From 288f6b61cdae3d5bba45fcc279771734331e3378 Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Thu, 24 Sep 2020 21:41:27 +0100 Subject: [PATCH 1/6] Migrate auth_realm from legacy config. --- Core/Frameworks/Baikal/Model/Config/Standard.php | 4 +++- .../BaikalAdmin/Controller/Install/Initialize.php | 4 ++++ Core/Frameworks/BaikalAdmin/Core/Auth.php | 14 +++----------- 3 files changed, 10 insertions(+), 12 deletions(-) diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php index c27fab7..4923484 100644 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php @@ -65,6 +65,8 @@ class Standard extends \Baikal\Model\Config { "cal_enabled" => true, "dav_auth_type" => "Digest", "admin_passwordhash" => "", + // While not editable as will change admin & any existing user passwords, + // could be set to different value when migrating from legacy config "auth_realm" => "BaikalDAV", "base_uri" => "" ]; @@ -146,7 +148,7 @@ class Standard extends \Baikal\Model\Config { if ($sProp === "admin_passwordhash" && $sValue !== "") { parent::set( "admin_passwordhash", - \BaikalAdmin\Core\Auth::hashAdminPassword($sValue) + \BaikalAdmin\Core\Auth::hashAdminPassword($sValue, $this->aData["auth_realm"]) ); } diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php b/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php index b784736..e88d0be 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/Initialize.php @@ -55,6 +55,10 @@ class Initialize extends \Flake\Core\Controller { $this->oModel->set('invite_from', defined("BAIKAL_INVITE_FROM") ? BAIKAL_INVITE_FROM : ""); $this->oModel->set('dav_auth_type', BAIKAL_DAV_AUTH_TYPE); } + if (file_exists(PROJECT_PATH_SPECIFIC . "config.system.php")) { + require_once PROJECT_PATH_SPECIFIC . "config.system.php"; + $this->oModel->set('auth_realm', BAIKAL_AUTH_REALM); + } $this->oForm = $this->oModel->formForThisModelInstance([ "close" => false diff --git a/Core/Frameworks/BaikalAdmin/Core/Auth.php b/Core/Frameworks/BaikalAdmin/Core/Auth.php index cac930a..2ec8420 100644 --- a/Core/Frameworks/BaikalAdmin/Core/Auth.php +++ b/Core/Frameworks/BaikalAdmin/Core/Auth.php @@ -48,12 +48,13 @@ class Auth { $sUser = \Flake\Util\Tools::POST("login"); $sPass = \Flake\Util\Tools::POST("password"); - $sPassHash = self::hashAdminPassword($sPass); try { $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); } catch (\Exception $e) { error_log('Error reading baikal.yaml file : ' . $e->getMessage()); + return false; } + $sPassHash = self::hashAdminPassword($sPass, $config['system']['auth_realm']); if ($sUser === "admin" && $sPassHash === $config['system']['admin_passwordhash']) { $_SESSION["baikaladminauth"] = md5($config['system']['admin_passwordhash']); @@ -67,16 +68,7 @@ class Auth { unset($_SESSION["baikaladminauth"]); } - static function hashAdminPassword($sPassword) { - try { - $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); - } catch (\Exception $e) { - error_log('Error reading baikal.yaml file : ' . $e->getMessage()); - } - - # Fallback to default value; useful when initializing App, as all constants are not set yet - $sAuthRealm = $config['system']['auth_realm'] ?? "BaikalDAV"; - + static function hashAdminPassword($sPassword, $sAuthRealm) { return hash('sha256', 'admin:' . $sAuthRealm . ':' . $sPassword); } } From e85c0626c157fb40ab96a0c0a1122ad3a7b122e1 Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Thu, 24 Sep 2020 21:43:11 +0100 Subject: [PATCH 2/6] Don't move off legacy database form prematurely. Previously, any form submission would persist the database settings giving no chance to validate them or edit them. Toggling the MySQL enabled checkbox also triggered this as that reloaded the page. --- .../Controller/Install/Database.php | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php index 2753a2a..d6d98d3 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php @@ -46,12 +46,6 @@ class Database extends \Flake\Core\Controller { $this->oModel->set('mysql_username', PROJECT_DB_MYSQL_USERNAME); $this->oModel->set('mysql_password', PROJECT_DB_MYSQL_PASSWORD); $this->oModel->set('encryption_key', BAIKAL_ENCRYPTION_KEY); - - if (defined("BAIKAL_CONFIGURED_VERSION")) { - $oStandardConfig = new \Baikal\Model\Config\Standard(); - $oStandardConfig->set("configured_version", BAIKAL_CONFIGURED_VERSION); - $oStandardConfig->persist(); - } } $this->oForm = $this->oModel->formForThisModelInstance([ @@ -68,6 +62,18 @@ class Database extends \Flake\Core\Controller { @unlink(PROJECT_PATH_SPECIFIC . "config.system.php"); } touch(PROJECT_PATH_SPECIFIC . '/INSTALL_DISABLED'); + + if (defined("BAIKAL_CONFIGURED_VERSION")) { + $oStandardConfig = new \Baikal\Model\Config\Standard(); + $oStandardConfig->set("configured_version", BAIKAL_CONFIGURED_VERSION); + $oStandardConfig->persist(); + + # We've just rolled back the configured version, so reload so that we get to the + # version upgrade page rather than the database is configured message in render below + $sLink = PROJECT_URI . "admin/install/?/database"; + \Flake\Util\Tools::redirect($sLink); + exit(0); + } } } } From 4900196f4ccc7681a71bcd6a0dfbfa8e71bafae5 Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Thu, 24 Sep 2020 21:45:57 +0100 Subject: [PATCH 3/6] Show/hide correct database fields on initial load On the initial load the form morphology hook is called prior to the morphology being populated with values from the model. Loading from the YAML won't always work if we're coming from < 0.7.0. Loading from the model is safe as: - The model is initially populated with the YAML - If legacy config is present then the model is updated with that - If this isn't the initial load we go down the submitted branch instead --- .../BaikalAdmin/Controller/Install/Database.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php index d6d98d3..bb96885 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php @@ -215,12 +215,8 @@ class Database extends \Flake\Core\Controller { if ($oForm->submitted()) { $bMySQL = (intval($oForm->postValue("mysql")) === 1); } else { - try { - $configSystem = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); - } catch (\Exception $e) { - error_log('Error reading baikal.yaml file : ' . $e->getMessage()); - } - $bMySQL = $configSystem['database']['mysql'] ?? true; + // oMorpho won't have the values from the model set on it yet + $bMySQL = $this->oModel->get("mysql"); } if ($bMySQL === true) { From 5d310657e2e5a7726608cd15a500a34cefc1f50c Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Thu, 24 Sep 2020 21:52:45 +0100 Subject: [PATCH 4/6] Fix conditionals for legacy DB upgrades --- .../Controller/Install/VersionUpgrade.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/VersionUpgrade.php b/Core/Frameworks/BaikalAdmin/Controller/Install/VersionUpgrade.php index 8ae3519..af4a631 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/VersionUpgrade.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/VersionUpgrade.php @@ -65,7 +65,7 @@ class VersionUpgrade extends \Flake\Core\Controller { HTML; try { - $bSuccess = $this->upgrade($config['system']['configured_version'], BAIKAL_VERSION); + $bSuccess = $this->upgrade($config['database'], $config['system']['configured_version'], BAIKAL_VERSION); } catch (\Exception $e) { $bSuccess = false; $this->aErrors[] = 'Uncaught exception during upgrade: ' . (string) $e; @@ -88,7 +88,7 @@ HTML; return $sHtml; } - protected function upgrade($sVersionFrom, $sVersionTo) { + protected function upgrade($databaseConfig, $sVersionFrom, $sVersionTo) { if (version_compare($sVersionFrom, '0.2.3', '<=')) { throw new \Exception('This version of Baikal does not support upgrading from version 0.2.3 and older. Please request help on Github if this is a problem.'); } @@ -99,7 +99,7 @@ HTML; if (version_compare($sVersionFrom, '0.3.0', '<')) { // Upgrading from sabre/dav 1.8 schema to 3.1 schema. - if (defined("PROJECT_DB_MYSQL") && PROJECT_DB_MYSQL === true) { + if ($databaseConfig['mysql'] === true) { // MySQL upgrade // sabre/dav 2.0 changes @@ -313,7 +313,7 @@ HTML; // The sqlite schema had issues with both the calendar and // addressbooks tables. The tables didn't have a DEFAULT '1' for // the synctoken column. So we're adding it now. - if (!defined("PROJECT_DB_MYSQL") || PROJECT_DB_MYSQL === false) { + if ($databaseConfig['mysql'] === false) { $pdo->exec('UPDATE calendars SET synctoken = 1 WHERE synctoken IS NULL'); $tmpTable = '_' . time(); @@ -343,7 +343,7 @@ CREATE TABLE calendars ( // Similar to upgrading from older than 0.4.5, there were still // issues with a missing DEFAULT 1 for sthe synctoken field in the // addressbook. - if (!defined("PROJECT_DB_MYSQL") || PROJECT_DB_MYSQL === false) { + if ($databaseConfig['mysql'] === false) { $pdo->exec('UPDATE addressbooks SET synctoken = 1 WHERE synctoken IS NULL'); $tmpTable = '_' . time(); @@ -365,7 +365,7 @@ CREATE TABLE addressbooks ( } } if (version_compare($sVersionFrom, '0.5.1', '<')) { - if (!defined("PROJECT_DB_MYSQL") || PROJECT_DB_MYSQL === false) { + if ($databaseConfig['mysql'] === false) { $pdo->exec(<< Date: Fri, 25 Sep 2020 20:02:13 +0100 Subject: [PATCH 5/6] Fix php-cs-fixer issues relating to 288f6b6 --- Core/Frameworks/BaikalAdmin/Core/Auth.php | 1 + 1 file changed, 1 insertion(+) diff --git a/Core/Frameworks/BaikalAdmin/Core/Auth.php b/Core/Frameworks/BaikalAdmin/Core/Auth.php index 2ec8420..65a91c3 100644 --- a/Core/Frameworks/BaikalAdmin/Core/Auth.php +++ b/Core/Frameworks/BaikalAdmin/Core/Auth.php @@ -52,6 +52,7 @@ class Auth { $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); } catch (\Exception $e) { error_log('Error reading baikal.yaml file : ' . $e->getMessage()); + return false; } $sPassHash = self::hashAdminPassword($sPass, $config['system']['auth_realm']); From 377f608c24db95e3e65346b9a169bebd0d8b03e2 Mon Sep 17 00:00:00 2001 From: Ben Banfield-Zanin Date: Fri, 25 Sep 2020 20:02:45 +0100 Subject: [PATCH 6/6] Fix php-cs-fixer issues relating to 4900196 --- Core/Frameworks/BaikalAdmin/Controller/Install/Database.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php index bb96885..137d022 100644 --- a/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php +++ b/Core/Frameworks/BaikalAdmin/Controller/Install/Database.php @@ -27,8 +27,6 @@ namespace BaikalAdmin\Controller\Install; -use Symfony\Component\Yaml\Yaml; - class Database extends \Flake\Core\Controller { protected $aMessages = []; protected $oModel;