2014-09-29 12:29:36 +02:00
|
|
|
<?php
|
2015-02-04 10:46:36 +01:00
|
|
|
/* Icinga Web 2 | (c) 2013-2015 Icinga Development Team | GPLv2+ */
|
2014-09-29 12:29:36 +02:00
|
|
|
|
2014-11-14 11:01:16 +01:00
|
|
|
namespace Icinga\Module\Setup\Forms;
|
2014-09-29 12:29:36 +02:00
|
|
|
|
|
|
|
use Exception;
|
|
|
|
use LogicException;
|
|
|
|
use Icinga\Web\Form;
|
2014-11-18 13:11:52 +01:00
|
|
|
use Icinga\Data\ConfigObject;
|
2014-09-29 12:29:36 +02:00
|
|
|
use Icinga\Data\ResourceFactory;
|
|
|
|
use Icinga\Authentication\Backend\DbUserBackend;
|
|
|
|
use Icinga\Authentication\Backend\LdapUserBackend;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Wizard page to define the initial administrative account
|
|
|
|
*/
|
|
|
|
class AdminAccountPage extends Form
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* The resource configuration to use
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $resourceConfig;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The backend configuration to use
|
|
|
|
*
|
|
|
|
* @var array
|
|
|
|
*/
|
|
|
|
protected $backendConfig;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialize this page
|
|
|
|
*/
|
|
|
|
public function init()
|
|
|
|
{
|
|
|
|
$this->setName('setup_admin_account');
|
|
|
|
$this->setViewScript('form/setup-admin-account.phtml');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the resource configuration to use
|
|
|
|
*
|
|
|
|
* @param array $config
|
|
|
|
*
|
|
|
|
* @return self
|
|
|
|
*/
|
|
|
|
public function setResourceConfig(array $config)
|
|
|
|
{
|
|
|
|
$this->resourceConfig = $config;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Set the backend configuration to use
|
|
|
|
*
|
|
|
|
* @param array $config
|
|
|
|
*
|
|
|
|
* @return self
|
|
|
|
*/
|
|
|
|
public function setBackendConfig(array $config)
|
|
|
|
{
|
|
|
|
$this->backendConfig = $config;
|
|
|
|
return $this;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @see Form::createElements()
|
|
|
|
*/
|
|
|
|
public function createElements(array $formData)
|
|
|
|
{
|
|
|
|
$choices = array();
|
|
|
|
|
|
|
|
if ($this->backendConfig['backend'] !== 'db') {
|
2015-01-19 11:07:39 +01:00
|
|
|
$choices['by_name'] = $this->translate('By Name', 'setup.admin');
|
2014-09-29 12:29:36 +02:00
|
|
|
$this->addElement(
|
|
|
|
'text',
|
|
|
|
'by_name',
|
|
|
|
array(
|
2015-02-05 13:18:21 +01:00
|
|
|
'required' => !isset($formData['user_type']) || $formData['user_type'] === 'by_name',
|
2014-09-29 12:29:36 +02:00
|
|
|
'value' => $this->getUsername(),
|
2015-01-19 11:07:39 +01:00
|
|
|
'label' => $this->translate('Username'),
|
|
|
|
'description' => $this->translate(
|
2014-09-29 12:29:36 +02:00
|
|
|
'Define the initial administrative account by providing a username that reflects'
|
|
|
|
. ' a user created later or one that is authenticated using external mechanisms'
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
2015-02-05 13:18:21 +01:00
|
|
|
if (! $this->request->isXmlHttpRequest()) {
|
|
|
|
// In case JS is disabled we must not provide client side validation as
|
|
|
|
// the user is required to input data even he has changed his mind
|
|
|
|
$this->getElement('by_name')->setAttrib('required', null);
|
|
|
|
$this->getElement('by_name')->setAttrib('aria-required', null);
|
|
|
|
}
|
2014-09-29 12:29:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if ($this->backendConfig['backend'] === 'db' || $this->backendConfig['backend'] === 'ldap') {
|
|
|
|
$users = $this->fetchUsers();
|
|
|
|
if (false === empty($users)) {
|
2015-01-19 11:07:39 +01:00
|
|
|
$choices['existing_user'] = $this->translate('Existing User');
|
2014-09-29 12:29:36 +02:00
|
|
|
$this->addElement(
|
|
|
|
'select',
|
|
|
|
'existing_user',
|
|
|
|
array(
|
|
|
|
'required' => isset($formData['user_type']) && $formData['user_type'] === 'existing_user',
|
2015-01-19 11:07:39 +01:00
|
|
|
'label' => $this->translate('Username'),
|
2014-09-29 12:29:36 +02:00
|
|
|
'description' => sprintf(
|
2015-01-19 11:07:39 +01:00
|
|
|
$this->translate(
|
2014-09-29 12:29:36 +02:00
|
|
|
'Choose a user reported by the %s backend as the initial administrative account',
|
|
|
|
'setup.admin'
|
|
|
|
),
|
2014-11-11 09:24:53 +01:00
|
|
|
$this->backendConfig['backend'] === 'db'
|
2015-01-19 11:07:39 +01:00
|
|
|
? $this->translate('database', 'setup.admin.authbackend')
|
2014-11-11 09:24:53 +01:00
|
|
|
: 'LDAP'
|
2014-09-29 12:29:36 +02:00
|
|
|
),
|
|
|
|
'multiOptions' => array_combine($users, $users)
|
|
|
|
)
|
|
|
|
);
|
2015-02-05 13:18:21 +01:00
|
|
|
if (! $this->request->isXmlHttpRequest()) {
|
|
|
|
// In case JS is disabled we must not provide client side validation as
|
|
|
|
// the user is required to input data even he has changed his mind
|
|
|
|
$this->getElement('existing_user')->setAttrib('required', null);
|
|
|
|
$this->getElement('existing_user')->setAttrib('aria-required', null);
|
|
|
|
}
|
2014-09-29 12:29:36 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($this->backendConfig['backend'] === 'db') {
|
2015-01-19 11:07:39 +01:00
|
|
|
$choices['new_user'] = $this->translate('New User');
|
2014-09-29 12:29:36 +02:00
|
|
|
$required = isset($formData['user_type']) && $formData['user_type'] === 'new_user';
|
|
|
|
$this->addElement(
|
|
|
|
'text',
|
|
|
|
'new_user',
|
|
|
|
array(
|
|
|
|
'required' => $required,
|
2015-01-19 11:07:39 +01:00
|
|
|
'label' => $this->translate('Username'),
|
|
|
|
'description' => $this->translate(
|
2014-09-29 12:29:36 +02:00
|
|
|
'Enter the username to be used when creating an initial administrative account'
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
$this->addElement(
|
|
|
|
'password',
|
|
|
|
'new_user_password',
|
|
|
|
array(
|
|
|
|
'required' => $required,
|
2015-01-19 11:07:39 +01:00
|
|
|
'label' => $this->translate('Password'),
|
|
|
|
'description' => $this->translate('Enter the password to assign to the newly created account')
|
2014-09-29 12:29:36 +02:00
|
|
|
)
|
|
|
|
);
|
|
|
|
$this->addElement(
|
|
|
|
'password',
|
|
|
|
'new_user_2ndpass',
|
|
|
|
array(
|
|
|
|
'required' => $required,
|
2015-01-19 11:07:39 +01:00
|
|
|
'label' => $this->translate('Repeat password'),
|
|
|
|
'description' => $this->translate('Please repeat the password given above to avoid typing errors'),
|
2014-09-29 12:29:36 +02:00
|
|
|
'validators' => array(
|
|
|
|
array('identical', false, array('new_user_password'))
|
|
|
|
)
|
|
|
|
)
|
|
|
|
);
|
2015-02-05 13:18:21 +01:00
|
|
|
if (! $this->request->isXmlHttpRequest()) {
|
|
|
|
// In case JS is disabled we must not provide client side validation as
|
|
|
|
// the user is required to input data even he has changed his mind
|
|
|
|
foreach (array('new_user', 'new_user_password', 'new_user_2ndpass') as $elementName) {
|
|
|
|
$this->getElement($elementName)->setAttrib('aria-required', null);
|
|
|
|
$this->getElement($elementName)->setAttrib('required', null);
|
|
|
|
}
|
|
|
|
}
|
2014-09-29 12:29:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (count($choices) > 1) {
|
|
|
|
$this->addElement(
|
|
|
|
'radio',
|
|
|
|
'user_type',
|
|
|
|
array(
|
|
|
|
'required' => true,
|
2015-02-05 13:18:21 +01:00
|
|
|
'autosubmit' => true,
|
|
|
|
'value' => key($choices),
|
2014-09-29 12:29:36 +02:00
|
|
|
'multiOptions' => $choices
|
|
|
|
)
|
|
|
|
);
|
|
|
|
} else {
|
|
|
|
$this->addElement(
|
|
|
|
'hidden',
|
|
|
|
'user_type',
|
|
|
|
array(
|
|
|
|
'required' => true,
|
|
|
|
'value' => key($choices)
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-10-08 10:38:04 +02:00
|
|
|
/**
|
|
|
|
* Validate the given request data and ensure that any new user does not already exist
|
|
|
|
*
|
|
|
|
* @param array $data The request data to validate
|
|
|
|
*
|
|
|
|
* @return bool
|
|
|
|
*/
|
|
|
|
public function isValid($data)
|
|
|
|
{
|
|
|
|
if (false === parent::isValid($data)) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ($data['user_type'] === 'new_user' && array_search($data['new_user'], $this->fetchUsers()) !== false) {
|
2015-01-19 11:07:39 +01:00
|
|
|
$this->getElement('new_user')->addError($this->translate('Username already exists.'));
|
2014-10-08 10:38:04 +02:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2015-02-05 13:18:21 +01:00
|
|
|
/**
|
|
|
|
* Return whether the given values (possibly incomplete) are valid
|
|
|
|
*
|
|
|
|
* Unsets all empty text-inputs so that they are not being validated when auto-submitting the form.
|
|
|
|
*
|
|
|
|
* @param array $formData
|
|
|
|
*
|
|
|
|
* @return type
|
|
|
|
*/
|
|
|
|
public function isValidPartial(array $formData)
|
|
|
|
{
|
|
|
|
foreach (array('by_name', 'new_user', 'new_user_password', 'new_user_2ndpass') as $elementName) {
|
|
|
|
if (isset($formData[$elementName]) && $formData[$elementName] === '') {
|
|
|
|
unset($formData[$elementName]);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return parent::isValidPartial($formData);
|
|
|
|
}
|
|
|
|
|
2014-09-29 12:29:36 +02:00
|
|
|
/**
|
|
|
|
* Return the name of the externally authenticated user
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
protected function getUsername()
|
|
|
|
{
|
|
|
|
if (false === isset($_SERVER['REMOTE_USER'])) {
|
|
|
|
return '';
|
|
|
|
}
|
|
|
|
|
|
|
|
$name = $_SERVER['REMOTE_USER'];
|
2014-10-20 15:14:14 +02:00
|
|
|
if (isset($this->backendConfig['strip_username_regexp']) && $this->backendConfig['strip_username_regexp']) {
|
2014-09-29 12:29:36 +02:00
|
|
|
// No need to silence or log anything here because the pattern has
|
|
|
|
// already been successfully compiled during backend configuration
|
|
|
|
$name = preg_replace($this->backendConfig['strip_username_regexp'], '', $name);
|
|
|
|
}
|
|
|
|
|
|
|
|
return $name;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Return the names of all users this backend currently provides
|
|
|
|
*
|
|
|
|
* @return array
|
|
|
|
*
|
|
|
|
* @throws LogicException In case the backend to fetch users from is not supported
|
|
|
|
*/
|
|
|
|
protected function fetchUsers()
|
|
|
|
{
|
|
|
|
if ($this->backendConfig['backend'] === 'db') {
|
2014-11-18 13:11:52 +01:00
|
|
|
$backend = new DbUserBackend(ResourceFactory::createResource(new ConfigObject($this->resourceConfig)));
|
2014-09-29 12:29:36 +02:00
|
|
|
} elseif ($this->backendConfig['backend'] === 'ldap') {
|
|
|
|
$backend = new LdapUserBackend(
|
2014-11-18 13:11:52 +01:00
|
|
|
ResourceFactory::createResource(new ConfigObject($this->resourceConfig)),
|
2014-09-29 12:29:36 +02:00
|
|
|
$this->backendConfig['user_class'],
|
2014-10-09 10:10:09 +02:00
|
|
|
$this->backendConfig['user_name_attribute'],
|
|
|
|
$this->backendConfig['base_dn']
|
2014-09-29 12:29:36 +02:00
|
|
|
);
|
|
|
|
} else {
|
|
|
|
throw new LogicException(
|
|
|
|
sprintf(
|
|
|
|
'Tried to fetch users from an unsupported authentication backend: %s',
|
|
|
|
$this->backendConfig['backend']
|
|
|
|
)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
2015-02-24 12:50:57 +01:00
|
|
|
$users = $backend->listUsers();
|
|
|
|
natsort ($users);
|
|
|
|
return $users;
|
2014-09-29 12:29:36 +02:00
|
|
|
} catch (Exception $e) {
|
|
|
|
// No need to handle anything special here. Error means no users found.
|
|
|
|
return array();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|