Enhancement / fix: include social accounts and api tokens in export (#8016)

src/documents/management/commands/document_exporter.py

@@ -8,6 +8,9 @@ from pathlib import Path
 from typing import TYPE_CHECKING
 
 import tqdm
+from allauth.socialaccount.models import SocialAccount
+from allauth.socialaccount.models import SocialApp
+from allauth.socialaccount.models import SocialToken
 from django.conf import settings
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
@@ -21,6 +24,7 @@ from django.utils import timezone
 from filelock import FileLock
 from guardian.models import GroupObjectPermission
 from guardian.models import UserObjectPermission
+from rest_framework.authtoken.models import Token
 
 if TYPE_CHECKING:
     from django.db.models import QuerySet
@@ -264,6 +268,10 @@ class Command(CryptMixin, BaseCommand):
             "app_configs": ApplicationConfiguration.objects.all(),
             "notes": Note.objects.all(),
             "documents": Document.objects.order_by("id").all(),
+            "social_accounts": SocialAccount.objects.all(),
+            "social_apps": SocialApp.objects.all(),
+            "social_tokens": SocialToken.objects.all(),
+            "auth_tokens": Token.objects.all(),
         }
 
         if settings.AUDIT_LOG_ENABLED:
@@ -557,15 +565,18 @@ class Command(CryptMixin, BaseCommand):
                 crypt_fields = crypt_config["fields"]
                 for manifest_record in manifest[exporter_key]:
                     for field in crypt_fields:
+                        if manifest_record["fields"][field]:
                             manifest_record["fields"][field] = self.encrypt_string(
                                 value=manifest_record["fields"][field],
                             )
 
-        elif MailAccount.objects.count() > 0:
+        elif (
+            MailAccount.objects.count() > 0
+            or SocialToken.objects.count() > 0
+            or Token.objects.count() > 0
+        ):
             self.stdout.write(
                 self.style.NOTICE(
-                    "You have configured mail accounts, "
+                    "No passphrase was given, sensitive fields will be in plaintext",
-                    "but no passphrase was given. "
-                    "Passwords will be in plaintext",
                 ),
             )

src/documents/management/commands/document_importer.py

@@ -414,6 +414,7 @@ class Command(CryptMixin, BaseCommand):
                 ):
                     had_at_least_one_record = True
                     for field in crypt_fields:
+                        if record["fields"][field]:
                             record["fields"][field] = self.decrypt_string(
                                 value=record["fields"][field],
                             )

src/documents/management/commands/mixins.py

@@ -97,6 +97,22 @@ class CryptMixin:
             "model_name": "paperless_mail.mailaccount",
             "fields": [
                 "password",
+                "refresh_token",
+            ],
+        },
+        {
+            "exporter_key": "social_tokens",
+            "model_name": "socialaccount.socialtoken",
+            "fields": [
+                "token",
+                "token_secret",
+            ],
+        },
+        {
+            "exporter_key": "auth_tokens",
+            "model_name": "authtoken.token",
+            "fields": [
+                "key",
             ],
         },
     ]

src/documents/tests/test_management_exporter.py

@@ -971,10 +971,6 @@ class TestCryptExportImport(
         )
         stdout.seek(0)
         self.assertIn(
-            (
+            ("No passphrase was given, sensitive fields will be in plaintext"),
-                "You have configured mail accounts, "
-                "but no passphrase was given. "
-                "Passwords will be in plaintext"
-            ),
             stdout.read(),
         )