Sanitize user names on sql-sanitize. #6057
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||
|---|---|---|---|---|
|
|
@@ -8,7 +8,10 @@ | |||
| use Drupal\Core\Database\Query\SelectInterface; | ||||
| use Consolidation\AnnotatedCommand\CommandData; | ||||
| use Consolidation\AnnotatedCommand\Hooks\HookManager; | ||||
| use Drupal\Core\Database\Query\Update; | ||||
| use Drupal\Core\Entity\EntityFieldManagerInterface; | ||||
| use Drupal\Core\Entity\EntityTypeManagerInterface; | ||||
| use Drupal\Core\Entity\Sql\SqlEntityStorageInterface; | ||||
| use Drupal\Core\Password\PasswordInterface; | ||||
| use Drush\Attributes as CLI; | ||||
| use Drush\Commands\AutowireTrait; | ||||
|
|
@@ -27,7 +30,8 @@ final class SanitizeUserTableCommands extends DrushCommands implements SanitizeP | |||
| public function __construct( | ||||
| protected Connection $database, | ||||
| protected PasswordInterface $passwordHasher, | ||||
| protected EntityTypeManagerInterface $entityTypeManager, | ||||
| protected EntityFieldManagerInterface $entityFieldManager | ||||
| ) { | ||||
| parent::__construct(); | ||||
| } | ||||
|
|
@@ -80,6 +84,20 @@ public function sanitize($result, CommandData $commandData): void | |||
| $messages[] = dt('User emails sanitized.'); | ||||
| } | ||||
|
|
||||
| // Sanitize username. | ||||
| if ($this->isEnabled($options['sanitize-username'])) { | ||||
| [$name_table, $name_column] = $this->getFieldTableDetails('user', 'name'); | ||||
| [$uid_table, $uid_column] = $this->getFieldTableDetails('user', 'uid'); | ||||
| assert($uid_table === $name_table); | ||||
|
|
||||
| // Updates usernames to the pattern user_%uid. | ||||
| $query | ||||
| ->condition($uid_column, 0, '>') | ||||
|
There was a problem hiding this comment. That condition's already added further up.
Suggested change
|
||||
| ->expression($name_column, "CONCAT('user_', $uid_column)"); | ||||
|
There was a problem hiding this comment. Looking at the email code, it appears we'd need a different format for different DB drivers I think? |
||||
|
|
||||
| $messages[] = dt("Usernames sanitized."); | ||||
| } | ||||
|
|
||||
| if (!empty($options['ignored-roles'])) { | ||||
| $roles = explode(',', $options['ignored-roles']); | ||||
| /** @var SelectInterface $roles_query */ | ||||
|
|
@@ -108,8 +126,9 @@ public function sanitize($result, CommandData $commandData): void | |||
| #[CLI\Hook(type: HookManager::OPTION_HOOK, target: SanitizeCommands::SANITIZE)] | ||||
| #[CLI\Option(name: 'sanitize-email', description: 'The pattern for test email addresses in the sanitization operation, or <info>no</info> to keep email addresses unchanged. May contain replacement patterns <info>%uid</info>, <info>%mail</info> or <info>%name</info>.')] | ||||
| #[CLI\Option(name: 'sanitize-password', description: 'By default, passwords are randomized. Specify <info>no</info> to disable that. Specify any other value to set all passwords to that value.')] | ||||
| #[CLI\Option(name: 'sanitize-username', description: 'Sanitizes usernames replacing the originals with user_UID.')] | ||||
| #[CLI\Option(name: 'ignored-roles', description: 'A comma delimited list of roles. Users with at least one of the roles will be exempt from sanitization.')] | ||||
| public function options($options = ['sanitize-email' => 'user+%[email protected]', 'sanitize-password' => null, 'sanitize-username' => 'no', 'ignored-roles' => null]): void | ||||
| { | ||||
| } | ||||
|
|
||||
|
|
@@ -123,11 +142,45 @@ public function messages(&$messages, InputInterface $input): void | |||
| if ($this->isEnabled($options['sanitize-email'])) { | ||||
| $messages[] = dt('Sanitize user emails.'); | ||||
| } | ||||
| if ($this->isEnabled($options['sanitize-username'])) { | ||||
| $messages[] = dt('Sanitize usernames.'); | ||||
| } | ||||
| if (in_array('ignored-roles', $options)) { | ||||
| $messages[] = dt('Preserve user emails and passwords for the specified roles.'); | ||||
| } | ||||
| } | ||||
|
|
||||
| /** | ||||
| * Gets database details for a given field. | ||||
| * | ||||
| * It returns the field table name and main property column name. | ||||
| * | ||||
| * @param string $entity_type_id | ||||
| * The entity type ID the field's attached to. | ||||
| * @param string $field_name | ||||
| * The field name. | ||||
| * | ||||
| * @return array | ||||
| * An indexed array, containing: | ||||
| * - the table name; | ||||
| * - the column name. | ||||
| */ | ||||
| protected function getFieldTableDetails(string $entity_type_id, string $field_name): array | ||||
| { | ||||
| $storage = $this->entityTypeManager->getStorage($entity_type_id); | ||||
| if (!$storage instanceof SqlEntityStorageInterface) { | ||||
| $context = ['!entity_type_id' => $entity_type_id]; | ||||
| throw new \Exception(dt("Unable to get !entity_type_id table mapping details, its storage doesn't implement \Drupal\Core\Entity\Sql\SqlEntityStorageInterface.", $context)); | ||||
| } | ||||
| $mapping = $storage->getTableMapping(); | ||||
| $table = $mapping->getFieldTableName($field_name); | ||||
| $columns = $mapping->getColumnNames($field_name); | ||||
| $definitions = $this->entityFieldManager->getFieldStorageDefinitions($entity_type_id); | ||||
| $main_property = $definitions[$field_name]->getMainPropertyName(); | ||||
|
|
||||
| return [$table, $columns[$main_property]]; | ||||
| } | ||||
|
|
||||
| /** | ||||
| * Test an option value to see if it is disabled. | ||||
| */ | ||||
|
|
||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FWIW to my mind this clashes a little with the existing style where the table and column names have been hardcoded. Not sure if that means it's better to stick with the current style or update the others personally (:
If we do keep it, I think we need to catch any exceptions, we don't want to explode the sanitize command as a whole.