From c09c31984470de39cc2d7b90eef54f33ae2ff70c Mon Sep 17 00:00:00 2001 From: Marc Aschmann Date: Tue, 15 Jul 2014 11:28:16 +0200 Subject: [PATCH] resolves #497 added feature to disable auth with a default user --- PHPCI/Application.php | 26 +++++++++++- PHPCI/Controller/SettingsController.php | 53 +++++++++++++++++++++++++ PHPCI/View/Settings/index.phtml | 21 ++++++++++ 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/PHPCI/Application.php b/PHPCI/Application.php index 3e15686e..6e90a76f 100644 --- a/PHPCI/Application.php +++ b/PHPCI/Application.php @@ -14,6 +14,7 @@ use b8\Exception\HttpException; use b8\Http\Response; use b8\Http\Response\RedirectResponse; use b8\View; +use Symfony\Component\Yaml\Parser; /** * PHPCI Front Controller @@ -43,11 +44,32 @@ class Application extends b8\Application return false; }; + // load settings to check if there's a configured default user and auth disabled + $skipAuth = function () { + $parser = new Parser(); + $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); + $settings = $parser->parse($yaml); + if ((!empty($settings['phpci']['authentication_settings']['state']) + && 1 == (int)$settings['phpci']['authentication_settings']['state']) + && !empty($settings['phpci']['authentication_settings']['user_id']) + ) { + $user = b8\Store\Factory::getStore('User') + ->getByPrimaryKey($settings['phpci']['authentication_settings']['user_id']); + + if ($user) { + $_SESSION['user'] = $user; + return true; + } + } + + return false; + }; + // Handler for the route we're about to register, checks for a valid session where necessary: - $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession) { + $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession, $skipAuth) { $skipValidation = in_array($route['controller'], array('session', 'webhook', 'build-status')); - if (!$skipValidation && !$validateSession()) { + if (!$skipValidation && !$validateSession() && !$skipAuth()) { if ($request->isAjax()) { $response->setResponseCode(401); $response->setContent(''); diff --git a/PHPCI/Controller/SettingsController.php b/PHPCI/Controller/SettingsController.php index ebcab7e8..51edf749 100644 --- a/PHPCI/Controller/SettingsController.php +++ b/PHPCI/Controller/SettingsController.php @@ -41,13 +41,19 @@ class SettingsController extends Controller $this->view->settings = $this->settings; $emailSettings = array(); + $authenticationSettings = array(); if (isset($this->settings['phpci']['email_settings'])) { $emailSettings = $this->settings['phpci']['email_settings']; } + if (isset($this->settings['phpci']['authentication_settings'])) { + $authenticationSettings = $this->settings['phpci']['authentication_settings']; + } + $this->view->github = $this->getGithubForm(); $this->view->emailSettings = $this->getEmailForm($emailSettings); + $this->view->authenticationSettings = $this->getAuthenticationForm($authenticationSettings); $this->view->isWriteable = $this->canWriteConfig(); if (!empty($this->settings['phpci']['github']['token'])) { @@ -86,6 +92,23 @@ class SettingsController extends Controller die; } + public function authentication() + { + $this->settings['phpci']['authentication_settings']['state'] = $this->getParam('disable_authentication', 0); + $this->settings['phpci']['authentication_settings']['user_id'] = $_SESSION['user_id']; + + $error = $this->storeSettings(); + + if ($error) { + header('Location: ' . PHPCI_URL . 'settings?saved=2'); + } else { + header('Location: ' . PHPCI_URL . 'settings?saved=1'); + } + + die; + } + + /** * Github redirects users back to this URL when t */ @@ -236,6 +259,36 @@ class SettingsController extends Controller return $form; } + protected function getAuthenticationForm($values = array()) + { + $form = new Form(); + $form->setMethod('POST'); + $form->setAction(PHPCI_URL . 'settings/authentication'); + $form->addField(new Form\Element\Csrf('csrf')); + + $field = new Form\Element\Checkbox('disable_authentication'); + $field->setCheckedValue(1); + $field->setRequired(false); + $field->setLabel('Disable Authentication?'); + $field->setContainerClass('form-group'); + $field->setValue(0); + + if (isset($values['state'])) { + $field->setValue((int)$values['state']); + } + + $form->addField($field); + + $field = new Form\Element\Submit(); + $field->setValue('Save »'); + $field->setClass('btn btn-success pull-right'); + $form->addField($field); + + $form->setValues($values); + + return $form; + } + protected function getGithubUser($token) { $http = new HttpClient('https://api.github.com'); diff --git a/PHPCI/View/Settings/index.phtml b/PHPCI/View/Settings/index.phtml index 322206c4..462a2977 100644 --- a/PHPCI/View/Settings/index.phtml +++ b/PHPCI/View/Settings/index.phtml @@ -96,6 +96,27 @@ +
+ +
+ + + +
+
+
+

Authentication Settings

+ +

+ Be careful: This setting disables authentication and uses your preconfigured admin account for all actions within phpci with admin rights. +

+ +
+ +
+ +
+