From af8bc01df1dc1af0ceab96ea7a51a0aa4031f06d Mon Sep 17 00:00:00 2001
From: Ulf Gebhardt <ulf.gebhardt@webcraft-media.de>
Date: Thu, 20 Jan 2022 14:02:16 +0100
Subject: [PATCH] plug holes in login_user_backups

---
 .../0011-login_user_backups_plug_holes.ts     | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 database/migrations/0011-login_user_backups_plug_holes.ts

diff --git a/database/migrations/0011-login_user_backups_plug_holes.ts b/database/migrations/0011-login_user_backups_plug_holes.ts
new file mode 100644
index 000000000..08520996f
--- /dev/null
+++ b/database/migrations/0011-login_user_backups_plug_holes.ts
@@ -0,0 +1,19 @@
+/* MIGRATION TO CLEAN PRODUCTION DATA
+ *
+ * cleanup the login_user_backups table as far a possible.
+ * Since the passphrase changed and its type is not detectable
+ * this whole thing is a pitfall
+ */
+
+export async function upgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  // Delete data with no reference in login_users table
+  await queryFn(`DELETE FROM login_user_backups WHERE user_id NOT IN (SELECT id FROM login_users)`)
+  // Searching for users with a missing password and a backup entry
+  // `SELECT * FROM login_user_backups WHERE user_id IN (SELECT id FROM login_users WHERE password = 0)`
+  // results in only new users with the proper passphrase scheme - luckily we seem to be good on this one
+  // 142 entries in total are found and every entry has type 2 (new one).
+}
+
+export async function downgrade(queryFn: (query: string, values?: any[]) => Promise<Array<any>>) {
+  return [] // cannot undelete things
+}