Enhancement / fix: include social accounts and api tokens in export (#8016)

diff --git a/src/documents/management/commands/document_exporter.py b/src/documents/management/commands/document_exporter.py
index 3d7352c1a48f128f21ed8e116dcc05e9dca459c3..6a23a701a5f829630bb79511539daa6739acf459 100644 (file)
--- a/src/documents/management/commands/document_exporter.py
+++ b/src/documents/management/commands/document_exporter.py
@@ -8,6 +8,9 @@ from pathlib import Path
 from typing import TYPE_CHECKING
 
 import tqdm
+from allauth.socialaccount.models import SocialAccount
+from allauth.socialaccount.models import SocialApp
+from allauth.socialaccount.models import SocialToken
 from django.conf import settings
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
@@ -21,6 +24,7 @@ from django.utils import timezone
 from filelock import FileLock
 from guardian.models import GroupObjectPermission
 from guardian.models import UserObjectPermission
+from rest_framework.authtoken.models import Token
 
 if TYPE_CHECKING:
     from django.db.models import QuerySet
@@ -264,6 +268,10 @@ class Command(CryptMixin, BaseCommand):
             "app_configs": ApplicationConfiguration.objects.all(),
             "notes": Note.objects.all(),
             "documents": Document.objects.order_by("id").all(),
+            "social_accounts": SocialAccount.objects.all(),
+            "social_apps": SocialApp.objects.all(),
+            "social_tokens": SocialToken.objects.all(),
+            "auth_tokens": Token.objects.all(),
         }
 
         if settings.AUDIT_LOG_ENABLED:
@@ -557,15 +565,18 @@ class Command(CryptMixin, BaseCommand):
                 crypt_fields = crypt_config["fields"]
                 for manifest_record in manifest[exporter_key]:
                     for field in crypt_fields:
-                        manifest_record["fields"][field] = self.encrypt_string(
-                            value=manifest_record["fields"][field],
-                        )
-
-        elif MailAccount.objects.count() > 0:
+                        if manifest_record["fields"][field]:
+                            manifest_record["fields"][field] = self.encrypt_string(
+                                value=manifest_record["fields"][field],
+                            )
+
+        elif (
+            MailAccount.objects.count() > 0
+            or SocialToken.objects.count() > 0
+            or Token.objects.count() > 0
+        ):
             self.stdout.write(
                 self.style.NOTICE(
-                    "You have configured mail accounts, "
-                    "but no passphrase was given. "
-                    "Passwords will be in plaintext",
+                    "No passphrase was given, sensitive fields will be in plaintext",
                 ),
             )

diff --git a/src/documents/management/commands/document_importer.py b/src/documents/management/commands/document_importer.py
index a402466f47b98fa8d52b436dc7110e10f8d971b0..08812e9d0837977e66b5565b33f77df4537aaccd 100644 (file)
--- a/src/documents/management/commands/document_importer.py
+++ b/src/documents/management/commands/document_importer.py
@@ -414,9 +414,10 @@ class Command(CryptMixin, BaseCommand):
                 ):
                     had_at_least_one_record = True
                     for field in crypt_fields:
-                        record["fields"][field] = self.decrypt_string(
-                            value=record["fields"][field],
-                        )
+                        if record["fields"][field]:
+                            record["fields"][field] = self.decrypt_string(
+                                value=record["fields"][field],
+                            )
 
             if had_at_least_one_record:
                 # It's annoying, but the DB is loaded from the JSON directly

diff --git a/src/documents/management/commands/mixins.py b/src/documents/management/commands/mixins.py
index 212ecf5976732edf05c492de12d8915c65ddc045..be0256ed6f8463e8f184af0b1ad70ea076ef81a2 100644 (file)
--- a/src/documents/management/commands/mixins.py
+++ b/src/documents/management/commands/mixins.py
@@ -97,6 +97,22 @@ class CryptMixin:
             "model_name": "paperless_mail.mailaccount",
             "fields": [
                 "password",
+                "refresh_token",
+            ],
+        },
+        {
+            "exporter_key": "social_tokens",
+            "model_name": "socialaccount.socialtoken",
+            "fields": [
+                "token",
+                "token_secret",
+            ],
+        },
+        {
+            "exporter_key": "auth_tokens",
+            "model_name": "authtoken.token",
+            "fields": [
+                "key",
             ],
         },
     ]

diff --git a/src/documents/tests/test_management_exporter.py b/src/documents/tests/test_management_exporter.py
index 74431bdae911a1051bb406f153044d981fe1dcd0..ff514a7d67d208225a8f58d3fffb4e0657a09145 100644 (file)
--- a/src/documents/tests/test_management_exporter.py
+++ b/src/documents/tests/test_management_exporter.py
@@ -971,10 +971,6 @@ class TestCryptExportImport(
         )
         stdout.seek(0)
         self.assertIn(
-            (
-                "You have configured mail accounts, "
-                "but no passphrase was given. "
-                "Passwords will be in plaintext"
-            ),
+            ("No passphrase was given, sensitive fields will be in plaintext"),
             stdout.read(),
         )