From 1dcc483ccbc5ddd3e52ad27179a3ba3d7eeeb0db Mon Sep 17 00:00:00 2001 From: Marc Aschmann Date: Tue, 15 Jul 2014 11:28:16 +0200 Subject: [PATCH 1/2] resolves #497 added feature to disable auth with a default user --- PHPCI/Application.php | 26 +++++++++++- PHPCI/Controller/SettingsController.php | 53 +++++++++++++++++++++++++ PHPCI/View/Settings/index.phtml | 21 ++++++++++ 3 files changed, 98 insertions(+), 2 deletions(-) diff --git a/PHPCI/Application.php b/PHPCI/Application.php index 3e15686e..6e90a76f 100644 --- a/PHPCI/Application.php +++ b/PHPCI/Application.php @@ -14,6 +14,7 @@ use b8\Exception\HttpException; use b8\Http\Response; use b8\Http\Response\RedirectResponse; use b8\View; +use Symfony\Component\Yaml\Parser; /** * PHPCI Front Controller @@ -43,11 +44,32 @@ class Application extends b8\Application return false; }; + // load settings to check if there's a configured default user and auth disabled + $skipAuth = function () { + $parser = new Parser(); + $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); + $settings = $parser->parse($yaml); + if ((!empty($settings['phpci']['authentication_settings']['state']) + && 1 == (int)$settings['phpci']['authentication_settings']['state']) + && !empty($settings['phpci']['authentication_settings']['user_id']) + ) { + $user = b8\Store\Factory::getStore('User') + ->getByPrimaryKey($settings['phpci']['authentication_settings']['user_id']); + + if ($user) { + $_SESSION['user'] = $user; + return true; + } + } + + return false; + }; + // Handler for the route we're about to register, checks for a valid session where necessary: - $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession) { + $routeHandler = function (&$route, Response &$response) use (&$request, $validateSession, $skipAuth) { $skipValidation = in_array($route['controller'], array('session', 'webhook', 'build-status')); - if (!$skipValidation && !$validateSession()) { + if (!$skipValidation && !$validateSession() && !$skipAuth()) { if ($request->isAjax()) { $response->setResponseCode(401); $response->setContent(''); diff --git a/PHPCI/Controller/SettingsController.php b/PHPCI/Controller/SettingsController.php index ebcab7e8..51edf749 100644 --- a/PHPCI/Controller/SettingsController.php +++ b/PHPCI/Controller/SettingsController.php @@ -41,13 +41,19 @@ class SettingsController extends Controller $this->view->settings = $this->settings; $emailSettings = array(); + $authenticationSettings = array(); if (isset($this->settings['phpci']['email_settings'])) { $emailSettings = $this->settings['phpci']['email_settings']; } + if (isset($this->settings['phpci']['authentication_settings'])) { + $authenticationSettings = $this->settings['phpci']['authentication_settings']; + } + $this->view->github = $this->getGithubForm(); $this->view->emailSettings = $this->getEmailForm($emailSettings); + $this->view->authenticationSettings = $this->getAuthenticationForm($authenticationSettings); $this->view->isWriteable = $this->canWriteConfig(); if (!empty($this->settings['phpci']['github']['token'])) { @@ -86,6 +92,23 @@ class SettingsController extends Controller die; } + public function authentication() + { + $this->settings['phpci']['authentication_settings']['state'] = $this->getParam('disable_authentication', 0); + $this->settings['phpci']['authentication_settings']['user_id'] = $_SESSION['user_id']; + + $error = $this->storeSettings(); + + if ($error) { + header('Location: ' . PHPCI_URL . 'settings?saved=2'); + } else { + header('Location: ' . PHPCI_URL . 'settings?saved=1'); + } + + die; + } + + /** * Github redirects users back to this URL when t */ @@ -236,6 +259,36 @@ class SettingsController extends Controller return $form; } + protected function getAuthenticationForm($values = array()) + { + $form = new Form(); + $form->setMethod('POST'); + $form->setAction(PHPCI_URL . 'settings/authentication'); + $form->addField(new Form\Element\Csrf('csrf')); + + $field = new Form\Element\Checkbox('disable_authentication'); + $field->setCheckedValue(1); + $field->setRequired(false); + $field->setLabel('Disable Authentication?'); + $field->setContainerClass('form-group'); + $field->setValue(0); + + if (isset($values['state'])) { + $field->setValue((int)$values['state']); + } + + $form->addField($field); + + $field = new Form\Element\Submit(); + $field->setValue('Save »'); + $field->setClass('btn btn-success pull-right'); + $form->addField($field); + + $form->setValues($values); + + return $form; + } + protected function getGithubUser($token) { $http = new HttpClient('https://api.github.com'); diff --git a/PHPCI/View/Settings/index.phtml b/PHPCI/View/Settings/index.phtml index 322206c4..462a2977 100644 --- a/PHPCI/View/Settings/index.phtml +++ b/PHPCI/View/Settings/index.phtml @@ -96,6 +96,27 @@ +
+ +
+ + + +
+
+
+

Authentication Settings

+ +

+ Be careful: This setting disables authentication and uses your preconfigured admin account for all actions within phpci with admin rights. +

+ +
+ +
+ +
+
From effd6909aa3ca7d52ff8b9244151faa698668e01 Mon Sep 17 00:00:00 2001 From: Marc Aschmann Date: Sun, 7 Dec 2014 17:51:00 +0100 Subject: [PATCH 2/2] reimplemented disable user --- PHPCI/Application.php | 37 +++++--- PHPCI/Controller/SettingsController.php | 110 ++++++++++++++++++++---- PHPCI/View/Settings/index.phtml | 32 +++---- 3 files changed, 129 insertions(+), 50 deletions(-) diff --git a/PHPCI/Application.php b/PHPCI/Application.php index 60aef140..9accc5fc 100644 --- a/PHPCI/Application.php +++ b/PHPCI/Application.php @@ -22,6 +22,9 @@ use PHPCI\Model\Build; */ class Application extends b8\Application { + /** + * init + */ public function init() { $request =& $this->request; @@ -44,24 +47,22 @@ class Application extends b8\Application return false; }; - // load settings to check if there's a configured default user and auth disabled + // Check settings for disable_authentication enabled and user_id $skipAuth = function () { - /** $parser = new Parser(); - $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); - $settings = $parser->parse($yaml); - if ((!empty($settings['phpci']['authentication_settings']['state']) - && 1 == (int)$settings['phpci']['authentication_settings']['state']) - && !empty($settings['phpci']['authentication_settings']['user_id']) - ) { + $config = b8\Config::getInstance(); + $state = (bool)$config->get('phpci.authentication_settings.state', false); + $id = $config->get('phpci.authentication_settings.user_id', 0); + + if (false !== $state && 0 != (int)$id) { $user = b8\Store\Factory::getStore('User') - ->getByPrimaryKey($settings['phpci']['authentication_settings']['user_id']); + ->getByPrimaryKey($id); if ($user) { - $_SESSION['user'] = $user; + $_SESSION['phpci_user'] = $user; return true; } } -*/ + return false; }; @@ -88,9 +89,12 @@ class Application extends b8\Application $this->router->clearRoutes(); $this->router->register($route, $opts, $routeHandler); } + /** - * Handle an incoming web request. - */ + * Handle an incoming web request. + * + * @return b8\b8\Http\Response|Response + */ public function handleRequest() { try { @@ -123,6 +127,10 @@ class Application extends b8\Application return $this->response; } + /** + * @param $class + * @return mixed + */ protected function loadController($class) { $controller = parent::loadController($class); @@ -133,6 +141,9 @@ class Application extends b8\Application return $controller; } + /** + * @param View $layout + */ protected function setLayoutVariables(View &$layout) { /** @var \PHPCI\Store\ProjectStore $projectStore */ diff --git a/PHPCI/Controller/SettingsController.php b/PHPCI/Controller/SettingsController.php index 7dd15f27..067ba914 100644 --- a/PHPCI/Controller/SettingsController.php +++ b/PHPCI/Controller/SettingsController.php @@ -19,23 +19,34 @@ use Symfony\Component\Yaml\Parser; /** * Settings Controller + * * @author Dan Cryer * @package PHPCI * @subpackage Web */ class SettingsController extends Controller { + + /** + * @var array + */ protected $settings; + /** + * + */ public function init() { parent::init(); - $parser = new Parser(); - $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); + $parser = new Parser(); + $yaml = file_get_contents(APPLICATION_PATH . 'PHPCI/config.yml'); $this->settings = $parser->parse($yaml); } + /** + * @return string + */ public function index() { $this->view->settings = $this->settings; @@ -50,10 +61,16 @@ class SettingsController extends Controller $buildSettings = $this->settings['phpci']['build']; } - $this->view->github = $this->getGithubForm(); - $this->view->emailSettings = $this->getEmailForm($emailSettings); - $this->view->buildSettings = $this->getBuildForm($buildSettings); - $this->view->isWriteable = $this->canWriteConfig(); + $authenticationSettings = array(); + if (isset($this->settings['phpci']['authentication_settings'])) { + $authenticationSettings = $this->settings['phpci']['authentication_settings']; + } + + $this->view->github = $this->getGithubForm(); + $this->view->emailSettings = $this->getEmailForm($emailSettings); + $this->view->buildSettings = $this->getBuildForm($buildSettings); + $this->view->isWriteable = $this->canWriteConfig(); + $this->view->authenticationSettings = $this->getAuthenticationForm($authenticationSettings); if (!empty($this->settings['phpci']['github']['token'])) { $this->view->githubUser = $this->getGithubUser($this->settings['phpci']['github']['token']); @@ -62,13 +79,16 @@ class SettingsController extends Controller return $this->view->render(); } + /** + * @throws \PHPCI\ForbiddenException + */ public function github() { $this->requireAdmin(); - $this->settings['phpci']['github']['id'] = $this->getParam('githubid', ''); + $this->settings['phpci']['github']['id'] = $this->getParam('githubid', ''); $this->settings['phpci']['github']['secret'] = $this->getParam('githubsecret', ''); - $error = $this->storeSettings(); + $error = $this->storeSettings(); if ($error) { header('Location: ' . PHPCI_URL . 'settings?saved=2'); @@ -79,11 +99,14 @@ class SettingsController extends Controller die; } + /** + * @throws \PHPCI\ForbiddenException + */ public function email() { $this->requireAdmin(); - $this->settings['phpci']['email_settings'] = $this->getParams(); + $this->settings['phpci']['email_settings'] = $this->getParams(); $this->settings['phpci']['email_settings']['smtp_encryption'] = $this->getParam('smtp_encryption', 0); $error = $this->storeSettings(); @@ -97,6 +120,9 @@ class SettingsController extends Controller die; } + /** + * @throws \PHPCI\ForbiddenException + */ public function build() { $this->requireAdmin(); @@ -114,19 +140,42 @@ class SettingsController extends Controller die; } + /** + * Handle authentication settings + * + * @throws \PHPCI\ForbiddenException + */ + public function authentication() + { + $this->requireAdmin(); + + $this->settings['phpci']['authentication_settings']['state'] = $this->getParam('disable_authentication', 0); + $this->settings['phpci']['authentication_settings']['user_id'] = $_SESSION['phpci_user_id']; + + $error = $this->storeSettings(); + + if ($error) { + header('Location: ' . PHPCI_URL . 'settings?saved=2'); + } else { + header('Location: ' . PHPCI_URL . 'settings?saved=1'); + } + + die; + } + /** * Github redirects users back to this URL when t */ public function githubCallback() { - $code = $this->getParam('code', null); + $code = $this->getParam('code', null); $github = $this->settings['phpci']['github']; if (!is_null($code)) { - $http = new HttpClient(); - $url = 'https://github.com/login/oauth/access_token'; + $http = new HttpClient(); + $url = 'https://github.com/login/oauth/access_token'; $params = array('client_id' => $github['id'], 'client_secret' => $github['secret'], 'code' => $code); - $resp = $http->post($url, $params); + $resp = $http->post($url, $params); if ($resp['success']) { parse_str($resp['body'], $resp); @@ -146,12 +195,13 @@ class SettingsController extends Controller /** * Convert config to yaml and store to file. + * * @return mixed */ protected function storeSettings() { $dumper = new Dumper(); - $yaml = $dumper->dump($this->settings, 4); + $yaml = $dumper->dump($this->settings, 4); file_put_contents(APPLICATION_PATH . 'PHPCI/config.yml', $yaml); if (error_get_last()) { @@ -160,6 +210,9 @@ class SettingsController extends Controller } } + /** + * @return Form + */ protected function getGithubForm() { $form = new Form(); @@ -199,6 +252,10 @@ class SettingsController extends Controller return $form; } + /** + * @param array $values + * @return Form + */ protected function getEmailForm($values = array()) { $form = new Form(); @@ -269,6 +326,10 @@ class SettingsController extends Controller return $form; } + /** + * @param $token + * @return mixed + */ protected function getGithubUser($token) { $http = new HttpClient('https://api.github.com'); @@ -277,11 +338,18 @@ class SettingsController extends Controller return $user['body']; } + /** + * @return bool + */ protected function canWriteConfig() { return is_writeable(APPLICATION_PATH . 'PHPCI/config.yml'); } + /** + * @param array $values + * @return Form + */ protected function getBuildForm($values = array()) { $form = new Form(); @@ -294,10 +362,10 @@ class SettingsController extends Controller $field->setClass('form-control'); $field->setContainerClass('form-group'); $field->setOptions([ - 300 => '5 Minutes', - 900 => '15 Minutes', - 1800 => '30 Minutes', - 3600 => '1 Hour', + 300 => '5 Minutes', + 900 => '15 Minutes', + 1800 => '30 Minutes', + 3600 => '1 Hour', 10800 => '3 Hours', ]); $field->setValue(1800); @@ -314,6 +382,12 @@ class SettingsController extends Controller return $form; } + /** + * Form for disabling user authentication while using a default user + * + * @param array $values + * @return Form + */ protected function getAuthenticationForm($values = array()) { $form = new Form(); diff --git a/PHPCI/View/Settings/index.phtml b/PHPCI/View/Settings/index.phtml index 11dc58b8..e88a3001 100644 --- a/PHPCI/View/Settings/index.phtml +++ b/PHPCI/View/Settings/index.phtml @@ -106,23 +106,17 @@
-
-
-
-

Authentication Settings

- -

- Be careful: This setting disables authentication and uses your preconfigured admin account for all actions within phpci with admin rights. -

- -
- -
- -
- -
- -
+
+
+

Authentication Settings

-
\ No newline at end of file + +
+

+ Be careful: This setting disables authentication and uses your current admin account for all actions within phpci with admin rights. +

+ + + +
+