From 4932dda11c4fe4bcb67af82cf4ed516d261e84f0 Mon Sep 17 00:00:00 2001 From: Lars Jung Date: Wed, 13 May 2015 14:07:21 +0200 Subject: [PATCH] Move passhass to options. --- src/_h5ai/backend/php/core/class-context.php | 10 ++++++++-- src/_h5ai/backend/php/core/class-setup.php | 17 +++-------------- src/_h5ai/conf/options.json | 10 ++++++++++ src/_h5ai/conf/passhash.php | 7 ------- src/_h5ai/public/js/inc/main/info.js | 6 +++--- 5 files changed, 24 insertions(+), 26 deletions(-) delete mode 100644 src/_h5ai/conf/passhash.php diff --git a/src/_h5ai/backend/php/core/class-context.php b/src/_h5ai/backend/php/core/class-context.php index e3ccaf71..242975b2 100644 --- a/src/_h5ai/backend/php/core/class-context.php +++ b/src/_h5ai/backend/php/core/class-context.php @@ -2,19 +2,26 @@ class Context { + private static $DEFAULT_PASSHASH = 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'; private static $AS_ADMIN_SESSION_KEY = 'AS_ADMIN'; private $session; private $request; private $setup; private $options; + private $passhash; public function __construct($session, $request, $setup) { $this->session = $session; $this->request = $request; $this->setup = $setup; + $this->options = Util::load_commented_json($this->setup->get('APP_PATH') . '/conf/options.json'); + + $this->passhash = $this->query_option('passhash', ''); + $this->options['hasCustomPasshash'] = strcasecmp($this->passhash, Context::$DEFAULT_PASSHASH) !== 0; + unset($this->options['passhash']); } public function get_session() { @@ -49,8 +56,7 @@ class Context { public function login_admin($pass) { - $hash = $this->setup->get('PASSHASH'); - $this->session->set(Context::$AS_ADMIN_SESSION_KEY, strcasecmp(hash('sha512', $pass), $hash) === 0); + $this->session->set(Context::$AS_ADMIN_SESSION_KEY, strcasecmp(hash('sha512', $pass), $this->passhash) === 0); return $this->session->get(Context::$AS_ADMIN_SESSION_KEY); } diff --git a/src/_h5ai/backend/php/core/class-setup.php b/src/_h5ai/backend/php/core/class-setup.php index ce2dbcd8..cbafdae5 100644 --- a/src/_h5ai/backend/php/core/class-setup.php +++ b/src/_h5ai/backend/php/core/class-setup.php @@ -2,8 +2,6 @@ class Setup { - private static $DEFAULT_PASSHASH = 'cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e'; - private $store; private $refresh; @@ -15,7 +13,6 @@ class Setup { $this->add_globals_and_envs(); $this->add_php_checks(); $this->add_app_metadata(); - $this->add_admin_check(); $this->add_server_metadata_and_check(); $this->add_paths(); $this->add_sys_cmd_checks(); @@ -56,7 +53,6 @@ class Setup { $this->set('PHP_VERSION', PHP_VERSION); $this->set('MIN_PHP_VERSION', MIN_PHP_VERSION); - $this->set('PASSHASH', PASSHASH); $this->set('REQUEST_METHOD', getenv('REQUEST_METHOD')); $this->set('REQUEST_HREF', parse_url(getenv('REQUEST_URI'), PHP_URL_PATH)); @@ -83,11 +79,6 @@ class Setup { $this->set('FILE_PREFIX', '_{{pkg.name}}'); } - private function add_admin_check() { - - $this->set('HAS_CUSTOM_PASSHASH', strtolower(PASSHASH) !== Setup::$DEFAULT_PASSHASH); - } - private function add_server_metadata_and_check() { $server_software = $this->get('SERVER_SOFTWARE'); @@ -117,8 +108,8 @@ class Setup { $this->set('ROOT_HREF', Util::normalize_path(dirname($this->get('APP_HREF')), true)); $this->set('ROOT_PATH', Util::normalize_path(dirname($this->get('APP_PATH')), false)); - $this->set('PUBLIC_HREF', $this->get('APP_HREF') . 'public/'); - $this->set('INDEX_HREF', $this->get('APP_HREF') . 'public/index.php'); + $this->set('PUBLIC_HREF', Util::normalize_path($this->get('APP_HREF') . '/public', true)); + $this->set('INDEX_HREF', Util::normalize_path($this->get('APP_HREF') . '/public/index.php', false)); $this->set('CACHE_HREF', Util::normalize_path($this->get('APP_HREF') . '/public/cache', true)); $this->set('CACHE_PATH', Util::normalize_path($this->get('APP_PATH') . '/public/cache', false)); @@ -157,9 +148,7 @@ class Setup { $keys = [ 'APP_HREF', 'ROOT_HREF', - 'VERSION', - - 'HAS_CUSTOM_PASSHASH' + 'VERSION' ]; if ($as_admin) { diff --git a/src/_h5ai/conf/options.json b/src/_h5ai/conf/options.json index 59cf94d2..3ebc2cf7 100644 --- a/src/_h5ai/conf/options.json +++ b/src/_h5ai/conf/options.json @@ -6,6 +6,16 @@ Options */ { + /* + Password hash. + + SHA512 hash of the info page password, the preset password is the empty string. + Online hash generator: http://md5hashing.net/hashing/sha512 + */ + "passhash": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e", + + + /* General view options. diff --git a/src/_h5ai/conf/passhash.php b/src/_h5ai/conf/passhash.php deleted file mode 100644 index ac02526f..00000000 --- a/src/_h5ai/conf/passhash.php +++ /dev/null @@ -1,7 +0,0 @@ -login' + 'logout' + '
' + - 'The preset password is the empty string, just hit login. ' + - 'Change it in \'_h5ai/conf/passhash.php\'.' + + 'The preset password is the empty string, just click login. ' + + 'Change it in \'_h5ai/conf/options.json\'.' + '
' + ''; var setup = config.setup; @@ -146,7 +146,7 @@ modulejs.define('main/info', ['$', 'config', 'core/server'], function ($, config $('#login').on('click', onLogin); $('#logout').remove(); } - if (setup.HAS_CUSTOM_PASSHASH) { + if (config.options.hasCustomPasshash) { $('#hint').remove(); } }