From 7649903d3c04fb6552c4b3e6600547fd131d4767 Mon Sep 17 00:00:00 2001
From: shamoon <4887959+shamoon@users.noreply.github.com>
Date: Sat, 26 Oct 2024 06:51:22 -0700
Subject: [PATCH] Enhancement / fix: include social accounts and api tokens in
 export (#8016)

---
 .../management/commands/document_exporter.py  | 25 +++++++++++++------
 .../management/commands/document_importer.py  |  7 +++---
 src/documents/management/commands/mixins.py   | 16 ++++++++++++
 .../tests/test_management_exporter.py         |  6 +----
 4 files changed, 39 insertions(+), 15 deletions(-)

diff --git a/src/documents/management/commands/document_exporter.py b/src/documents/management/commands/document_exporter.py
index 3d7352c1a..6a23a701a 100644
--- a/src/documents/management/commands/document_exporter.py
+++ b/src/documents/management/commands/document_exporter.py
@@ -8,6 +8,9 @@ from pathlib import Path
 from typing import TYPE_CHECKING
 
 import tqdm
+from allauth.socialaccount.models import SocialAccount
+from allauth.socialaccount.models import SocialApp
+from allauth.socialaccount.models import SocialToken
 from django.conf import settings
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
@@ -21,6 +24,7 @@ from django.utils import timezone
 from filelock import FileLock
 from guardian.models import GroupObjectPermission
 from guardian.models import UserObjectPermission
+from rest_framework.authtoken.models import Token
 
 if TYPE_CHECKING:
     from django.db.models import QuerySet
@@ -264,6 +268,10 @@ class Command(CryptMixin, BaseCommand):
             "app_configs": ApplicationConfiguration.objects.all(),
             "notes": Note.objects.all(),
             "documents": Document.objects.order_by("id").all(),
+            "social_accounts": SocialAccount.objects.all(),
+            "social_apps": SocialApp.objects.all(),
+            "social_tokens": SocialToken.objects.all(),
+            "auth_tokens": Token.objects.all(),
         }
 
         if settings.AUDIT_LOG_ENABLED:
@@ -557,15 +565,18 @@ class Command(CryptMixin, BaseCommand):
                 crypt_fields = crypt_config["fields"]
                 for manifest_record in manifest[exporter_key]:
                     for field in crypt_fields:
-                        manifest_record["fields"][field] = self.encrypt_string(
-                            value=manifest_record["fields"][field],
-                        )
+                        if manifest_record["fields"][field]:
+                            manifest_record["fields"][field] = self.encrypt_string(
+                                value=manifest_record["fields"][field],
+                            )
 
-        elif MailAccount.objects.count() > 0:
+        elif (
+            MailAccount.objects.count() > 0
+            or SocialToken.objects.count() > 0
+            or Token.objects.count() > 0
+        ):
             self.stdout.write(
                 self.style.NOTICE(
-                    "You have configured mail accounts, "
-                    "but no passphrase was given. "
-                    "Passwords will be in plaintext",
+                    "No passphrase was given, sensitive fields will be in plaintext",
                 ),
             )
diff --git a/src/documents/management/commands/document_importer.py b/src/documents/management/commands/document_importer.py
index a402466f4..08812e9d0 100644
--- a/src/documents/management/commands/document_importer.py
+++ b/src/documents/management/commands/document_importer.py
@@ -414,9 +414,10 @@ class Command(CryptMixin, BaseCommand):
                 ):
                     had_at_least_one_record = True
                     for field in crypt_fields:
-                        record["fields"][field] = self.decrypt_string(
-                            value=record["fields"][field],
-                        )
+                        if record["fields"][field]:
+                            record["fields"][field] = self.decrypt_string(
+                                value=record["fields"][field],
+                            )
 
             if had_at_least_one_record:
                 # It's annoying, but the DB is loaded from the JSON directly
diff --git a/src/documents/management/commands/mixins.py b/src/documents/management/commands/mixins.py
index 212ecf597..be0256ed6 100644
--- a/src/documents/management/commands/mixins.py
+++ b/src/documents/management/commands/mixins.py
@@ -97,6 +97,22 @@ class CryptMixin:
             "model_name": "paperless_mail.mailaccount",
             "fields": [
                 "password",
+                "refresh_token",
+            ],
+        },
+        {
+            "exporter_key": "social_tokens",
+            "model_name": "socialaccount.socialtoken",
+            "fields": [
+                "token",
+                "token_secret",
+            ],
+        },
+        {
+            "exporter_key": "auth_tokens",
+            "model_name": "authtoken.token",
+            "fields": [
+                "key",
             ],
         },
     ]
diff --git a/src/documents/tests/test_management_exporter.py b/src/documents/tests/test_management_exporter.py
index 74431bdae..ff514a7d6 100644
--- a/src/documents/tests/test_management_exporter.py
+++ b/src/documents/tests/test_management_exporter.py
@@ -971,10 +971,6 @@ class TestCryptExportImport(
         )
         stdout.seek(0)
         self.assertIn(
-            (
-                "You have configured mail accounts, "
-                "but no passphrase was given. "
-                "Passwords will be in plaintext"
-            ),
+            ("No passphrase was given, sensitive fields will be in plaintext"),
             stdout.read(),
         )