mirror of
https://github.com/Icinga/icingaweb2.git
synced 2025-07-27 15:54:03 +02:00
Johannes Meyer
parent
8f787e649c
commit
393191ced1
@ -11,7 +11,9 @@ use Icinga\Web\Setup\DbTool;
|
|||||||
use Icinga\Application\Icinga;
|
use Icinga\Application\Icinga;
|
||||||
use Icinga\Application\Config;
|
use Icinga\Application\Config;
|
||||||
use Icinga\Web\Setup\Installer;
|
use Icinga\Web\Setup\Installer;
|
||||||
|
use Icinga\Data\ResourceFactory;
|
||||||
use Icinga\Config\PreservingIniWriter;
|
use Icinga\Config\PreservingIniWriter;
|
||||||
|
use Icinga\Authentication\Backend\DbUserBackend;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Icinga Web 2 Installer
|
* Icinga Web 2 Installer
|
||||||
@ -88,6 +90,14 @@ class WebInstaller implements Installer
|
|||||||
$this->log(sprintf(t('Unable to create: %s (%s)'), $authenticationIniPath, $e->getMessage()), false);
|
$this->log(sprintf(t('Unable to create: %s (%s)'), $authenticationIniPath, $e->getMessage()), false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
$this->setupAdminAccount();
|
||||||
|
$this->log(t('Successfully created initial administrative account.'));
|
||||||
|
} catch (Exception $e) {
|
||||||
|
$success = false;
|
||||||
|
$this->log(sprintf(t('Failed to create initial administrative account: %s'), $e->getMessage()));
|
||||||
|
}
|
||||||
|
|
||||||
return $success;
|
return $success;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -354,6 +364,25 @@ class WebInstaller implements Installer
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create the initial administrative account
|
||||||
|
*/
|
||||||
|
protected function setupAdminAccount()
|
||||||
|
{
|
||||||
|
if ($this->pageData['setup_admin_account']['user_type'] === 'new_user') {
|
||||||
|
$backend = new DbUserBackend(
|
||||||
|
ResourceFactory::createResource(new Zend_Config($this->pageData['setup_db_resource']))
|
||||||
|
);
|
||||||
|
|
||||||
|
if (array_search($this->pageData['setup_admin_account']['new_user'], $backend->listUsers()) === false) {
|
||||||
|
$backend->addUser(
|
||||||
|
$this->pageData['setup_admin_account']['new_user'],
|
||||||
|
$this->pageData['setup_admin_account']['new_user_password']
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @see Installer::getSummary()
|
* @see Installer::getSummary()
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -20,7 +20,7 @@ class DbUserBackend extends UserBackend
|
|||||||
*
|
*
|
||||||
* @var DbConnection
|
* @var DbConnection
|
||||||
*/
|
*/
|
||||||
private $conn;
|
protected $conn;
|
||||||
|
|
||||||
public function __construct(DbConnection $conn)
|
public function __construct(DbConnection $conn)
|
||||||
{
|
{
|
||||||
@ -44,6 +44,28 @@ class DbUserBackend extends UserBackend
|
|||||||
return ($row !== false) ? true : false;
|
return ($row !== false) ? true : false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Add a new user
|
||||||
|
*
|
||||||
|
* @param string $username The name of the new user
|
||||||
|
* @param string $password The new user's password
|
||||||
|
* @param bool $active Whether the user is active
|
||||||
|
*/
|
||||||
|
public function addUser($username, $password, $active = true)
|
||||||
|
{
|
||||||
|
$passwordSalt = $this->generateSalt();
|
||||||
|
$hashedPassword = $this->hashPassword($password, $passwordSalt);
|
||||||
|
$stmt = $this->conn->getDbAdapter()->prepare(
|
||||||
|
'INSERT INTO account VALUES (:username, :salt, :password, :active);'
|
||||||
|
);
|
||||||
|
$stmt->execute(array(
|
||||||
|
':active' => $active,
|
||||||
|
':username' => $username,
|
||||||
|
':salt' => $passwordSalt,
|
||||||
|
':password' => $hashedPassword
|
||||||
|
));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Authenticate the given user and return true on success, false on failure and null on error
|
* Authenticate the given user and return true on success, false on failure and null on error
|
||||||
*
|
*
|
||||||
@ -92,13 +114,25 @@ class DbUserBackend extends UserBackend
|
|||||||
*
|
*
|
||||||
* @return string|null
|
* @return string|null
|
||||||
*/
|
*/
|
||||||
private function getSalt($username)
|
protected function getSalt($username)
|
||||||
{
|
{
|
||||||
$select = new Zend_Db_Select($this->conn->getConnection());
|
$select = new Zend_Db_Select($this->conn->getConnection());
|
||||||
$row = $select->from('account', array('salt'))->where('username = ?', $username)->query()->fetchObject();
|
$row = $select->from('account', array('salt'))->where('username = ?', $username)->query()->fetchObject();
|
||||||
return ($row !== false) ? $row->salt : null;
|
return ($row !== false) ? $row->salt : null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return a random salt
|
||||||
|
*
|
||||||
|
* The returned salt is safe to be used for hashing a user's password
|
||||||
|
*
|
||||||
|
* @return string
|
||||||
|
*/
|
||||||
|
protected function generateSalt()
|
||||||
|
{
|
||||||
|
return openssl_random_pseudo_bytes(64);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Hash a password
|
* Hash a password
|
||||||
*
|
*
|
||||||
@ -107,7 +141,7 @@ class DbUserBackend extends UserBackend
|
|||||||
*
|
*
|
||||||
* @return string
|
* @return string
|
||||||
*/
|
*/
|
||||||
private function hashPassword($password, $salt) {
|
protected function hashPassword($password, $salt) {
|
||||||
return hash_hmac('sha256', $password, $salt);
|
return hash_hmac('sha256', $password, $salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user