From 94714ae987324f33c39c71013bb58ae26cb91588 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marcin=20=C5=81ojewski?= Date: Mon, 3 Feb 2020 21:04:17 +0100 Subject: [PATCH] issue#99 database password in config.php --- CHANGELOG.md | 1 + README.md | 21 ++++++------ lib/Constant/Opt.php | 3 +- lib/Controller/SettingsController.php | 12 ++++++- lib/Properties.php | 47 ++++++++++++++++++++++++--- templates/admin.php | 5 +-- 6 files changed, 70 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d5c76c2..e95f021 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Added - Support for Nextcloud 19 - Argon2id support +- System wide values option ## [4.4.1] - 2020-02-02 ### Fixed diff --git a/README.md b/README.md index 3b17dd1..c0931f1 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,7 @@ Name | Description | Details **Database** | The name of the database. | Mandatory. **Username** | The name of the user for the connection. | Optional. **Password** | The password of the user for the connection. | Optional. +**System wide values** | Place where database connection parameters are stored.
- *true* - config.php (System wide values).
- *false* - database (App values). | Optional.
Default: *false*. #### Options @@ -47,12 +48,12 @@ Here are all currently supported options. Name | Description | Details --- | --- | --- -**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.
Default: false.
Requires: user *Display name* column. -**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.
Default: false. -**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.
Default: false. -**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.
Default: false. -**Reverse active column** | Reverse value of active column in user table. | Optional.
Default: false. -**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.
Default: false. +**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.
Default: *false*.
Requires: user *Display name* column. +**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.
Default: *false*. +**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.
Default: *false*. +**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.
Default: *false*. +**Reverse active column** | Reverse value of active column in user table. | Optional.
Default: *false*. +**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.
Default: *false*. **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory. **Name sync** | Sync display name with the Nextcloud.
- *None* - Disables this feature. This is the default option.
- *Synchronise only once* - Copy the display name to the Nextcloud preferences if its not set.
- *Nextcloud always wins* - Always copy the display name to the database. This updates the user table.
- *SQL always wins* - Always copy the display name to the Nextcloud preferences. | Optional.
Default: *None*.
Requires: user *Display name* column. **Email sync** | Sync e-mail address with the Nextcloud.
- *None* - Disables this feature. This is the default option.
- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.
- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.
- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.
Default: *None*.
Requires: user *Email* column. @@ -74,11 +75,11 @@ Name | Description | Details **Password** | Password hash column. | Mandatory for user backend. **Display name** | Display name column. | Optional. **Active** | Flag indicating if user can log in. | Optional.
Default: true. -**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.
Default: false. -**Provide avatar** | Flag indicating if user can change its avatar. | Optional.
Default: false. +**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.
Default: *false*. +**Provide avatar** | Flag indicating if user can change its avatar. | Optional.
Default: *false*. **Salt** | Salt which is appended to password when checking or changing the password. | Optional. -**Append salt** | Append a salt to the password. | Optional.
Default: false. -**Prepend salt** | Prepend a salt to the password. | Optional.
Default: false. +**Append salt** | Append a salt to the password. | Optional.
Default: *false*. +**Prepend salt** | Prepend a salt to the password. | Optional.
Default: *false*. #### Group table diff --git a/lib/Constant/Opt.php b/lib/Constant/Opt.php index 3edd4ad..b07b87c 100644 --- a/lib/Constant/Opt.php +++ b/lib/Constant/Opt.php @@ -2,7 +2,7 @@ /** * Nextcloud - user_sql * - * @copyright 2018 Marcin Łojewski + * @copyright 2020 Marcin Łojewski * @author Marcin Łojewski * * This program is free software: you can redistribute it and/or modify @@ -44,5 +44,6 @@ final class Opt const PROVIDE_AVATAR = "opt.provide_avatar"; const QUOTA_SYNC = "opt.quota_sync"; const REVERSE_ACTIVE = "opt.reverse_active"; + const SAFE_STORE = "opt.safe_store"; const USE_CACHE = "opt.use_cache"; } diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index ef06b2d..3d06b6b 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -2,7 +2,7 @@ /** * Nextcloud - user_sql * - * @copyright 2018 Marcin Łojewski + * @copyright 2020 Marcin Łojewski * @author Marcin Łojewski * * This program is free software: you can redistribute it and/or modify @@ -28,6 +28,7 @@ use OC\DB\Connection; use OC\DB\ConnectionFactory; use OCA\UserSQL\Cache; use OCA\UserSQL\Constant\App; +use OCA\UserSQL\Constant\DB; use OCA\UserSQL\Constant\Opt; use OCA\UserSQL\Crypto\IPasswordAlgorithm; use OCA\UserSQL\Platform\PlatformFactory; @@ -208,6 +209,15 @@ class SettingsController extends Controller ]; } + $safeStore = $this->request->getParam(str_replace(".", "-", Opt::SAFE_STORE), App::FALSE_VALUE); + if ($safeStore !== $this->properties[Opt::SAFE_STORE]) { + unset($this->properties[DB::HOSTNAME]); + unset($this->properties[DB::PASSWORD]); + unset($this->properties[DB::USERNAME]); + unset($this->properties[DB::DATABASE]); + $this->properties[Opt::SAFE_STORE] = $safeStore; + } + foreach ($properties as $key => $value) { $reqValue = $this->request->getParam(str_replace(".", "-", $key)); $appValue = $this->properties[$key]; diff --git a/lib/Properties.php b/lib/Properties.php index 36413f5..a5712bf 100644 --- a/lib/Properties.php +++ b/lib/Properties.php @@ -2,7 +2,7 @@ /** * Nextcloud - user_sql * - * @copyright 2018 Marcin Łojewski + * @copyright 2020 Marcin Łojewski * @author Marcin Łojewski * * This program is free software: you can redistribute it and/or modify @@ -59,6 +59,10 @@ class Properties implements \ArrayAccess * @var array The properties array. */ private $data; + /** + * @var boolean Store confidential data in file. + */ + private $safeStore; /** * The default constructor. @@ -95,9 +99,15 @@ class Properties implements \ArrayAccess $params = $this->getParameterArray(); $this->data = []; + $this->safeStore + = $this->config->getAppValue($this->appName, Opt::SAFE_STORE, App::FALSE_VALUE) === App::TRUE_VALUE; foreach ($params as $param) { - $value = $this->config->getAppValue($this->appName, $param, null); + if ($this->isSystemValue($param)) { + $value = $this->config->getSystemValue("user_sql." . $param, null); + } else { + $value = $this->config->getAppValue($this->appName, $param, null); + } if ($this->isBooleanParam($param)) { if ($value === App::FALSE_VALUE) { @@ -143,6 +153,16 @@ class Properties implements \ArrayAccess return $params; } + /** + * @param $param string Parameter name. + * + * @return bool TRUE if this is a system wide parameter FALSE otherwise. + */ + private function isSystemValue($param) + { + return $this->safeStore && in_array($param, array(DB::HOSTNAME, DB::PASSWORD, DB::USERNAME, DB::DATABASE)); + } + /** * Is given parameter a boolean parameter. * @@ -156,7 +176,8 @@ class Properties implements \ArrayAccess $param, [ Opt::APPEND_SALT, Opt::CASE_INSENSITIVE_USERNAME, Opt::NAME_CHANGE, Opt::PASSWORD_CHANGE, Opt::PREPEND_SALT, - Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::USE_CACHE + Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::SAFE_STORE, + Opt::USE_CACHE ] ); } @@ -204,7 +225,15 @@ class Properties implements \ArrayAccess */ public function offsetSet($offset, $value) { - $this->config->setAppValue($this->appName, $offset, $value); + if ($offset == Opt::SAFE_STORE) { + $this->safeStore = ($value === App::TRUE_VALUE); + } + + if ($this->isSystemValue($offset)) { + $this->config->setSystemValue("user_sql." . $offset, $value); + } else { + $this->config->setAppValue($this->appName, $offset, $value); + } if ($this->isBooleanParam($offset)) { if ($value === App::FALSE_VALUE) { @@ -228,7 +257,15 @@ class Properties implements \ArrayAccess */ public function offsetUnset($offset) { - $this->config->deleteAppValue($this->appName, $offset); + if ($offset == Opt::SAFE_STORE) { + $this->safeStore = App::FALSE_VALUE; + } + + if ($this->isSystemValue($offset)) { + $this->config->deleteSystemValue("user_sql." . $offset); + } else { + $this->config->deleteAppValue($this->appName, $offset); + } unset($this->data[$offset]); } } diff --git a/templates/admin.php b/templates/admin.php index f88decd..7678830 100644 --- a/templates/admin.php +++ b/templates/admin.php @@ -2,7 +2,7 @@ /** * Nextcloud - user_sql * - * @copyright 2018 Marcin Łojewski + * @copyright 2020 Marcin Łojewski * @author Marcin Łojewski * * This program is free software: you can redistribute it and/or modify @@ -98,7 +98,8 @@ function print_select_options( print_text_input($l, "db-hostname", "Hostname", $_["db.hostname"]); print_text_input($l, "db-database", "Database", $_["db.database"]); print_text_input($l, "db-username", "Username", $_["db.username"]); - print_text_input($l, "db-password", "Password", $_["db.password"], "password"); ?> + print_text_input($l, "db-password", "Password", $_["db.password"], "password"); + print_checkbox_input($l, "opt-safe_store", "System wide values", $_["opt.safe_store"]); ?>
">