diff --git a/PHPCI/Application.php b/PHPCI/Application.php index 21565d2f..821c8199 100644 --- a/PHPCI/Application.php +++ b/PHPCI/Application.php @@ -47,11 +47,30 @@ class Application extends b8\Application return false; }; + // Check settings for disable_authentication enabled and user_id + $skipAuth = function () { + $config = b8\Config::getInstance(); + $state = (bool)$config->get('phpci.authentication_settings.state', false); + $id = $config->get('phpci.authentication_settings.user_id', 0); + + if (false !== $state && 0 != (int)$id) { + $user = b8\Store\Factory::getStore('User') + ->getByPrimaryKey($id); + + if ($user) { + $_SESSION['phpci_user'] = $user; + return true; + } + } + + return false; + }; + // Handler for the route we're about to register, checks for a valid session where necessary: - $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession) { + $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession, $skipAuth) { $skipValidation = in_array($route['controller'], array('session', 'webhook', 'build-status')); - if (!$skipValidation && !$validateSession()) { + if (!$skipValidation && !$validateSession() && !$skipAuth()) { if ($request->isAjax()) { $response->setResponseCode(401); $response->setContent(''); @@ -72,8 +91,10 @@ class Application extends b8\Application } /** - * Handle an incoming web request. - */ + * Handle an incoming web request. + * + * @return b8\b8\Http\Response|Response + */ public function handleRequest() { try { diff --git a/PHPCI/Controller/SettingsController.php b/PHPCI/Controller/SettingsController.php index 806a4683..3056d203 100644 --- a/PHPCI/Controller/SettingsController.php +++ b/PHPCI/Controller/SettingsController.php @@ -19,12 +19,17 @@ use Symfony\Component\Yaml\Parser; /** * Settings Controller + * * @author Dan Cryer * @package PHPCI * @subpackage Web */ class SettingsController extends Controller { + + /** + * @var array + */ protected $settings; /** @@ -34,8 +39,8 @@ class SettingsController extends Controller { parent::init(); - $parser = new Parser(); - $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); + $parser = new Parser(); + $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); $this->settings = $parser->parse($yaml); } @@ -45,9 +50,6 @@ class SettingsController extends Controller */ public function index() { - $this->requireAdmin(); - - $this->layout->title = 'Settings'; $this->view->settings = $this->settings; $emailSettings = array(); @@ -60,10 +62,16 @@ class SettingsController extends Controller $buildSettings = $this->settings['phpci']['build']; } - $this->view->github = $this->getGithubForm(); - $this->view->emailSettings = $this->getEmailForm($emailSettings); - $this->view->buildSettings = $this->getBuildForm($buildSettings); - $this->view->isWriteable = $this->canWriteConfig(); + $authenticationSettings = array(); + if (isset($this->settings['phpci']['authentication_settings'])) { + $authenticationSettings = $this->settings['phpci']['authentication_settings']; + } + + $this->view->github = $this->getGithubForm(); + $this->view->emailSettings = $this->getEmailForm($emailSettings); + $this->view->buildSettings = $this->getBuildForm($buildSettings); + $this->view->isWriteable = $this->canWriteConfig(); + $this->view->authenticationSettings = $this->getAuthenticationForm($authenticationSettings); if (!empty($this->settings['phpci']['github']['token'])) { $this->view->githubUser = $this->getGithubUser($this->settings['phpci']['github']['token']); @@ -79,9 +87,9 @@ class SettingsController extends Controller { $this->requireAdmin(); - $this->settings['phpci']['github']['id'] = $this->getParam('githubid', ''); + $this->settings['phpci']['github']['id'] = $this->getParam('githubid', ''); $this->settings['phpci']['github']['secret'] = $this->getParam('githubsecret', ''); - $error = $this->storeSettings(); + $error = $this->storeSettings(); if ($error) { header('Location: ' . PHPCI_URL . 'settings?saved=2'); @@ -99,7 +107,7 @@ class SettingsController extends Controller { $this->requireAdmin(); - $this->settings['phpci']['email_settings'] = $this->getParams(); + $this->settings['phpci']['email_settings'] = $this->getParams(); $this->settings['phpci']['email_settings']['smtp_encryption'] = $this->getParam('smtp_encryption', 0); $error = $this->storeSettings(); @@ -133,19 +141,40 @@ class SettingsController extends Controller die; } + /** + * Handle authentication settings + */ + public function authentication() + { + $this->requireAdmin(); + + $this->settings['phpci']['authentication_settings']['state'] = $this->getParam('disable_authentication', 0); + $this->settings['phpci']['authentication_settings']['user_id'] = $_SESSION['phpci_user_id']; + + $error = $this->storeSettings(); + + if ($error) { + header('Location: ' . PHPCI_URL . 'settings?saved=2'); + } else { + header('Location: ' . PHPCI_URL . 'settings?saved=1'); + } + + die; + } + /** * Github redirects users back to this URL when t */ public function githubCallback() { - $code = $this->getParam('code', null); + $code = $this->getParam('code', null); $github = $this->settings['phpci']['github']; if (!is_null($code)) { - $http = new HttpClient(); - $url = 'https://github.com/login/oauth/access_token'; + $http = new HttpClient(); + $url = 'https://github.com/login/oauth/access_token'; $params = array('client_id' => $github['id'], 'client_secret' => $github['secret'], 'code' => $code); - $resp = $http->post($url, $params); + $resp = $http->post($url, $params); if ($resp['success']) { parse_str($resp['body'], $resp); @@ -165,12 +194,13 @@ class SettingsController extends Controller /** * Convert config to yaml and store to file. + * * @return mixed */ protected function storeSettings() { $dumper = new Dumper(); - $yaml = $dumper->dump($this->settings, 4); + $yaml = $dumper->dump($this->settings, 4); file_put_contents(APPLICATION_PATH . 'PHPCI/config.yml', $yaml); if (error_get_last()) { @@ -336,16 +366,52 @@ class SettingsController extends Controller $field->setClass('form-control'); $field->setContainerClass('form-group'); $field->setOptions([ - 300 => '5 Minutes', - 900 => '15 Minutes', - 1800 => '30 Minutes', - 3600 => '1 Hour', + 300 => '5 Minutes', + 900 => '15 Minutes', + 1800 => '30 Minutes', + 3600 => '1 Hour', 10800 => '3 Hours', ]); $field->setValue(1800); $form->addField($field); + $field = new Form\Element\Submit(); + $field->setValue('Save »'); + $field->setClass('btn btn-success pull-right'); + $form->addField($field); + + $form->setValues($values); + + return $form; + } + + /** + * Form for disabling user authentication while using a default user + * + * @param array $values + * @return Form + */ + protected function getAuthenticationForm($values = array()) + { + $form = new Form(); + $form->setMethod('POST'); + $form->setAction(PHPCI_URL . 'settings/authentication'); + $form->addField(new Form\Element\Csrf('csrf')); + + $field = new Form\Element\Checkbox('disable_authentication'); + $field->setCheckedValue(1); + $field->setRequired(false); + $field->setLabel('Disable Authentication?'); + $field->setContainerClass('form-group'); + $field->setValue(0); + + if (isset($values['state'])) { + $field->setValue((int)$values['state']); + } + + $form->addField($field); + $field = new Form\Element\Submit(); $field->setValue('Save »'); $field->setClass('btn btn-success pull-right'); diff --git a/PHPCI/View/Settings/index.phtml b/PHPCI/View/Settings/index.phtml index ddd49d89..e88a3001 100644 --- a/PHPCI/View/Settings/index.phtml +++ b/PHPCI/View/Settings/index.phtml @@ -104,4 +104,19 @@ - \ No newline at end of file + + +
+
+

Authentication Settings

+
+ +
+

+ Be careful: This setting disables authentication and uses your current admin account for all actions within phpci with admin rights. +

+ + + +
+