423 lines
13 KiB
PHP
423 lines
13 KiB
PHP
<?php
|
|
/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
|
|
|
|
namespace Icinga\Module\Setup\Forms;
|
|
|
|
use Exception;
|
|
use Icinga\Application\Config;
|
|
use Icinga\Authentication\User\UserBackend;
|
|
use Icinga\Authentication\User\DbUserBackend;
|
|
use Icinga\Authentication\User\LdapUserBackend;
|
|
use Icinga\Authentication\UserGroup\UserGroupBackend;
|
|
use Icinga\Authentication\UserGroup\LdapUserGroupBackend;
|
|
use Icinga\Data\ConfigObject;
|
|
use Icinga\Data\ResourceFactory;
|
|
use Icinga\Data\Selectable;
|
|
use Icinga\Exception\NotImplementedError;
|
|
use Icinga\Web\Form;
|
|
|
|
/**
|
|
* Wizard page to define the initial administrative account
|
|
*/
|
|
class AdminAccountPage extends Form
|
|
{
|
|
/**
|
|
* The resource configuration to use
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $resourceConfig;
|
|
|
|
/**
|
|
* The user backend configuration to use
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $backendConfig;
|
|
|
|
/**
|
|
* The user group backend configuration to use
|
|
*
|
|
* @var array
|
|
*/
|
|
protected $groupConfig;
|
|
|
|
/**
|
|
* Initialize this page
|
|
*/
|
|
public function init()
|
|
{
|
|
$this->setName('setup_admin_account');
|
|
$this->setTitle($this->translate('Administration', 'setup.page.title'));
|
|
$this->addDescription($this->translate(
|
|
'Now it\'s time to configure your first administrative account or group for Icinga Web 2.'
|
|
));
|
|
}
|
|
|
|
/**
|
|
* Set the resource configuration to use
|
|
*
|
|
* @param array $config
|
|
*
|
|
* @return $this
|
|
*/
|
|
public function setResourceConfig(array $config)
|
|
{
|
|
$this->resourceConfig = $config;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Set the user backend configuration to use
|
|
*
|
|
* @param array $config
|
|
*
|
|
* @return $this
|
|
*/
|
|
public function setBackendConfig(array $config)
|
|
{
|
|
$this->backendConfig = $config;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* Set the user group backend configuration to use
|
|
*
|
|
* @param array $config
|
|
*
|
|
* @return $this
|
|
*/
|
|
public function setGroupConfig(array $config = null)
|
|
{
|
|
$this->groupConfig = $config;
|
|
return $this;
|
|
}
|
|
|
|
/**
|
|
* @see Form::createElements()
|
|
*/
|
|
public function createElements(array $formData)
|
|
{
|
|
$choices = array();
|
|
if ($this->backendConfig['backend'] !== 'db') {
|
|
$choices['by_name'] = $this->translate('By Name', 'setup.admin');
|
|
$choice = isset($formData['user_type']) ? $formData['user_type'] : 'by_name';
|
|
|
|
if (in_array($this->backendConfig['backend'], array('ldap', 'msldap'))) {
|
|
$groups = $this->fetchGroups();
|
|
if (! empty($groups)) {
|
|
$choices['user_group'] = $this->translate('User Group', 'setup.admin');
|
|
}
|
|
}
|
|
} else {
|
|
$choices['new_user'] = $this->translate('New User', 'setup.admin');
|
|
$choice = isset($formData['user_type']) ? $formData['user_type'] : 'new_user';
|
|
}
|
|
|
|
if (in_array($this->backendConfig['backend'], array('db', 'ldap', 'msldap'))) {
|
|
$users = $this->fetchUsers();
|
|
if (! empty($users)) {
|
|
$choices['existing_user'] = $this->translate('Existing User', 'setup.admin');
|
|
}
|
|
}
|
|
|
|
if (count($choices) > 1) {
|
|
$this->addElement(
|
|
'select',
|
|
'user_type',
|
|
array(
|
|
'required' => true,
|
|
'autosubmit' => true,
|
|
'label' => $this->translate('Type Of Definition'),
|
|
'description' => $this->translate('Choose how to define the desired account.'),
|
|
'multiOptions' => $choices,
|
|
'value' => $choice
|
|
)
|
|
);
|
|
} else {
|
|
$this->addElement(
|
|
'hidden',
|
|
'user_type',
|
|
array(
|
|
'required' => true,
|
|
'value' => key($choices)
|
|
)
|
|
);
|
|
}
|
|
|
|
if ($choice === 'by_name') {
|
|
$this->addElement(
|
|
'text',
|
|
'by_name',
|
|
array(
|
|
'required' => true,
|
|
'value' => $this->getUsername(),
|
|
'label' => $this->translate('Username'),
|
|
'description' => $this->translate(
|
|
'Define the initial administrative account by providing a username that reflects'
|
|
. ' a user created later or one that is authenticated using external mechanisms.'
|
|
)
|
|
)
|
|
);
|
|
}
|
|
|
|
if ($choice === 'user_group') {
|
|
$this->addElement(
|
|
'select',
|
|
'user_group',
|
|
array(
|
|
'required' => true,
|
|
'label' => $this->translate('Group Name'),
|
|
'description' => $this->translate(
|
|
'Choose a user group reported by the LDAP backend'
|
|
. ' to permit its members administrative access.',
|
|
'setup.admin'
|
|
),
|
|
'multiOptions' => array_combine($groups, $groups)
|
|
)
|
|
);
|
|
}
|
|
|
|
if ($choice === 'existing_user') {
|
|
$this->addElement(
|
|
'select',
|
|
'existing_user',
|
|
array(
|
|
'required' => true,
|
|
'label' => $this->translate('Username'),
|
|
'description' => sprintf(
|
|
$this->translate(
|
|
'Choose a user reported by the %s backend as the initial administrative account.',
|
|
'setup.admin'
|
|
),
|
|
$this->backendConfig['backend'] === 'db'
|
|
? $this->translate('database', 'setup.admin.authbackend')
|
|
: 'LDAP'
|
|
),
|
|
'multiOptions' => array_combine($users, $users)
|
|
)
|
|
);
|
|
}
|
|
|
|
if ($choice === 'new_user') {
|
|
$this->addElement(
|
|
'text',
|
|
'new_user',
|
|
array(
|
|
'required' => true,
|
|
'label' => $this->translate('Username'),
|
|
'description' => $this->translate(
|
|
'Enter the username to be used when creating an initial administrative account.'
|
|
)
|
|
)
|
|
);
|
|
$this->addElement(
|
|
'password',
|
|
'new_user_password',
|
|
array(
|
|
'required' => true,
|
|
'renderPassword' => true,
|
|
'label' => $this->translate('Password'),
|
|
'description' => $this->translate(
|
|
'Enter the password to assign to the newly created account.'
|
|
)
|
|
)
|
|
);
|
|
$this->addElement(
|
|
'password',
|
|
'new_user_2ndpass',
|
|
array(
|
|
'required' => true,
|
|
'renderPassword' => true,
|
|
'label' => $this->translate('Repeat password'),
|
|
'description' => $this->translate(
|
|
'Please repeat the password given above to avoid typing errors.'
|
|
),
|
|
'validators' => array(
|
|
array('identical', false, array('new_user_password'))
|
|
)
|
|
)
|
|
);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Validate the given request data and ensure that any new user does not already exist
|
|
*
|
|
* @param array $data The request data to validate
|
|
*
|
|
* @return bool
|
|
*/
|
|
public function isValid($data)
|
|
{
|
|
if (false === parent::isValid($data)) {
|
|
return false;
|
|
}
|
|
|
|
if ($data['user_type'] === 'new_user' && $this->hasUser($data['new_user'])) {
|
|
$this->getElement('new_user')->addError($this->translate('Username already exists.'));
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Return the name of the externally authenticated user
|
|
*
|
|
* @return string
|
|
*/
|
|
protected function getUsername()
|
|
{
|
|
$name = getenv('REMOTE_USER');
|
|
if ($name === false) {
|
|
return '';
|
|
}
|
|
|
|
if (isset($this->backendConfig['strip_username_regexp']) && $this->backendConfig['strip_username_regexp']) {
|
|
// No need to silence or log anything here because the pattern has
|
|
// already been successfully compiled during backend configuration
|
|
$name = preg_replace($this->backendConfig['strip_username_regexp'], '', $name);
|
|
}
|
|
|
|
return $name;
|
|
}
|
|
|
|
/**
|
|
* Return the names of all users the user backend currently provides
|
|
*
|
|
* @return array
|
|
*/
|
|
protected function fetchUsers()
|
|
{
|
|
try {
|
|
$query = $this
|
|
->createUserBackend()
|
|
->select(array('user_name'))
|
|
->order('user_name', 'asc', true);
|
|
if (in_array($this->backendConfig['backend'], array('ldap', 'msldap'))) {
|
|
$query->getQuery()->setUsePagedResults();
|
|
}
|
|
|
|
return $query->fetchColumn();
|
|
} catch (Exception $_) {
|
|
// No need to handle anything special here. Error means no users found.
|
|
return array();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return whether the user backend provides a user with the given name
|
|
*
|
|
* @param string $username
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function hasUser($username)
|
|
{
|
|
try {
|
|
return $this
|
|
->createUserBackend()
|
|
->select()
|
|
->where('user_name', $username)
|
|
->count() > 1;
|
|
} catch (Exception $_) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create and return the user backend
|
|
*
|
|
* @return DbUserBackend|LdapUserBackend
|
|
*/
|
|
protected function createUserBackend()
|
|
{
|
|
$resourceConfig = new Config();
|
|
$resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig);
|
|
ResourceFactory::setConfig($resourceConfig);
|
|
|
|
$config = new ConfigObject($this->backendConfig);
|
|
$config->resource = $this->resourceConfig['name'];
|
|
return UserBackend::create(null, $config);
|
|
}
|
|
|
|
/**
|
|
* Return the names of all user groups the user group backend currently provides
|
|
*
|
|
* @return array
|
|
*/
|
|
protected function fetchGroups()
|
|
{
|
|
try {
|
|
$query = $this
|
|
->createUserGroupBackend()
|
|
->select(array('group_name'));
|
|
if (in_array($this->backendConfig['backend'], array('ldap', 'msldap'))) {
|
|
$query->getQuery()->setUsePagedResults();
|
|
}
|
|
|
|
return $query->fetchColumn();
|
|
} catch (Exception $_) {
|
|
// No need to handle anything special here. Error means no groups found.
|
|
return array();
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Return whether the user group backend provides a user group with the given name
|
|
*
|
|
* @param string $groupname
|
|
*
|
|
* @return bool
|
|
*/
|
|
protected function hasGroup($groupname)
|
|
{
|
|
try {
|
|
return $this
|
|
->createUserGroupBackend()
|
|
->select()
|
|
->where('group_name', $groupname)
|
|
->count() > 1;
|
|
} catch (Exception $_) {
|
|
return false;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Create and return the user group backend
|
|
*
|
|
* @return LdapUserGroupBackend
|
|
*/
|
|
protected function createUserGroupBackend()
|
|
{
|
|
$resourceConfig = new Config();
|
|
$resourceConfig->setSection($this->resourceConfig['name'], $this->resourceConfig);
|
|
ResourceFactory::setConfig($resourceConfig);
|
|
|
|
$backendConfig = new Config();
|
|
$backendConfig->setSection($this->backendConfig['name'], array_merge(
|
|
$this->backendConfig,
|
|
array('resource' => $this->resourceConfig['name'])
|
|
));
|
|
UserBackend::setConfig($backendConfig);
|
|
|
|
if (empty($this->groupConfig)) {
|
|
$groupConfig = new ConfigObject(array(
|
|
'backend' => $this->backendConfig['backend'], // _Should_ be "db" or "msldap"
|
|
'resource' => $this->resourceConfig['name'],
|
|
'user_backend' => $this->backendConfig['name'] // Gets ignored if 'backend' is "db"
|
|
));
|
|
} else {
|
|
$groupConfig = new ConfigObject($this->groupConfig);
|
|
}
|
|
|
|
$backend = UserGroupBackend::create(null, $groupConfig);
|
|
if (! $backend instanceof Selectable) {
|
|
throw new NotImplementedError('Unsupported, until #9772 has been resolved');
|
|
}
|
|
|
|
return $backend;
|
|
}
|
|
}
|