spacefreak/user_sql
1
0
Fork 0
Code Pull Requests Activity

issue#99 database password in config.php

Browse Source
This commit is contained in:
Marcin Łojewski
2020-02-03 21:04:17 +01:00
parent 9644bce09c
commit 94714ae987
6 changed files with 70 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
### Added ### Added
- Support for Nextcloud 19 - Support for Nextcloud 19
- Argon2id support - Argon2id support
- System wide values option
## [4.4.1] - 2020-02-02 ## [4.4.1] - 2020-02-02
### Fixed ### Fixed

21
README.md
View File

@@ -40,6 +40,7 @@ Name | Description | Details
**Database** | The name of the database. | Mandatory. **Database** | The name of the database. | Mandatory.
**Username** | The name of the user for the connection. | Optional. **Username** | The name of the user for the connection. | Optional.
**Password** | The password of the user for the connection. | Optional. **Password** | The password of the user for the connection. | Optional.
**System wide values** | Place where database connection parameters are stored.<br/>- *true* - config.php (System wide values).<br/>- *false* - database (App values). | Optional.<br/>Default: *false*.
#### Options #### Options
@@ -47,12 +48,12 @@ Here are all currently supported options.
Name | Description | Details Name | Description | Details
--- | --- | --- --- | --- | ---
**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column. **Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: *false*.<br/>Requires: user *Display name* column.
**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false. **Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: *false*.
**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.<br/>Default: false. **Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.<br/>Default: *false*.
**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false. **Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: *false*.
**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: false. **Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: *false*.
**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false. **Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: *false*.
**Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory. **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
**Name sync** | Sync display name with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the display name to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the display name to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the display name to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Display name* column. **Name sync** | Sync display name with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the display name to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the display name to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the display name to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Display name* column.
**Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column. **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -74,11 +75,11 @@ Name | Description | Details
**Password** | Password hash column. | Mandatory for user backend. **Password** | Password hash column. | Mandatory for user backend.
**Display name** | Display name column. | Optional. **Display name** | Display name column. | Optional.
**Active** | Flag indicating if user can log in. | Optional.<br/>Default: true. **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.<br/>Default: false. **Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.<br/>Default: *false*.
**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false. **Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: *false*.
**Salt** | Salt which is appended to password when checking or changing the password. | Optional. **Salt** | Salt which is appended to password when checking or changing the password. | Optional.
**Append salt** | Append a salt to the password. | Optional.<br/>Default: false. **Append salt** | Append a salt to the password. | Optional.<br/>Default: *false*.
**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false. **Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: *false*.
#### Group table #### Group table

3
lib/Constant/Opt.php
View File

@@ -2,7 +2,7 @@
/** /**
* Nextcloud - user_sql * Nextcloud - user_sql
* *
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me> * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me> * @author Marcin Łojewski <dev@mlojewski.me>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
@@ -44,5 +44,6 @@ final class Opt
const PROVIDE_AVATAR = "opt.provide_avatar"; const PROVIDE_AVATAR = "opt.provide_avatar";
const QUOTA_SYNC = "opt.quota_sync"; const QUOTA_SYNC = "opt.quota_sync";
const REVERSE_ACTIVE = "opt.reverse_active"; const REVERSE_ACTIVE = "opt.reverse_active";
const SAFE_STORE = "opt.safe_store";
const USE_CACHE = "opt.use_cache"; const USE_CACHE = "opt.use_cache";
} }

12
lib/Controller/SettingsController.php
View File

@@ -2,7 +2,7 @@
/** /**
* Nextcloud - user_sql * Nextcloud - user_sql
* *
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me> * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me> * @author Marcin Łojewski <dev@mlojewski.me>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
@@ -28,6 +28,7 @@ use OC\DB\Connection;
use OC\DB\ConnectionFactory; use OC\DB\ConnectionFactory;
use OCA\UserSQL\Cache; use OCA\UserSQL\Cache;
use OCA\UserSQL\Constant\App; use OCA\UserSQL\Constant\App;
use OCA\UserSQL\Constant\DB;
use OCA\UserSQL\Constant\Opt; use OCA\UserSQL\Constant\Opt;
use OCA\UserSQL\Crypto\IPasswordAlgorithm; use OCA\UserSQL\Crypto\IPasswordAlgorithm;
use OCA\UserSQL\Platform\PlatformFactory; use OCA\UserSQL\Platform\PlatformFactory;
@@ -208,6 +209,15 @@ class SettingsController extends Controller
]; ];
} }
$safeStore = $this->request->getParam(str_replace(".", "-", Opt::SAFE_STORE), App::FALSE_VALUE);
if ($safeStore !== $this->properties[Opt::SAFE_STORE]) {
unset($this->properties[DB::HOSTNAME]);
unset($this->properties[DB::PASSWORD]);
unset($this->properties[DB::USERNAME]);
unset($this->properties[DB::DATABASE]);
$this->properties[Opt::SAFE_STORE] = $safeStore;
}
foreach ($properties as $key => $value) { foreach ($properties as $key => $value) {
$reqValue = $this->request->getParam(str_replace(".", "-", $key)); $reqValue = $this->request->getParam(str_replace(".", "-", $key));
$appValue = $this->properties[$key]; $appValue = $this->properties[$key];

41
lib/Properties.php
View File

@@ -2,7 +2,7 @@
/** /**
* Nextcloud - user_sql * Nextcloud - user_sql
* *
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me> * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me> * @author Marcin Łojewski <dev@mlojewski.me>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
@@ -59,6 +59,10 @@ class Properties implements \ArrayAccess
* @var array The properties array. * @var array The properties array.
*/ */
private $data; private $data;
/**
* @var boolean Store confidential data in file.
*/
private $safeStore;
/** /**
* The default constructor. * The default constructor.
@@ -95,9 +99,15 @@ class Properties implements \ArrayAccess
$params = $this->getParameterArray(); $params = $this->getParameterArray();
$this->data = []; $this->data = [];
$this->safeStore
= $this->config->getAppValue($this->appName, Opt::SAFE_STORE, App::FALSE_VALUE) === App::TRUE_VALUE;
foreach ($params as $param) { foreach ($params as $param) {
if ($this->isSystemValue($param)) {
$value = $this->config->getSystemValue("user_sql." . $param, null);
} else {
$value = $this->config->getAppValue($this->appName, $param, null); $value = $this->config->getAppValue($this->appName, $param, null);
}
if ($this->isBooleanParam($param)) { if ($this->isBooleanParam($param)) {
if ($value === App::FALSE_VALUE) { if ($value === App::FALSE_VALUE) {
@@ -143,6 +153,16 @@ class Properties implements \ArrayAccess
return $params; return $params;
} }
/**
* @param $param string Parameter name.
*
* @return bool TRUE if this is a system wide parameter FALSE otherwise.
*/
private function isSystemValue($param)
{
return $this->safeStore && in_array($param, array(DB::HOSTNAME, DB::PASSWORD, DB::USERNAME, DB::DATABASE));
}
/** /**
* Is given parameter a boolean parameter. * Is given parameter a boolean parameter.
* *
@@ -156,7 +176,8 @@ class Properties implements \ArrayAccess
$param, [ $param, [
Opt::APPEND_SALT, Opt::CASE_INSENSITIVE_USERNAME, Opt::APPEND_SALT, Opt::CASE_INSENSITIVE_USERNAME,
Opt::NAME_CHANGE, Opt::PASSWORD_CHANGE, Opt::PREPEND_SALT, Opt::NAME_CHANGE, Opt::PASSWORD_CHANGE, Opt::PREPEND_SALT,
Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::USE_CACHE Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::SAFE_STORE,
Opt::USE_CACHE
] ]
); );
} }
@@ -204,7 +225,15 @@ class Properties implements \ArrayAccess
*/ */
public function offsetSet($offset, $value) public function offsetSet($offset, $value)
{ {
if ($offset == Opt::SAFE_STORE) {
$this->safeStore = ($value === App::TRUE_VALUE);
}
if ($this->isSystemValue($offset)) {
$this->config->setSystemValue("user_sql." . $offset, $value);
} else {
$this->config->setAppValue($this->appName, $offset, $value); $this->config->setAppValue($this->appName, $offset, $value);
}
if ($this->isBooleanParam($offset)) { if ($this->isBooleanParam($offset)) {
if ($value === App::FALSE_VALUE) { if ($value === App::FALSE_VALUE) {
@@ -228,7 +257,15 @@ class Properties implements \ArrayAccess
*/ */
public function offsetUnset($offset) public function offsetUnset($offset)
{ {
if ($offset == Opt::SAFE_STORE) {
$this->safeStore = App::FALSE_VALUE;
}
if ($this->isSystemValue($offset)) {
$this->config->deleteSystemValue("user_sql." . $offset);
} else {
$this->config->deleteAppValue($this->appName, $offset); $this->config->deleteAppValue($this->appName, $offset);
}
unset($this->data[$offset]); unset($this->data[$offset]);
} }
} }

5
templates/admin.php
View File

@@ -2,7 +2,7 @@
/** /**
* Nextcloud - user_sql * Nextcloud - user_sql
* *
* @copyright 2018 Marcin Łojewski <dev@mlojewski.me> * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
* @author Marcin Łojewski <dev@mlojewski.me> * @author Marcin Łojewski <dev@mlojewski.me>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
@@ -98,7 +98,8 @@ function print_select_options(
print_text_input($l, "db-hostname", "Hostname", $_["db.hostname"]); print_text_input($l, "db-hostname", "Hostname", $_["db.hostname"]);
print_text_input($l, "db-database", "Database", $_["db.database"]); print_text_input($l, "db-database", "Database", $_["db.database"]);
print_text_input($l, "db-username", "Username", $_["db.username"]); print_text_input($l, "db-username", "Username", $_["db.username"]);
print_text_input($l, "db-password", "Password", $_["db.password"], "password"); ?> print_text_input($l, "db-password", "Password", $_["db.password"], "password");
print_checkbox_input($l, "opt-safe_store", "System wide values", $_["opt.safe_store"]); ?>
<div class="button-right"> <div class="button-right">
<input type="submit" id="user_sql-db_connection_verify" value="<?php p($l->t("Verify settings")); ?>"> <input type="submit" id="user_sql-db_connection_verify" value="<?php p($l->t("Verify settings")); ?>">
</div> </div>