Skip to content

N°9772 - Migrating token's data in webhooks to avoid setup errors#30

Open
steffunky wants to merge 4 commits into
masterfrom
issue/9772-migration-token-data
Open

N°9772 - Migrating token's data in webhooks to avoid setup errors#30
steffunky wants to merge 4 commits into
masterfrom
issue/9772-migration-token-data

Conversation

@steffunky

Copy link
Copy Markdown
Member

Base information

Question Answer
Related to a SourceForge thread / Another PR / Combodo ticket? N°9772
Type of change? Bug fix

Symptom (bug)

When updating to a recent iTop version with existing RemoteiTopConnectionToken, setup crashes as follow:

query = ALTER TABLE `remoteitopconnectiontoken` CHANGE `token` `token` VARCHAR(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci DEFAULT '', mysql_errno = 1366, mysql_error = Incorrect string value: '\xECn\xF3\xBC\x0F\xC4...' for column `sumitsud`.`remoteitopconnectiontoken`.`token` at row 1

Reproduction procedure (bug)

  1. On iTop 3.1.3 with combodo-webhook-integration < 1.4.2
  2. Create a webhook notification with one or multiple RemoteiTopConnectionToken
  3. Upgrade iTop to 3.2.2 with combodo-webhook-integration >= 1.4.2
  4. Finally, see that the setup doesn't pass

Cause (bug)

In v1.4.2 due to bug N°7875 unexpected revert, the token attribute went from AttributeEncryptedString to AttributeEncryptedPassword to AttributeString in a matter of a single version.

Data went from encrypted tinyblob to clear VARCHAR(255), bringing potential invalid characters to a varchar column

Proposed solution

This pull request add a migration step as a BeforeDatabaseCreation method that tries to decrypt token data if it's part of a *blob column, and the update the token column data with the clear value.
This lead column type migration that happens later to work

Checklist before requesting a review

  • I have performed a self-review of my code
  • I have tested all changes I made on an iTop instance
  • Would a unit test be relevant and have I added it?
  • Is the PR clear and detailed enough so anyone can understand without digging in the code?

Workaround

A workaround to this issue:

  1. While still with combodo-webhook-integration < 1.4.2, export your RemoteiTopConnectionToken with a CSV export
  2. Clear your database token column
  3. Upgrade you combodo-webhook-integration while token column is empty
  4. Import back your RemoteiTopConnectionToken so the token column is populated with the clear data
Screenshot From 2026-07-13 09-51-07 Screenshot From 2026-07-13 09-50-46 Screenshot From 2026-07-13 09-51-17 Screenshot From 2026-07-13 09-51-24 Screenshot From 2026-07-13 09-54-19 Screenshot From 2026-07-13 09-54-46 Screenshot From 2026-07-13 09-54-54

Copilot AI review requested due to automatic review settings July 13, 2026 09:33
@CombodoApplicationsAccount CombodoApplicationsAccount added the internal Work made by Combodo label Jul 13, 2026
@steffunky steffunky requested a review from Molkobain July 13, 2026 09:35
@steffunky steffunky self-assigned this Jul 13, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a setup migration to decrypt legacy webhook tokens before converting their database column to a string.

Changes:

  • Detects legacy blob-backed token columns.
  • Decrypts and rewrites existing token values.
  • Aborts migration when decryption fails.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread module.combodo-webhook-integration.php Outdated
Comment thread module.combodo-webhook-integration.php Outdated
@Molkobain Molkobain requested review from Hipska and bdalsass July 13, 2026 13:22
Comment thread module.combodo-webhook-integration.php Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment on lines +131 to +142
foreach ($aRows as $aRow) {
$iId = (int) $aRow['id'];
$sEncryptedValue = $aRow['token'];

// Try to decrypt token raw value
try {
$sDecryptedValue = $oSimpleCrypt->Decrypt($sEncryptionKey, $sEncryptedValue);
} catch (Exception $e) {
$aFailedIds[] = $iId;
SetupLog::Error("| Token migration failed for id={$iId}: {$e->getMessage()}");
continue;
}

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First part done, second part seems a bit overkill as it only work for unstable database state

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

internal Work made by Combodo

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants