forks/baikal
1
0
Fork 0
Code Releases Activity

Migrate auth_realm from legacy config.

Browse source
This commit is contained in:
Ben Banfield-Zanin 2020-09-24 21:41:27 +01:00
parent 13d445518d
commit 288f6b61cd
3 changed files with 10 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Core/Frameworks/Baikal/Model/Config/Standard.php
View file

@ -65,6 +65,8 @@ class Standard extends \Baikal\Model\Config {
"cal_enabled" => true, "cal_enabled" => true,
"dav_auth_type" => "Digest", "dav_auth_type" => "Digest",
"admin_passwordhash" => "", "admin_passwordhash" => "",
// While not editable as will change admin & any existing user passwords,
// could be set to different value when migrating from legacy config
"auth_realm" => "BaikalDAV", "auth_realm" => "BaikalDAV",
"base_uri" => "" "base_uri" => ""
]; ];
@ -146,7 +148,7 @@ class Standard extends \Baikal\Model\Config {
if ($sProp === "admin_passwordhash" && $sValue !== "") { if ($sProp === "admin_passwordhash" && $sValue !== "") {
parent::set( parent::set(
"admin_passwordhash", "admin_passwordhash",
\BaikalAdmin\Core\Auth::hashAdminPassword($sValue) \BaikalAdmin\Core\Auth::hashAdminPassword($sValue, $this->aData["auth_realm"])
); );
} }

4
Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php
View file

@ -55,6 +55,10 @@ class Initialize extends \Flake\Core\Controller {
$this->oModel->set('invite_from', defined("BAIKAL_INVITE_FROM") ? BAIKAL_INVITE_FROM : ""); $this->oModel->set('invite_from', defined("BAIKAL_INVITE_FROM") ? BAIKAL_INVITE_FROM : "");
$this->oModel->set('dav_auth_type', BAIKAL_DAV_AUTH_TYPE); $this->oModel->set('dav_auth_type', BAIKAL_DAV_AUTH_TYPE);
} }
if (file_exists(PROJECT_PATH_SPECIFIC . "config.system.php")) {
require_once PROJECT_PATH_SPECIFIC . "config.system.php";
$this->oModel->set('auth_realm', BAIKAL_AUTH_REALM);
}
$this->oForm = $this->oModel->formForThisModelInstance([ $this->oForm = $this->oModel->formForThisModelInstance([
"close" => false "close" => false

14
Core/Frameworks/BaikalAdmin/Core/Auth.php
View file

@ -48,12 +48,13 @@ class Auth {
$sUser = \Flake\Util\Tools::POST("login"); $sUser = \Flake\Util\Tools::POST("login");
$sPass = \Flake\Util\Tools::POST("password"); $sPass = \Flake\Util\Tools::POST("password");
$sPassHash = self::hashAdminPassword($sPass);
try { try {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
} catch (\Exception $e) { } catch (\Exception $e) {
error_log('Error reading baikal.yaml file : ' . $e->getMessage()); error_log('Error reading baikal.yaml file : ' . $e->getMessage());
return false;
} }
$sPassHash = self::hashAdminPassword($sPass, $config['system']['auth_realm']);
if ($sUser === "admin" && $sPassHash === $config['system']['admin_passwordhash']) { if ($sUser === "admin" && $sPassHash === $config['system']['admin_passwordhash']) {
$_SESSION["baikaladminauth"] = md5($config['system']['admin_passwordhash']); $_SESSION["baikaladminauth"] = md5($config['system']['admin_passwordhash']);
@ -67,16 +68,7 @@ class Auth {
unset($_SESSION["baikaladminauth"]); unset($_SESSION["baikaladminauth"]);
} }
static function hashAdminPassword($sPassword) { static function hashAdminPassword($sPassword, $sAuthRealm) {
try {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
} catch (\Exception $e) {
error_log('Error reading baikal.yaml file : ' . $e->getMessage());
}
# Fallback to default value; useful when initializing App, as all constants are not set yet
$sAuthRealm = $config['system']['auth_realm'] ?? "BaikalDAV";
return hash('sha256', 'admin:' . $sAuthRealm . ':' . $sPassword); return hash('sha256', 'admin:' . $sAuthRealm . ':' . $sPassword);
} }
} }