Adding upstream version 2.12.1.upstream/2.12.1upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 238 insertions, 0 deletions

diff --git a/modules/setup/library/Setup/Steps/AuthenticationStep.php b/modules/setup/library/Setup/Steps/AuthenticationStep.php
new file mode 100644
index 0000000..3c6c64a
--- /dev/null
+++ b/modules/setup/library/Setup/Steps/AuthenticationStep.php
@@ -0,0 +1,238 @@
+<?php
+/* Icinga Web 2 | (c) 2014 Icinga Development Team | GPLv2+ */
+
+namespace Icinga\Module\Setup\Steps;
+
+use Exception;
+use Icinga\Application\Config;
+use Icinga\Data\ConfigObject;
+use Icinga\Data\ResourceFactory;
+use Icinga\Exception\IcingaException;
+use Icinga\Authentication\User\DbUserBackend;
+use Icinga\Module\Setup\Step;
+
+class AuthenticationStep extends Step
+{
+    protected $data;
+
+    protected $dbError;
+
+    protected $authIniError;
+
+    protected $permIniError;
+
+    public function __construct(array $data)
+    {
+        $this->data = $data;
+    }
+
+    public function apply()
+    {
+        $success = $this->createAuthenticationIni();
+        if (isset($this->data['adminAccountData']['resourceConfig'])) {
+            $success &= $this->createAccount();
+        }
+
+        $success &= $this->createRolesIni();
+        return $success;
+    }
+
+    protected function createAuthenticationIni()
+    {
+        $config = array();
+        $backendConfig = $this->data['backendConfig'];
+        $backendName = $backendConfig['name'];
+        unset($backendConfig['name']);
+        $config[$backendName] = $backendConfig;
+        if (isset($this->data['resourceName'])) {
+            $config[$backendName]['resource'] = $this->data['resourceName'];
+        }
+
+        try {
+            Config::fromArray($config)
+                ->setConfigFile(Config::resolvePath('authentication.ini'))
+                ->saveIni();
+        } catch (Exception $e) {
+            $this->authIniError = $e;
+            return false;
+        }
+
+        $this->authIniError = false;
+        return true;
+    }
+
+    protected function createRolesIni()
+    {
+        if (isset($this->data['adminAccountData']['username'])) {
+            $config = array(
+                'users'         => $this->data['adminAccountData']['username'],
+                'permissions'   => '*'
+            );
+
+            if ($this->data['backendConfig']['backend'] === 'db') {
+                $config['groups'] = mt('setup', 'Administrators', 'setup.role.name');
+            }
+        } else { // isset($this->data['adminAccountData']['groupname'])
+            $config = array(
+                'groups'        => $this->data['adminAccountData']['groupname'],
+                'permissions'   => '*'
+            );
+        }
+
+        try {
+            Config::fromArray(array(mt('setup', 'Administrators', 'setup.role.name') => $config))
+                ->setConfigFile(Config::resolvePath('roles.ini'))
+                ->saveIni();
+        } catch (Exception $e) {
+            $this->permIniError = $e;
+            return false;
+        }
+
+        $this->permIniError = false;
+        return true;
+    }
+
+    protected function createAccount()
+    {
+        try {
+            $backend = new DbUserBackend(
+                ResourceFactory::createResource(new ConfigObject($this->data['adminAccountData']['resourceConfig']))
+            );
+
+            if ($backend->select()->where('user_name', $this->data['adminAccountData']['username'])->count() === 0) {
+                $backend->insert('user', array(
+                    'user_name' => $this->data['adminAccountData']['username'],
+                    'password'  => $this->data['adminAccountData']['password'],
+                    'is_active' => true
+                ));
+                $this->dbError = false;
+            }
+        } catch (Exception $e) {
+            $this->dbError = $e;
+            return false;
+        }
+
+        return true;
+    }
+
+    public function getSummary()
+    {
+        $pageTitle = '<h2>' . mt('setup', 'Authentication', 'setup.page.title') . '</h2>';
+        $backendTitle = '<h3>' . mt('setup', 'Authentication Backend', 'setup.page.title') . '</h3>';
+        $adminTitle = '<h3>' . mt('setup', 'Administration', 'setup.page.title') . '</h3>';
+
+        $authType = $this->data['backendConfig']['backend'];
+        $backendDesc = '<p>' . sprintf(
+            mt('setup', 'Users will authenticate using %s.', 'setup.summary.auth'),
+            $authType === 'db' ? mt('setup', 'a database', 'setup.summary.auth.type') : (
+                $authType === 'ldap' || $authType === 'msldap' ? 'LDAP' : (
+                    mt('setup', 'webserver authentication', 'setup.summary.auth.type')
+                )
+            )
+        ) . '</p>';
+
+        $backendHtml = ''
+            . '<table>'
+            . '<tbody>'
+            . '<tr>'
+            . '<td><strong>' . t('Backend Name') . '</strong></td>'
+            . '<td>' . $this->data['backendConfig']['name'] . '</td>'
+            . '</tr>'
+            . ($authType === 'ldap' || $authType === 'msldap' ? (
+                '<tr>'
+                . '<td><strong>' . mt('setup', 'User Object Class') . '</strong></td>'
+                . '<td>' . ($authType === 'msldap' ? 'user' : $this->data['backendConfig']['user_class']) . '</td>'
+                . '</tr>'
+                . '<tr>'
+                . '<td><strong>' . mt('setup', 'Custom Filter') . '</strong></td>'
+                . '<td>' . (trim($this->data['backendConfig']['filter']) ?: t('None', 'auth.ldap.filter')) . '</td>'
+                . '</tr>'
+                . '<tr>'
+                . '<td><strong>' . mt('setup', 'User Name Attribute') . '</strong></td>'
+                . '<td>' . ($authType === 'msldap'
+                    ? 'sAMAccountName'
+                    : $this->data['backendConfig']['user_name_attribute']) . '</td>'
+                . '</tr>'
+            ) : ($authType === 'external' ? (
+                '<tr>'
+                . '<td><strong>' . t('Filter Pattern') . '</strong></td>'
+                . '<td>' . $this->data['backendConfig']['strip_username_regexp'] . '</td>'
+                . '</tr>'
+            ) : ''))
+            . '</tbody>'
+            . '</table>';
+
+        if (isset($this->data['adminAccountData']['username'])) {
+            $adminHtml = '<p>' . (isset($this->data['adminAccountData']['resourceConfig']) ? sprintf(
+                mt('setup', 'Administrative rights will initially be granted to a new account called "%s".'),
+                $this->data['adminAccountData']['username']
+            ) : sprintf(
+                mt('setup', 'Administrative rights will initially be granted to an existing account called "%s".'),
+                $this->data['adminAccountData']['username']
+            )) . '</p>';
+        } else { // isset($this->data['adminAccountData']['groupname'])
+            $adminHtml = '<p>' . sprintf(
+                mt('setup', 'Administrative rights will initially be granted to members of the user group "%s".'),
+                $this->data['adminAccountData']['groupname']
+            ) . '</p>';
+        }
+
+        return $pageTitle . '<div class="topic">' . $backendDesc . $backendTitle . $backendHtml . '</div>'
+            . '<div class="topic">' . $adminTitle . $adminHtml . '</div>';
+    }
+
+    public function getReport()
+    {
+        $report = array();
+
+        if ($this->authIniError === false) {
+            $report[] = sprintf(
+                mt('setup', 'Authentication configuration has been successfully written to: %s'),
+                Config::resolvePath('authentication.ini')
+            );
+        } elseif ($this->authIniError !== null) {
+            $report[] = sprintf(
+                mt('setup', 'Authentication configuration could not be written to: %s. An error occured:'),
+                Config::resolvePath('authentication.ini')
+            );
+            $report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->authIniError));
+        }
+
+        if ($this->dbError === false) {
+            $report[] = sprintf(
+                mt('setup', 'Account "%s" has been successfully created.'),
+                $this->data['adminAccountData']['username']
+            );
+        } elseif ($this->dbError !== null) {
+            $report[] = sprintf(
+                mt('setup', 'Unable to create account "%s". An error occured:'),
+                $this->data['adminAccountData']['username']
+            );
+            $report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->dbError));
+        }
+
+        if ($this->permIniError === false) {
+            $report[] = isset($this->data['adminAccountData']['username']) ? sprintf(
+                mt('setup', 'Account "%s" has been successfully defined as initial administrator.'),
+                $this->data['adminAccountData']['username']
+            ) : sprintf(
+                mt('setup', 'The members of the user group "%s" were successfully defined as initial administrators.'),
+                $this->data['adminAccountData']['groupname']
+            );
+        } elseif ($this->permIniError !== null) {
+            $report[] = isset($this->data['adminAccountData']['username']) ? sprintf(
+                mt('setup', 'Unable to define account "%s" as initial administrator. An error occured:'),
+                $this->data['adminAccountData']['username']
+            ) : sprintf(
+                mt(
+                    'setup',
+                    'Unable to define the members of the user group "%s" as initial administrators. An error occured:'
+                ),
+                $this->data['adminAccountData']['groupname']
+            );
+            $report[] = sprintf(mt('setup', 'ERROR: %s'), IcingaException::describe($this->permIniError));
+        }
+
+        return $report;
+    }
+}