\Files_Encryption\Helper::getUserFromPath('/news/config')
#1 /var/www/owncloud/apps/files_encryption/lib/proxy.php(327): OCA\Files_Encryption\Helper::getUser('/news/config')
#2 /var/www/owncloud/apps/files_encryption/lib/proxy.php(309): OCA\Files_Encryption\Proxy->postFileSize('/news/config', 0, Array)
#3 /var/www/owncloud/lib/private/fileproxy.php(124): OCA\Files_Encryption\Proxy->postGetFileInfo('/news/config', Array)
#4 /var/www/owncloud/lib/private/files/view.php(1016): OC_FileProxy::runPostProxies('getFileInfo', '/news/config', Array)
#5 /var/www/owncloud/lib/private/files/node/node.php(61): OC\Files\View->getFileInfo('/news/config')
#6 /var/www/owncloud/lib/private/files/node/node.php(202): OC\Files\Node\Node->getFileInfo()
#7 /var/www/owncloud/lib/private/files/node/node.php(85): OC\Files\Node\Node->getPermissions()
#8 /var/www/owncloud/lib/private/files/node/folder.php(204): OC\Files\Node\Node->checkPermissions(4)
#9 /var/www/owncloud/apps/news/config/config.php(180): OC\Files\Node\Folder->newFile('config.ini')
#10 /var/www/owncloud/apps/news/appinfo/application.php(108): OCA\News\Config\Config->read('config.ini', true)
#11 /var/www/owncloud/3rdparty/pimple/pimple/src/Pimple/Container.php(112): OCA\News\AppInfo\Application->OCA\News\AppInfo\{closure}(Object(OC\AppFramework\DependencyInjection\DIContainer))
#12 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(91): Pimple\Container->offsetGet('OCA\\News\\Config...')
#13 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(55): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Config...')
#14 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(73): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#15 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(93): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Servic...')
#16 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(55): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Servic...')
#17 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(73): OC\AppFramework\Utility\SimpleContainer->buildClass(Object(ReflectionClass))
#18 /var/www/owncloud/lib/private/appframework/utility/simplecontainer.php(93): OC\AppFramework\Utility\SimpleContainer->resolve('OCA\\News\\Comman...')
#19 /var/www/owncloud/apps/news/appinfo/register_command.php(14): OC\AppFramework\Utility\SimpleContainer->query('OCA\\News\\Comman...')
#20 /var/www/owncloud/console.php(57): require('/var/www/ownclo...')
#21 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')

[PVince81]

@muppeth is this still an issue with more recent versions ?

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.