Permalink
Browse files

Move bootSequence() to RolesService, move call to AuthMiddleware(s) a…

…nd pass alert via request "flash" attribute.
  • Loading branch information...
1 parent e3e2e1f commit b6a8941506fd437262cde56a95de0794848917eb @cdujeu cdujeu committed Jun 8, 2016
@@ -30,7 +30,9 @@
use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\AuthService;
use Pydio\Core\Services\ConfService;
+use Pydio\Core\Services\RolesService;
use Pydio\Core\Services\UsersService;
+use Pydio\Core\Utils\Utils;
use Zend\Diactoros\Response;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -152,6 +154,10 @@ public static function handleRequest(ServerRequestInterface $requestInterface, R
$requestInterface = $requestInterface->withAttribute("action", $options["a"]);
+ if(UsersService::usersEnabled() && Utils::detectApplicationFirstRun()){
+ RolesService::bootSequence();
+ }
+
if ($impersonateUsers !== false && $loggedUser->isAdmin()) {
foreach ($impersonateUsers as $impersonateUser){
@@ -26,13 +26,16 @@
use Pydio\Core\Exception\AuthRequiredException;
use Pydio\Core\Exception\NoActiveWorkspaceException;
use Pydio\Core\Exception\PydioException;
+use Pydio\Core\Exception\PydioUserAlertException;
use Pydio\Core\Exception\RepositoryLoadException;
use Pydio\Core\Http\Server;
use Pydio\Core\Model\Context;
use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\AuthService;
use Pydio\Core\Services\ConfService;
+use Pydio\Core\Services\RolesService;
use Pydio\Core\Services\UsersService;
+use Pydio\Core\Utils\Utils;
use Zend\Diactoros\Response\EmptyResponse;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -97,7 +100,7 @@ public static function handleRequest(\Psr\Http\Message\ServerRequestInterface &$
}
- protected static function bootSessionServer(ServerRequestInterface $request){
+ protected static function bootSessionServer(ServerRequestInterface &$request){
$parameters = $request->getParsedBody();
if (isSet($parameters["tmp_repository_id"])) {
@@ -124,6 +127,18 @@ protected static function bootSessionServer(ServerRequestInterface $request){
if($loggedUser != null && $loggedUser->getPref("lang") != "") ConfService::setLanguage($loggedUser->getPref("lang"));
else if(isSet($request->getCookieParams()["AJXP_lang"])) ConfService::setLanguage($request->getCookieParams()["AJXP_lang"]);
+ if(UsersService::usersEnabled() && Utils::detectApplicationFirstRun()){
+ try{
+ RolesService::bootSequence();
+ }catch (PydioException $e){
+ if($request->getAttribute("action") == "get_boot_gui"){
+ $request = $request->withAttribute("flash", $e->getMessage());
+ }else{
+ throw $e;
+ }
+ }
+ }
+
}
}
@@ -28,6 +28,9 @@
use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Core\Services\AuthService;
use Pydio\Core\Services\ConfService;
+use Pydio\Core\Services\RolesService;
+use Pydio\Core\Services\UsersService;
+use Pydio\Core\Utils\Utils;
defined('AJXP_EXEC') or die('Access not allowed');
@@ -78,6 +81,10 @@ public static function handleRequest(\Psr\Http\Message\ServerRequestInterface &$
$context = Context::contextWithObjects(AuthService::getLoggedUser(), $repo);
$requestInterface = $requestInterface->withAttribute("ctx", $context);
+ if(UsersService::usersEnabled() && Utils::detectApplicationFirstRun()){
+ RolesService::bootSequence();
+ }
+
return RestServer::callNextMiddleWare($requestInterface, $responseInterface, $next);
}
@@ -21,13 +21,11 @@
namespace Pydio\Core\Services;
use Pydio\Auth\Core\AJXP_Safe;
use Pydio\Conf\Core\AbstractAjxpUser;
-use Pydio\Conf\Core\AJXP_Role;
use Pydio\Core\Controller\Controller;
use Pydio\Core\Utils\BruteForceHelper;
use Pydio\Core\Utils\CookiesHelper;
use Pydio\Core\Utils\Utils;
use Pydio\Core\Controller\XMLWriter;
-use Pydio\Core\PluginFramework\PluginsService;
use Pydio\Log\Core\AJXP_Logger;
defined('AJXP_EXEC') or die( 'Access not allowed');
@@ -217,132 +215,5 @@ public static function disconnect()
}
}
- /**
- * Specific operations to perform at boot time
- * @static
- * @param array $START_PARAMETERS A HashTable of parameters to send back to the client
- * @return void
- */
- public static function bootSequence(&$START_PARAMETERS)
- {
- if(Utils::detectApplicationFirstRun()) return;
- if(file_exists(AJXP_CACHE_DIR."/admin_counted")) return;
- $rootRole = RolesService::getRole("AJXP_GRP_/");
- if ($rootRole === false) {
- $rootRole = new AJXP_Role("AJXP_GRP_/");
- $rootRole->setLabel("Root Group");
- //$rootRole->setAutoApplies(array("standard", "admin"));
- //$dashId = "";
- $allRepos = ConfService::getRepositoriesList("all", false);
- foreach ($allRepos as $repositoryId => $repoObject) {
- if($repoObject->isTemplate) continue;
- //if($repoObject->getAccessType() == "ajxp_user") $dashId = $repositoryId;
- $gp = $repoObject->getGroupPath();
- if (empty($gp) || $gp == "/") {
- if ($repoObject->getDefaultRight() != "") {
- $rootRole->setAcl($repositoryId, $repoObject->getDefaultRight());
- }
- }
- }
- //if(!empty($dashId)) $rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId);
- $paramNodes = PluginsService::getInstance()->searchAllManifests("//server_settings/param[@scope]", "node", false, false, true);
- if (is_array($paramNodes) && count($paramNodes)) {
- foreach ($paramNodes as $xmlNode) {
- $default = $xmlNode->getAttribute("default");
- if(empty($default)) continue;
- $parentNode = $xmlNode->parentNode->parentNode;
- $pluginId = $parentNode->getAttribute("id");
- if (empty($pluginId)) {
- $pluginId = $parentNode->nodeName.".".$parentNode->getAttribute("name");
- }
- $rootRole->setParameterValue($pluginId, $xmlNode->getAttribute("name"), $default);
- }
- }
- RolesService::updateRole($rootRole);
- }
- $miniRole = RolesService::getRole("MINISITE");
- if ($miniRole === false) {
- $rootRole = new AJXP_Role("MINISITE");
- $rootRole->setLabel("Minisite Users");
- $actions = array(
- "access.fs" => array("ajxp_link", "chmod", "purge"),
- "meta.watch" => array("toggle_watch"),
- "conf.serial"=> array("get_bookmarks"),
- "conf.sql"=> array("get_bookmarks"),
- "index.lucene" => array("index"),
- "action.share" => array("share", "share-edit-shared", "share-folder-workspace", "share-file-minisite", "share-selection-minisite", "share-folder-minisite-public"),
- "gui.ajax" => array("bookmark"),
- "auth.serial" => array("pass_change"),
- "auth.sql" => array("pass_change"),
- );
- foreach ($actions as $pluginId => $acts) {
- foreach ($acts as $act) {
- $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
- }
- }
- RolesService::updateRole($rootRole);
- }
- $miniRole = RolesService::getRole("MINISITE_NODOWNLOAD");
- if ($miniRole === false) {
- $rootRole = new AJXP_Role("MINISITE_NODOWNLOAD");
- $rootRole->setLabel("Minisite Users - No Download");
- $actions = array(
- "access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all")
- );
- foreach ($actions as $pluginId => $acts) {
- foreach ($acts as $act) {
- $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
- }
- }
- RolesService::updateRole($rootRole);
- }
- $miniRole = RolesService::getRole("GUEST");
- if ($miniRole === false) {
- $rootRole = new AJXP_Role("GUEST");
- $rootRole->setLabel("Guest user role");
- $actions = array(
- "access.fs" => array("purge"),
- "meta.watch" => array("toggle_watch"),
- "index.lucene" => array("index"),
- );
- $rootRole->setAutoApplies(array("guest"));
- foreach ($actions as $pluginId => $acts) {
- foreach ($acts as $act) {
- $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL);
- }
- }
- RolesService::updateRole($rootRole);
- }
- $adminCount = UsersService::countAdminUsers();
- if ($adminCount == 0) {
- $authDriver = ConfService::getAuthDriverImpl();
- $adminPass = ADMIN_PASSWORD;
- if (!$authDriver->getOptionAsBool("TRANSMIT_CLEAR_PASS")) {
- $adminPass = md5(ADMIN_PASSWORD);
- }
- UsersService::createUser("admin", $adminPass, true);
- if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) {
- $userObject = ConfService::getConfStorageImpl()->createUserObject("admin");
- $userObject->setAdmin(true);
- RolesService::updateAdminRights($userObject);
- if (UsersService::changePasswordEnabled()) {
- $userObject->setLock("pass_change");
- }
- $userObject->save("superuser");
- $START_PARAMETERS["ALERT"] .= "Warning! User 'admin' was created with the initial password '". INITIAL_ADMIN_PASSWORD ."'. \\nPlease log in as admin and change the password now!";
- self::updateUser($userObject);
- }
- } else if ($adminCount == -1) {
- // Here we may come from a previous version! Check the "admin" user and set its right as admin.
- $confStorage = ConfService::getConfStorageImpl();
- $adminUser = $confStorage->createUserObject("admin");
- $adminUser->setAdmin(true);
- $adminUser->save("superuser");
- $START_PARAMETERS["ALERT"] .= "There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration.";
- }
- file_put_contents(AJXP_CACHE_DIR."/admin_counted", "true");
-
- }
-
-}
+}
@@ -22,6 +22,7 @@
use Pydio\Conf\Core\AJXP_Role;
use Pydio\Conf\Core\AjxpRole;
+use Pydio\Core\Exception\PydioException;
use Pydio\Core\Model\UserInterface;
use Pydio\Core\PluginFramework\PluginsService;
@@ -243,4 +244,139 @@ public static function getRolesList($roleIds = array(), $excludeReserved = false
}
return $roles;
}
+
+ /**
+ * Specific operations to perform at boot time
+ * @static
+ * @throws PydioException
+ * @throws \Exception
+ */
+ public static function bootSequence()
+ {
+ if (file_exists(AJXP_CACHE_DIR . "/admin_counted")) return;
+ $rootRole = RolesService::getRole("AJXP_GRP_/");
+ if ($rootRole === false) {
+ $rootRole = new AJXP_Role("AJXP_GRP_/");
+ $rootRole->setLabel("Root Group");
+ //$rootRole->setAutoApplies(array("standard", "admin"));
+ //$dashId = "";
+ $allRepos = ConfService::getRepositoriesList("all", false);
+ foreach ($allRepos as $repositoryId => $repoObject) {
+ if ($repoObject->isTemplate) continue;
+ //if($repoObject->getAccessType() == "ajxp_user") $dashId = $repositoryId;
+ $gp = $repoObject->getGroupPath();
+ if (empty($gp) || $gp == "/") {
+ if ($repoObject->getDefaultRight() != "") {
+ $rootRole->setAcl($repositoryId, $repoObject->getDefaultRight());
+ }
+ }
+ }
+ //if(!empty($dashId)) $rootRole->setParameterValue("core.conf", "DEFAULT_START_REPOSITORY", $dashId);
+ $parameters = PluginsService::searchManifestsWithCache("//server_settings/param[@scope]", function ($paramNodes) {
+ $result = [];
+ /** @var \DOMElement $xmlNode */
+ foreach ($paramNodes as $xmlNode) {
+ $default = $xmlNode->getAttribute("default");
+ if (empty($default)) continue;
+ $parentNode = $xmlNode->parentNode->parentNode;
+ $pluginId = $parentNode->getAttribute("id");
+ if (empty($pluginId)) {
+ $pluginId = $parentNode->nodeName . "." . $parentNode->getAttribute("name");
+ }
+ $result[] = ["pluginId" => $pluginId, "name" => $xmlNode->getAttribute("name"), "default" => $default];
+ }
+ return $result;
+ });
+ foreach ($parameters as $parameter) {
+ $rootRole->setParameterValue($parameter["pluginId"], $parameter["name"], $parameter["default"]);
+ }
+ RolesService::updateRole($rootRole);
+ }
+ $miniRole = RolesService::getRole("MINISITE");
+ if ($miniRole === false) {
+ $rootRole = new AJXP_Role("MINISITE");
+ $rootRole->setLabel("Minisite Users");
+ $actions = array(
+ "access.fs" => array("ajxp_link", "chmod", "purge"),
+ "meta.watch" => array("toggle_watch"),
+ "conf.serial" => array("get_bookmarks"),
+ "conf.sql" => array("get_bookmarks"),
+ "index.lucene" => array("index"),
+ "action.share" => array("share", "share-edit-shared", "share-folder-workspace", "share-file-minisite", "share-selection-minisite", "share-folder-minisite-public"),
+ "gui.ajax" => array("bookmark"),
+ "auth.serial" => array("pass_change"),
+ "auth.sql" => array("pass_change"),
+ );
+ foreach ($actions as $pluginId => $acts) {
+ foreach ($acts as $act) {
+ $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
+ }
+ }
+ RolesService::updateRole($rootRole);
+ }
+ $miniRole = RolesService::getRole("MINISITE_NODOWNLOAD");
+ if ($miniRole === false) {
+ $rootRole = new AJXP_Role("MINISITE_NODOWNLOAD");
+ $rootRole->setLabel("Minisite Users - No Download");
+ $actions = array(
+ "access.fs" => array("download", "download_chunk", "prepare_chunk_dl", "download_all")
+ );
+ foreach ($actions as $pluginId => $acts) {
+ foreach ($acts as $act) {
+ $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_SHARED, false);
+ }
+ }
+ RolesService::updateRole($rootRole);
+ }
+ $miniRole = RolesService::getRole("GUEST");
+ if ($miniRole === false) {
+ $rootRole = new AJXP_Role("GUEST");
+ $rootRole->setLabel("Guest user role");
+ $actions = array(
+ "access.fs" => array("purge"),
+ "meta.watch" => array("toggle_watch"),
+ "index.lucene" => array("index"),
+ );
+ $rootRole->setAutoApplies(array("guest"));
+ foreach ($actions as $pluginId => $acts) {
+ foreach ($acts as $act) {
+ $rootRole->setActionState($pluginId, $act, AJXP_REPO_SCOPE_ALL);
+ }
+ }
+ RolesService::updateRole($rootRole);
+ }
+
+ // Legacy, should never happen
+ $adminCount = UsersService::countAdminUsers();
+ if ($adminCount == 0) {
+ $authDriver = ConfService::getAuthDriverImpl();
+ $adminPass = ADMIN_PASSWORD;
+ if (!$authDriver->getOptionAsBool("TRANSMIT_CLEAR_PASS")) {
+ $adminPass = md5(ADMIN_PASSWORD);
+ }
+ UsersService::createUser("admin", $adminPass, true);
+ if (ADMIN_PASSWORD == INITIAL_ADMIN_PASSWORD) {
+ $userObject = ConfService::getConfStorageImpl()->createUserObject("admin");
+ $userObject->setAdmin(true);
+ RolesService::updateAdminRights($userObject);
+ if (UsersService::changePasswordEnabled()) {
+ $userObject->setLock("pass_change");
+ }
+ $userObject->save("superuser");
+ AuthService::updateUser($userObject);
+ file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
+ throw new PydioException("Warning! User 'admin' was created with the initial password '" . INITIAL_ADMIN_PASSWORD . "'. \\nPlease log in as admin and change the password now!");
+ }
+ } else if ($adminCount == -1) {
+ // Here we may come from a previous version! Check the "admin" user and set its right as admin.
+ $confStorage = ConfService::getConfStorageImpl();
+ $adminUser = $confStorage->createUserObject("admin");
+ $adminUser->setAdmin(true);
+ $adminUser->save("superuser");
+ file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
+ throw new PydioException("There is an admin user, but without admin right. Now any user can have the administration rights, \\n your 'admin' user was set with the admin rights. Please check that this suits your security configuration.");
+ }
+ file_put_contents(AJXP_CACHE_DIR . "/admin_counted", "true");
+
+ }
}
Oops, something went wrong.

0 comments on commit b6a8941

Please sign in to comment.