diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index c27fab7..4923484 100644 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -65,6 +65,8 @@ class Standard extends \Baikal\Model\Config { "cal_enabled" => true, "dav_auth_type" => "Digest", "admin_passwordhash" => "", + // While not editable as will change admin & any existing user passwords, + // could be set to different value when migrating from legacy config "auth_realm" => "BaikalDAV", "base_uri" => "" ]; @@ -146,7 +148,7 @@ class Standard extends \Baikal\Model\Config { if ($sProp === "admin_passwordhash" && $sValue !== "") { parent::set( "admin_passwordhash", - \BaikalAdmin\Core\Auth::hashAdminPassword($sValue) + \BaikalAdmin\Core\Auth::hashAdminPassword($sValue, $this->aData["auth_realm"]) ); } diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php b/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php index b784736..e88d0be 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php @@ -55,6 +55,10 @@ class Initialize extends \Flake\Core\Controller { $this->oModel->set('invite_from', defined("BAIKAL_INVITE_FROM") ? BAIKAL_INVITE_FROM : ""); $this->oModel->set('dav_auth_type', BAIKAL_DAV_AUTH_TYPE); } + if (file_exists(PROJECT_PATH_SPECIFIC . "config.system.php")) { + require_once PROJECT_PATH_SPECIFIC . "config.system.php"; + $this->oModel->set('auth_realm', BAIKAL_AUTH_REALM); + } $this->oForm = $this->oModel->formForThisModelInstance([ "close" => false diff --git a/Core/Frameworks/BaikalAdmin/Core/Auth.php b/Core/Frameworks/BaikalAdmin/Core/Auth.php index cac930a..2ec8420 100644 --- a/Core/Frameworks/BaikalAdmin/Core/Auth.php +++ b/Core/Frameworks/BaikalAdmin/Core/Auth.php @@ -48,12 +48,13 @@ class Auth { $sUser = \Flake\Util\Tools::POST("login"); $sPass = \Flake\Util\Tools::POST("password"); - $sPassHash = self::hashAdminPassword($sPass); try { $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); } catch (\Exception $e) { error_log('Error reading baikal.yaml file : ' . $e->getMessage()); + return false; } + $sPassHash = self::hashAdminPassword($sPass, $config['system']['auth_realm']); if ($sUser === "admin" && $sPassHash === $config['system']['admin_passwordhash']) { $_SESSION["baikaladminauth"] = md5($config['system']['admin_passwordhash']); @@ -67,16 +68,7 @@ class Auth { unset($_SESSION["baikaladminauth"]); } - static function hashAdminPassword($sPassword) { - try { - $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); - } catch (\Exception $e) { - error_log('Error reading baikal.yaml file : ' . $e->getMessage()); - } - - # Fallback to default value; useful when initializing App, as all constants are not set yet - $sAuthRealm = $config['system']['auth_realm'] ?? "BaikalDAV"; - + static function hashAdminPassword($sPassword, $sAuthRealm) { return hash('sha256', 'admin:' . $sAuthRealm . ':' . $sPassword); } }