tyler.durden
/
icingaweb2
mirror of https://github.com/Icinga/icingaweb2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add admin creation routine 

refs #7163
This commit is contained in:
Johannes Meyer 2014-10-08 10:26:12 +02:00
parent 8f787e649c
commit 393191ced1
2 changed files with 66 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
library/Icinga/Application/WebInstaller.php
View File

@ -11,7 +11,9 @@ use Icinga\Web\Setup\DbTool;
use Icinga\Application\Icinga;
use Icinga\Application\Config;
use Icinga\Web\Setup\Installer;
use Icinga\Data\ResourceFactory;
use Icinga\Config\PreservingIniWriter;
use Icinga\Authentication\Backend\DbUserBackend;
/**
* Icinga Web 2 Installer
@ -88,6 +90,14 @@ class WebInstaller implements Installer
$this->log(sprintf(t('Unable to create: %s (%s)'), $authenticationIniPath, $e->getMessage()), false);
}
try {
$this->setupAdminAccount();
$this->log(t('Successfully created initial administrative account.'));
} catch (Exception $e) {
$success = false;
$this->log(sprintf(t('Failed to create initial administrative account: %s'), $e->getMessage()));
}
return $success;
}
@ -354,6 +364,25 @@ class WebInstaller implements Installer
}
}
/**
* Create the initial administrative account
*/
protected function setupAdminAccount()
{
if ($this->pageData['setup_admin_account']['user_type'] === 'new_user') {
$backend = new DbUserBackend(
ResourceFactory::createResource(new Zend_Config($this->pageData['setup_db_resource']))
);
if (array_search($this->pageData['setup_admin_account']['new_user'], $backend->listUsers()) === false) {
$backend->addUser(
$this->pageData['setup_admin_account']['new_user'],
$this->pageData['setup_admin_account']['new_user_password']
);
}
}
}
/**
* @see Installer::getSummary()
*/

40
library/Icinga/Authentication/Backend/DbUserBackend.php
View File

@ -20,7 +20,7 @@ class DbUserBackend extends UserBackend
*
* @var DbConnection
*/
private $conn;
protected $conn;
public function __construct(DbConnection $conn)
{
@ -44,6 +44,28 @@ class DbUserBackend extends UserBackend
return ($row !== false) ? true : false;
}
/**
* Add a new user
*
* @param string $username The name of the new user
* @param string $password The new user's password
* @param bool $active Whether the user is active
*/
public function addUser($username, $password, $active = true)
{
$passwordSalt = $this->generateSalt();
$hashedPassword = $this->hashPassword($password, $passwordSalt);
$stmt = $this->conn->getDbAdapter()->prepare(
'INSERT INTO account VALUES (:username, :salt, :password, :active);'
);
$stmt->execute(array(
':active' => $active,
':username' => $username,
':salt' => $passwordSalt,
':password' => $hashedPassword
));
}
/**
* Authenticate the given user and return true on success, false on failure and null on error
*
@ -92,13 +114,25 @@ class DbUserBackend extends UserBackend
*
* @return string|null
*/
private function getSalt($username)
protected function getSalt($username)
{
$select = new Zend_Db_Select($this->conn->getConnection());
$row = $select->from('account', array('salt'))->where('username = ?', $username)->query()->fetchObject();
return ($row !== false) ? $row->salt : null;
}
/**
* Return a random salt
*
* The returned salt is safe to be used for hashing a user's password
*
* @return string
*/
protected function generateSalt()
{
return openssl_random_pseudo_bytes(64);
}
/**
* Hash a password
*
@ -107,7 +141,7 @@ class DbUserBackend extends UserBackend
*
* @return string
*/
private function hashPassword($password, $salt) {
protected function hashPassword($password, $salt) {
return hash_hmac('sha256', $password, $salt);
}