From ca8ddd34a77bf4b16feef977f9382368ad389dba Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Thu, 30 Apr 2026 15:00:56 +0200
Subject: [PATCH] fix(ente): replace fragile HMAC email lookup with
 user_id-based admin/subscription setup

---
 install/ente-install.sh | 116 ++++++++++++++++++----------------------
 1 file changed, 53 insertions(+), 63 deletions(-)

diff --git a/install/ente-install.sh b/install/ente-install.sh
index 95ee288c..8662183f 100644
--- a/install/ente-install.sh
+++ b/install/ente-install.sh
@@ -19,8 +19,7 @@ $STD apt install -y \
   libsodium-dev \
   pkg-config \
   caddy \
-  gcc \
-  xxd
+  gcc
 msg_ok "Installed Dependencies"
 
 PG_VERSION="17" setup_postgresql
@@ -359,29 +358,11 @@ run_psql_exec() {
   sudo -u postgres psql -d "$DB_NAME" -c "$1" 2>/dev/null
 }
 
-compute_email_hash() {
-  local email_lower hash_b64 hash_hex
-  email_lower=$(printf '%s' "$1" | tr '[:upper:]' '[:lower:]')
-  hash_b64=$(awk '/^key:/{f=1;next} /^[^[:space:]]/{f=0} f && /hash:/{print $2}' /opt/ente/server/museum.yaml | tr -d '"'"'")
-  hash_hex=$(printf '%s' "$hash_b64" | base64 -d | xxd -p -c 256 | tr -d '\n')
-  printf '%s' "$email_lower" | openssl dgst -sha256 -mac HMAC -macopt hexkey:"$hash_hex" -binary | base64 -w0
-}
-
 echo "=== Ente First-Time Setup ==="
-echo ""
-read -r -p "Enter your account email: " EMAIL
-
-if [[ -z "$EMAIL" ]]; then
-  echo "Error: Email is required."
-  exit 1
-fi
-
 echo ""
 echo "Step 1/4: Register your account"
 echo "  Open the web UI: http://${LOCAL_IP}:3000"
-echo "  Create an account with: ${EMAIL}"
-echo ""
-echo "  Make sure you click 'Don't have an account?' and complete the signup form."
+echo "  Click 'Don't have an account?' and submit the signup form."
 echo ""
 read -r -p "Press ENTER after you submitted the signup form..."
 
@@ -391,41 +372,38 @@ CODE=""
 for i in 1 2 3; do
   sleep 3
   CODE=$(journalctl -u ente-museum --no-pager -n 200 | grep -oP 'Verification code: \K\d+' | tail -1)
-  if [[ -n "$CODE" ]]; then
-    break
-  fi
+  [[ -n "$CODE" ]] && break
   echo "  Attempt ${i}/3: Code not found yet, waiting..."
 done
 
 if [[ -n "$CODE" ]]; then
   echo ""
   echo "  Your verification code: ${CODE}"
-  echo "  Enter this code in the web UI to complete registration."
+  echo "  Enter this code in the web UI and finish the key/passphrase setup."
 else
   echo ""
-  echo "  Could not find the verification code automatically."
-  echo "  This usually means the signup form was not submitted yet."
-  echo ""
-  echo "  Are you sure you entered '${EMAIL}' and clicked 'Create account'?"
-  echo "  You can check manually with: ente-get-verification"
+  echo "  Could not find a verification code automatically."
+  echo "  Run 'ente-get-verification' manually if needed."
 fi
 echo ""
-read -r -p "Press ENTER after you verified the code in the web UI..."
+read -r -p "Press ENTER once registration is fully complete in the web UI..."
 
 echo ""
-echo "Step 3/4: Looking up user and whitelisting admin..."
-EMAIL_HASH=$(compute_email_hash "$EMAIL")
-USER_ID=$(run_psql "SELECT user_id FROM users WHERE email_hash = '${EMAIL_HASH//\'/\'\'}';")
-
-if [[ -z "$USER_ID" ]]; then
-  echo "  Warning: User '${EMAIL}' not found in database."
-  echo "  Make sure registration was completed successfully."
-  echo ""
-  echo "=== Setup incomplete ==="
-  echo "After completing registration, run ente-setup again."
+echo "Step 3/4: Locating your user account..."
+USER_COUNT=$(run_psql "SELECT count(*) FROM users;")
+if [[ "$USER_COUNT" == "0" ]]; then
+  echo "  No users found in the database."
+  echo "  Registration was not completed. Run 'ente-setup' again after signup."
   exit 1
 fi
-echo "  Found user ID: ${USER_ID}"
+
+USER_ID=$(run_psql "SELECT user_id FROM users ORDER BY user_id DESC LIMIT 1;")
+echo "  Using most recently registered user (id: ${USER_ID})."
+echo ""
+echo "  All users in database:"
+run_psql_exec "SELECT user_id, creation_time FROM users ORDER BY user_id DESC;"
+echo ""
+read -r -p "Press ENTER to whitelist user ${USER_ID} as admin (or Ctrl-C to abort)..."
 
 if grep -q "internal:" /opt/ente/server/museum.yaml; then
   if ! grep -qF "${USER_ID}" /opt/ente/server/museum.yaml; then
@@ -461,31 +439,43 @@ chmod +x /usr/local/bin/ente-setup
 
 cat <<'EOF' >/usr/local/bin/ente-upgrade-subscription
 #!/usr/bin/env bash
-if [ -z "$1" ]; then
-  echo "Usage: ente-upgrade-subscription <email>"
-  echo "Example: ente-upgrade-subscription user@example.com"
-  exit 1
-fi
-EMAIL="$1"
 DB_NAME="ente_db"
-EMAIL_LOWER=$(printf '%s' "$EMAIL" | tr '[:upper:]' '[:lower:]')
-HASH_B64=$(awk '/^key:/{f=1;next} /^[^[:space:]]/{f=0} f && /hash:/{print $2}' /opt/ente/server/museum.yaml | tr -d '"'"'")
-HASH_HEX=$(printf '%s' "$HASH_B64" | base64 -d | xxd -p -c 256 | tr -d '\n')
-EMAIL_HASH=$(printf '%s' "$EMAIL_LOWER" | openssl dgst -sha256 -mac HMAC -macopt hexkey:"$HASH_HEX" -binary | base64 -w0)
-echo "Upgrading subscription for: $EMAIL"
-USER_ID=$(sudo -u postgres psql -t -d "$DB_NAME" -c "SELECT user_id FROM users WHERE email_hash = '${EMAIL_HASH//\'/\'\'}';")
-USER_ID=$(echo "$USER_ID" | xargs)
-if [[ -z "$USER_ID" ]]; then
-  echo "Error: User not found in database."
+
+run_psql() {
+  sudo -u postgres psql -t -d "$DB_NAME" -c "$1" 2>/dev/null | xargs
+}
+
+run_psql_exec() {
+  sudo -u postgres psql -d "$DB_NAME" -c "$1"
+}
+
+if [[ -z "$1" ]]; then
+  echo "Usage: ente-upgrade-subscription <user_id>"
+  echo ""
+  echo "Available users:"
+  run_psql_exec "SELECT user_id, creation_time FROM users ORDER BY user_id DESC;"
   exit 1
 fi
-ROWS=$(sudo -u postgres psql -t -d "$DB_NAME" -c "SELECT count(*) FROM subscriptions WHERE user_id = ${USER_ID};" | xargs)
-if [[ "$ROWS" == "0" ]]; then
-  sudo -u postgres psql -d "$DB_NAME" -c "INSERT INTO subscriptions (user_id, storage_in_mbs_per_plan, expiry_time, product_id, payment_provider, transaction_id, original_transaction_id) VALUES (${USER_ID}, 10737418240, 2524608000000000, 'self_hosted_unlimited', 'admin', 'admin_setup', 'admin_setup');"
-else
-  sudo -u postgres psql -d "$DB_NAME" -c "UPDATE subscriptions SET storage_in_mbs_per_plan = 10737418240, expiry_time = 2524608000000000 WHERE user_id = ${USER_ID};"
+
+USER_ID="$1"
+if ! [[ "$USER_ID" =~ ^[0-9]+$ ]]; then
+  echo "Error: user_id must be numeric."
+  exit 1
 fi
-echo "Done. Subscription upgraded to unlimited storage for: $EMAIL"
+
+EXISTS=$(run_psql "SELECT count(*) FROM users WHERE user_id = ${USER_ID};")
+if [[ "$EXISTS" != "1" ]]; then
+  echo "Error: user_id ${USER_ID} not found."
+  exit 1
+fi
+
+ROWS=$(run_psql "SELECT count(*) FROM subscriptions WHERE user_id = ${USER_ID};")
+if [[ "$ROWS" == "0" ]]; then
+  run_psql_exec "INSERT INTO subscriptions (user_id, storage_in_mbs_per_plan, expiry_time, product_id, payment_provider, transaction_id, original_transaction_id) VALUES (${USER_ID}, 10737418240, 2524608000000000, 'self_hosted_unlimited', 'admin', 'admin_setup', 'admin_setup');"
+else
+  run_psql_exec "UPDATE subscriptions SET storage_in_mbs_per_plan = 10737418240, expiry_time = 2524608000000000 WHERE user_id = ${USER_ID};"
+fi
+echo "Done. Subscription upgraded to unlimited storage for user_id ${USER_ID}."
 EOF
 chmod +x /usr/local/bin/ente-upgrade-subscription