Merge branch 'feature/setup-wizard-7163' of git.icinga.org:icingaweb2…

… into feature/setup-wizard-7163

Conflicts:
	library/Icinga/Authentication/Backend/LdapUserBackend.php
	library/Icinga/Authentication/UserBackend.php

.vagrant-puppet/manifests/default.pp

@@ -601,27 +601,15 @@
   require => Service['postgresql']
 }
 
-exec { 'populate-icingaweb-mysql-db-accounts':
+exec { 'populate-icingaweb-mysql-db-tables':
   unless  => 'mysql -uicingaweb -picingaweb icingaweb -e "SELECT * FROM account;" &> /dev/null',
-  command => 'mysql -uicingaweb -picingaweb icingaweb < /vagrant/etc/schema/accounts.mysql.sql',
+  command => 'mysql -uicingaweb -picingaweb icingaweb < /vagrant/etc/schema/mysql.sql',
   require => [ Exec['create-mysql-icingaweb-db'] ]
 }
 
-exec { 'populate-icingweba-pgsql-db-accounts':
+exec { 'populate-icingweba-pgsql-db-tables':
   unless  => 'psql -U icingaweb -d icingaweb -c "SELECT * FROM account;" &> /dev/null',
-  command => 'sudo -u postgres psql -U icingaweb -d icingaweb -f /vagrant/etc/schema/accounts.pgsql.sql',
-  require => [ Exec['create-pgsql-icingaweb-db'] ]
-}
-
-exec { 'populate-icingaweb-mysql-db-preferences':
-  unless  => 'mysql -uicingaweb -picingaweb icingaweb -e "SELECT * FROM preference;" &> /dev/null',
-  command => 'mysql -uicingaweb -picingaweb icingaweb < /vagrant/etc/schema/preferences.mysql.sql',
-  require => [ Exec['create-mysql-icingaweb-db'] ]
-}
-
-exec { 'populate-icingweba-pgsql-db-preferences':
-  unless  => 'psql -U icingaweb -d icingaweb -c "SELECT * FROM preference;" &> /dev/null',
-  command => 'sudo -u postgres psql -U icingaweb -d icingaweb -f /vagrant/etc/schema/preferences.pgsql.sql',
+  command => 'sudo -u postgres psql -U icingaweb -d icingaweb -f /vagrant/etc/schema/pgsql.sql',
   require => [ Exec['create-pgsql-icingaweb-db'] ]
 }
 

application/clicommands/SetupCommand.php

@@ -39,7 +39,9 @@ public function showTokenAction()
     /**
      * Create a new setup token
      *
-     * Re-generates the setup token used to authenticate when installing Icinga Web 2 using the web-based wizard
+     * Re-generates the setup token used to authenticate when installing Icinga Web 2 using the web-based wizard.
+     * Note that it is required to run this command while logged in as your webserver's user or to make him the
+     * owner of the created file afterwards manually.
      *
      * USAGE:
      *

application/controllers/AuthenticationController.php

@@ -122,7 +122,7 @@ public function loginAction()
                 if ($backendsWithError) {
                     $this->view->form->getElement('username')->addError(
                         $this->translate(
-                            'Please note that not all authentication methods where available.'
+                            'Please note that not all authentication methods were available.'
                           . ' Check the system log or Icinga Web 2 log for more information.'
                         )
                     );
@@ -135,7 +135,9 @@ public function loginAction()
                         $authenticated  = $backend->authenticate($user);
                         if ($authenticated === true) {
                             $auth->setAuthenticated($user);
-                            $this->rerenderLayout()->redirectNow($redirectUrl);
+                            $this->rerenderLayout()->redirectNow(
+                                Url::fromPath(Url::fromRequest()->getParam('redirect', 'dashboard'))
+                            );
                         }
                     }
                 }
@@ -151,14 +153,16 @@ public function loginAction()
     public function logoutAction()
     {
         $auth = $this->Auth();
+        if (! $auth->isAuthenticated()) {
+            $this->redirectToLogin();
+        }
         $isRemoteUser = $auth->getUser()->isRemoteUser();
         $auth->removeAuthorization();
-
         if ($isRemoteUser === true) {
             $this->_helper->layout->setLayout('login');
             $this->_response->setHttpResponseCode(401);
         } else {
-            $this->rerenderLayout()->redirectToLogin();
+            $this->redirectToLogin();
         }
     }
 }

application/forms/Authentication/LoginForm.php

@@ -24,7 +24,7 @@ public function init()
     /**
      * @see Form::createElements()
      */
-    public function createElements($formData)
+    public function createElements(array $formData)
     {
         $this->addElement(
             'text',

application/forms/Config/ResourceConfigForm.php

@@ -12,7 +12,6 @@
 use Icinga\Form\Config\Resource\FileResourceForm;
 use Icinga\Form\Config\Resource\LdapResourceForm;
 use Icinga\Form\Config\Resource\LivestatusResourceForm;
-use Icinga\Form\Config\Resource\StatusdatResourceForm;
 use Icinga\Application\Platform;
 use Icinga\Exception\ConfigurationError;
 
@@ -42,8 +41,6 @@ public function getResourceForm($type)
             return new LdapResourceForm();
         } elseif ($type === 'livestatus') {
             return new LivestatusResourceForm();
-        } elseif ($type === 'statusdat') {
-            return new StatusdatResourceForm();
         } elseif ($type === 'file') {
             return new FileResourceForm();
         } else {
@@ -214,7 +211,6 @@ public function createElements(array $formData)
 
         $resourceTypes = array(
             'file'          => t('File'),
-            'statusdat'     => 'Status.dat',
             'livestatus'    => 'Livestatus',
         );
         if ($resourceType === 'ldap' || Platform::extensionLoaded('ldap')) {

application/forms/Setup/AdminAccountPage.php

@@ -187,6 +187,27 @@ public function createElements(array $formData)
         );
     }
 
+    /**
+     * Validate the given request data and ensure that any new user does not already exist
+     *
+     * @param   array   $data   The request data to validate
+     *
+     * @return  bool
+     */
+    public function isValid($data)
+    {
+        if (false === parent::isValid($data)) {
+            return false;
+        }
+
+        if ($data['user_type'] === 'new_user' && array_search($data['new_user'], $this->fetchUsers()) !== false) {
+            $this->getElement('new_user')->addError(t('Username already exists.'));
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Return the name of the externally authenticated user
      *

application/forms/Setup/DatabaseCreationPage.php

@@ -79,11 +79,13 @@ public function createElements(array $formData)
                 )
             )
         );
+
+        $skipValidation = isset($formData['skip_validation']) && $formData['skip_validation'];
         $this->addElement(
             'text',
             'username',
             array(
-                'required'      => true,
+                'required'      => false === $skipValidation,
                 'label'         => t('Username'),
                 'description'   => t('A user which is able to create databases and/or touch the database schema')
             )
@@ -92,11 +94,24 @@ public function createElements(array $formData)
             'password',
             'password',
             array(
-                'required'      => true,
+                'required'      => false === $skipValidation,
                 'label'         => t('Password'),
                 'description'   => t('The password for the database user defined above')
             )
         );
+
+        if ($skipValidation) {
+            $this->addSkipValidationCheckbox();
+        } else {
+            $this->addElement(
+                'hidden',
+                'skip_validation',
+                array(
+                    'required'  => true,
+                    'value'     => 0
+                )
+            );
+        }
     }
 
     /**
@@ -112,6 +127,10 @@ public function isValid($data)
             return false;
         }
 
+        if (isset($data['skip_validation']) && $data['skip_validation']) {
+            return true;
+        }
+
         $this->config['username'] = $this->getValue('username');
         $this->config['password'] = $this->getValue('password');
         $db = new DbTool($this->config);
@@ -122,6 +141,7 @@ public function isValid($data)
                 $this->addError(
                     t('The provided credentials do not have the required access rights to create the database schema.')
                 );
+                $this->addSkipValidationCheckbox();
                 return false;
             }
         } catch (PDOException $e) {
@@ -131,14 +151,33 @@ public function isValid($data)
                     $this->addError(
                         t('The provided credentials cannot be used to create the database and/or the user.')
                     );
+                    $this->addSkipValidationCheckbox();
                     return false;
                 }
             } catch (PDOException $e) {
                 $this->addError($e->getMessage());
+                $this->addSkipValidationCheckbox();
                 return false;
             }
         }
 
         return true;
     }
+
+    /**
+     * Add a checkbox to the form by which the user can skip the login and privilege validation
+     */
+    protected function addSkipValidationCheckbox()
+    {
+        $this->addElement(
+            'checkbox',
+            'skip_validation',
+            array(
+                'order'         => 1,
+                'required'      => true,
+                'label'         => t('Skip Validation'),
+                'description'   => t('Check this to not to validate the ability to login and required privileges')
+            )
+        );
+    }
 }

config/authentication.ini.in

@@ -18,6 +18,10 @@ backend             = ldap
 resource            = internal_ldap
 user_class          = @ldap_user_objectclass@
 user_name_attribute = @ldap_attribute_username@
+group_base_dn = @ldap_group_base_dn@
+group_attribute = @ldap_group_attribute@
+group_member_attribute = @ldap_group_member_attribute@
+group_class = @ldap_group_class@
 
 [internal_db_authentication]
 @internal_auth_disabled@

doc/installation.md

@@ -74,8 +74,7 @@ create all database tables. You will find the installation guides for the differ
 >
 > RPM packages install the schema into /usr/share/doc/icingaweb-<version>/schema
 
-   bash$  mysql -u root -p icingaweb < etc/schema/accounts.mysql.sql
-   bash$  mysql -u root -p icingaweb < etc/schema/preferences.mysql.sql
+   bash$  mysql -u root -p icingaweb < etc/schema/mysql.sql
 
 
 #### PostgreSQL
@@ -108,8 +107,7 @@ And restart your database ('service postgresql restart' or '/etc/init.d/postgres
 >
 > RPM packages install the schema into /usr/share/doc/icingaweb-&lt;version&gt;/schema
 
-    bash$  psql -U icingaweb -a -f etc/schema/accounts.pgsql.sql
-    bash$  psql -U icingaweb -a -f etc/schema/preferences.pgsql.sql
+    bash$  psql -U icingaweb -a -f etc/schema/pgsql.sql
 
 
 

etc/schema/mysql.sql

@@ -0,0 +1,14 @@
+create table account (
+  `username`    varchar(255) COLLATE latin1_general_ci NOT NULL,
+  `salt`        varchar(255) NOT NULL,
+  `password`    varchar(255) NOT NULL,
+  `active`      tinyint(1)   DEFAULT NULL,
+  PRIMARY KEY (`username`)
+) ENGINE=InnoDB DEFAULT CHARSET=latin1;
+
+create table `preference`(
+  `username`    VARCHAR(255) COLLATE latin1_general_ci NOT NULL,
+  `key`         VARCHAR(100) COLLATE latin1_general_ci NOT NULL,
+  `value`       VARCHAR(255) NOT NULL,
+  PRIMARY KEY (`username`, `key`)
+) ENGINE=InnoDB;