OC_Setup::pathToHtaccess() - Code Metrics - Inspection of "load authentication apps first" - owncloud/core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — stable8 (#25141)

by Christoph

created 2016-06-16 09:43 UTC

OC_Setup::pathToHtaccess() A

↳ Parent: OC_Setup

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	2
nc	1
nop	0
dl	0
loc	3
rs	10
c	0
b	0
f	0

<?php
/**
 * Copyright (c) 2014 Lukas Reschke <[email protected]>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

use OCP\IConfig;

class OC_Setup {
	/** @var IConfig */
	protected $config;

	/**
	 * @param IConfig $config
	 */
	function __construct(IConfig $config) {
		$this->config = $config;
	}

	static $dbSetupClasses = array(
		'mysql' => '\OC\Setup\MySQL',
		'pgsql' => '\OC\Setup\PostgreSQL',
		'oci'   => '\OC\Setup\OCI',
		'mssql' => '\OC\Setup\MSSQL',
		'sqlite' => '\OC\Setup\Sqlite',
		'sqlite3' => '\OC\Setup\Sqlite',
	);

	/**
	 * @return OC_L10N
	 */
	public static function getTrans(){
		return \OC::$server->getL10N('lib');
	}

	/**
	 * Wrapper around the "class_exists" PHP function to be able to mock it
	 * @param string $name
	 * @return bool
	 */
	public function class_exists($name) {
		return class_exists($name);
	}

	/**
	 * Wrapper around the "is_callable" PHP function to be able to mock it
	 * @param string $name
	 * @return bool
	 */
	public function is_callable($name) {
		return is_callable($name);
	}

	/**
	 * Get the available and supported databases of this instance
	 *
	 * @throws Exception
	 * @return array
	 */
	public function getSupportedDatabases() {
		$availableDatabases = array(
			'sqlite' =>  array(
				'type' => 'class',
				'call' => 'SQLite3',
				'name' => 'SQLite'
			),
			'mysql' => array(
				'type' => 'function',
				'call' => 'mysql_connect',
				'name' => 'MySQL/MariaDB'
			),
			'pgsql' => array(
				'type' => 'function',
				'call' => 'pg_connect',
				'name' => 'PostgreSQL'
			),
			'oci' => array(
				'type' => 'function',
				'call' => 'oci_connect',
				'name' => 'Oracle'
			),
			'mssql' => array(
				'type' => 'function',
				'call' => 'sqlsrv_connect',
				'name' => 'MS SQL'
			)
		);
		$configuredDatabases = $this->config->getSystemValue('supportedDatabases',
			array('sqlite', 'mysql', 'pgsql'));
		if(!is_array($configuredDatabases)) {
			throw new Exception('Supported databases are not properly configured.');
		}

		$supportedDatabases = array();

		foreach($configuredDatabases as $database) {
			if(array_key_exists($database, $availableDatabases)) {
				$working = false;
				if($availableDatabases[$database]['type'] === 'class') {
					$working = $this->class_exists($availableDatabases[$database]['call']);
				} elseif ($availableDatabases[$database]['type'] === 'function') {
					$working = $this->is_callable($availableDatabases[$database]['call']);
				}
				if($working) {
					$supportedDatabases[$database] = $availableDatabases[$database]['name'];
				}
			}
		}

		return $supportedDatabases;
	}

	/**
	 * @param $options
	 * @return array
	 */
	public static function install($options) {
		$l = self::getTrans();

		$error = array();
		$dbType = $options['dbtype'];

		if(empty($options['adminlogin'])) {
			$error[] = $l->t('Set an admin username.');
		}
		if(empty($options['adminpass'])) {
			$error[] = $l->t('Set an admin password.');
		}
		if(empty($options['directory'])) {
			$options['directory'] = OC::$SERVERROOT."/data";
		}

		if (!isset(self::$dbSetupClasses[$dbType])) {
			$dbType = 'sqlite';
		}

		$username = htmlspecialchars_decode($options['adminlogin']);
		$password = htmlspecialchars_decode($options['adminpass']);
		$dataDir = htmlspecialchars_decode($options['directory']);

		$class = self::$dbSetupClasses[$dbType];
		/** @var \OC\Setup\AbstractDatabase $dbSetup */
		$dbSetup = new $class(self::getTrans(), 'db_structure.xml');
		$error = array_merge($error, $dbSetup->validate($options));

		// validate the data directory
		if (
			(!is_dir($dataDir) and !mkdir($dataDir)) or
			!is_writable($dataDir)
		) {
			$error[] = $l->t("Can't create or write into the data directory %s", array($dataDir));
		}

		if(count($error) != 0) {
			return $error;
		}

		//no errors, good
		if(isset($options['trusted_domains'])
		    && is_array($options['trusted_domains'])) {
			$trustedDomains = $options['trusted_domains'];
		} else {
			$trustedDomains = array(\OC_Request::getDomainWithoutPort(\OC_Request::serverHost()));
		}

		if (OC_Util::runningOnWindows()) {
			$dataDir = rtrim(realpath($dataDir), '\\');
		}

		//use sqlite3 when available, otherwise sqlite2 will be used.
		if($dbType=='sqlite' and class_exists('SQLite3')) {
			$dbType='sqlite3';
		}

		//generate a random salt that is used to salt the local user passwords
		$salt = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(30);
		// generate a secret
		$secret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(48);

		//write the config file
		\OC::$server->getConfig()->setSystemValues([
			'passwordsalt'		=> $salt,
			'secret'			=> $secret,
			'trusted_domains'	=> $trustedDomains,
			'datadirectory'		=> $dataDir,
			'overwrite.cli.url'	=> \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . OC::$WEBROOT,
			'dbtype'			=> $dbType,
			'version'			=> implode('.', OC_Util::getVersion()),
		]);

		try {
			$dbSetup->initialize($options);
			$dbSetup->setupDatabase($username);
		} catch (\OC\DatabaseSetupException $e) {
			$error[] = array(
				'error' => $e->getMessage(),
				'hint' => $e->getHint()
			);
			return($error);
		} catch (Exception $e) {
			$error[] = array(
				'error' => 'Error while trying to create admin user: ' . $e->getMessage(),
				'hint' => ''
			);
			return($error);
		}

		//create the user and group
		try {
			OC_User::createUser($username, $password);
		} catch(Exception $exception) {
			$error[] = $exception->getMessage();
		}

		if(count($error) == 0) {
			$appConfig = \OC::$server->getAppConfig();
			$appConfig->setValue('core', 'installedat', microtime(true));
			$appConfig->setValue('core', 'lastupdatedat', microtime(true));

			OC_Group::createGroup('admin');
			OC_Group::addToGroup($username, 'admin');
			OC_User::login($username, $password);

			//guess what this does
			OC_Installer::installShippedApps();

			// create empty file in data dir, so we can later find
			// out that this is indeed an ownCloud data directory
			file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/.ocdata', '');

			// Update htaccess files for apache hosts
			if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
				self::updateHtaccess();
				self::protectDataDirectory();
			}

			//and we are done
			OC_Config::setValue('installed', true);
		}

		return $error;
	}

	/**
	 * @return string Absolute path to htaccess
	 */
	private function pathToHtaccess() {
		return OC::$SERVERROOT.'/.htaccess';
	}

	/**
	 * Checks if the .htaccess contains the current version parameter
	 *
	 * @return bool
	 */
	private function isCurrentHtaccess() {
		$version = \OC_Util::getVersion();
		unset($version[3]);

		return !strpos(
			file_get_contents($this->pathToHtaccess()),
			'Version: '.implode('.', $version)
		) === false;
	}

	/**
	 * Append the correct ErrorDocument path for Apache hosts
	 *
	 * @throws \OC\HintException If .htaccess does not include the current version
	 */
	public static function updateHtaccess() {
		$setupHelper = new OC_Setup(\OC::$server->getConfig());
		if(!$setupHelper->isCurrentHtaccess()) {
			throw new \OC\HintException('.htaccess file has the wrong version. Please upload the correct version. Maybe you forgot to replace it after updating?');
		}

		$content = "\n";
		$content.= "ErrorDocument 403 ".OC::$WEBROOT."/core/templates/403.php\n";//custom 403 error page
		$content.= "ErrorDocument 404 ".OC::$WEBROOT."/core/templates/404.php";//custom 404 error page
		@file_put_contents($setupHelper->pathToHtaccess(), $content, FILE_APPEND); //suppress errors in case we don't have permissions for it
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
	}

	public static function protectDataDirectory() {
		//Require all denied
		$now =  date('Y-m-d H:i:s');
		$content = "# Generated by ownCloud on $now\n";
		$content.= "# line below if for Apache 2.4\n";
		$content.= "<ifModule mod_authz_core.c>\n";
		$content.= "Require all denied\n";
		$content.= "</ifModule>\n\n";
		$content.= "# line below if for Apache 2.2\n";
		$content.= "<ifModule !mod_authz_core.c>\n";
		$content.= "deny from all\n";
		$content.= "</ifModule>\n\n";
		$content.= "# section for Apache 2.2 and 2.4\n";
		$content.= "IndexIgnore *\n";
		file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/.htaccess', $content);
		file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/index.html', '');
	}
}


1			<?php
2			/**
3			* Copyright (c) 2014 Lukas Reschke <[email protected]>
4			* This file is licensed under the Affero General Public License version 3 or
5			* later.
6			* See the COPYING-README file.
7			*/
8
9			use OCP\IConfig;
10
11			class OC_Setup {
12			/** @var IConfig */
13			protected $config;
14
15			/**
16			* @param IConfig $config
17			*/
18			function __construct(IConfig $config) {
19			$this->config = $config;
20			}
21
22			static $dbSetupClasses = array(
23			'mysql' => '\OC\Setup\MySQL',
24			'pgsql' => '\OC\Setup\PostgreSQL',
25			'oci' => '\OC\Setup\OCI',
26			'mssql' => '\OC\Setup\MSSQL',
27			'sqlite' => '\OC\Setup\Sqlite',
28			'sqlite3' => '\OC\Setup\Sqlite',
29			);
30
31			/**
32			* @return OC_L10N
33			*/
34			public static function getTrans(){
35			return \OC::$server->getL10N('lib');
36			}
37
38			/**
39			* Wrapper around the "class_exists" PHP function to be able to mock it
40			* @param string $name
41			* @return bool
42			*/
43			public function class_exists($name) {
44			return class_exists($name);
45			}
46
47			/**
48			* Wrapper around the "is_callable" PHP function to be able to mock it
49			* @param string $name
50			* @return bool
51			*/
52			public function is_callable($name) {
53			return is_callable($name);
54			}
55
56			/**
57			* Get the available and supported databases of this instance
58			*
59			* @throws Exception
60			* @return array
61			*/
62			public function getSupportedDatabases() {
63			$availableDatabases = array(
64			'sqlite' => array(
65			'type' => 'class',
66			'call' => 'SQLite3',
67			'name' => 'SQLite'
68			),
69			'mysql' => array(
70			'type' => 'function',
71			'call' => 'mysql_connect',
72			'name' => 'MySQL/MariaDB'
73			),
74			'pgsql' => array(
75			'type' => 'function',
76			'call' => 'pg_connect',
77			'name' => 'PostgreSQL'
78			),
79			'oci' => array(
80			'type' => 'function',
81			'call' => 'oci_connect',
82			'name' => 'Oracle'
83			),
84			'mssql' => array(
85			'type' => 'function',
86			'call' => 'sqlsrv_connect',
87			'name' => 'MS SQL'
88			)
89			);
90			$configuredDatabases = $this->config->getSystemValue('supportedDatabases',
91			array('sqlite', 'mysql', 'pgsql'));
92			if(!is_array($configuredDatabases)) {
93			throw new Exception('Supported databases are not properly configured.');
94			}
95
96			$supportedDatabases = array();
97
98			foreach($configuredDatabases as $database) {
99			if(array_key_exists($database, $availableDatabases)) {
100			$working = false;
101			if($availableDatabases[$database]['type'] === 'class') {
102			$working = $this->class_exists($availableDatabases[$database]['call']);
103			} elseif ($availableDatabases[$database]['type'] === 'function') {
104			$working = $this->is_callable($availableDatabases[$database]['call']);
105			}
106			if($working) {
107			$supportedDatabases[$database] = $availableDatabases[$database]['name'];
108			}
109			}
110			}
111
112			return $supportedDatabases;
113			}
114
115			/**
116			* @param $options
117			* @return array
118			*/
119			public static function install($options) {
120			$l = self::getTrans();
121
122			$error = array();
123			$dbType = $options['dbtype'];
124
125			if(empty($options['adminlogin'])) {
126			$error[] = $l->t('Set an admin username.');
127			}
128			if(empty($options['adminpass'])) {
129			$error[] = $l->t('Set an admin password.');
130			}
131			if(empty($options['directory'])) {
132			$options['directory'] = OC::$SERVERROOT."/data";
133			}
134
135			if (!isset(self::$dbSetupClasses[$dbType])) {
136			$dbType = 'sqlite';
137			}
138
139			$username = htmlspecialchars_decode($options['adminlogin']);
140			$password = htmlspecialchars_decode($options['adminpass']);
141			$dataDir = htmlspecialchars_decode($options['directory']);
142
143			$class = self::$dbSetupClasses[$dbType];
144			/** @var \OC\Setup\AbstractDatabase $dbSetup */
145			$dbSetup = new $class(self::getTrans(), 'db_structure.xml');
146			$error = array_merge($error, $dbSetup->validate($options));
147
148			// validate the data directory
149			if (
150			(!is_dir($dataDir) and !mkdir($dataDir)) or
151			!is_writable($dataDir)
152			) {
153			$error[] = $l->t("Can't create or write into the data directory %s", array($dataDir));
154			}
155
156			if(count($error) != 0) {
157			return $error;
158			}
159
160			//no errors, good
161			if(isset($options['trusted_domains'])
162			&& is_array($options['trusted_domains'])) {
163			$trustedDomains = $options['trusted_domains'];
164			} else {
165			$trustedDomains = array(\OC_Request::getDomainWithoutPort(\OC_Request::serverHost()));
166			}
167
168			if (OC_Util::runningOnWindows()) {
169			$dataDir = rtrim(realpath($dataDir), '\\');
170			}
171
172			//use sqlite3 when available, otherwise sqlite2 will be used.
173			if($dbType=='sqlite' and class_exists('SQLite3')) {
174			$dbType='sqlite3';
175			}
176
177			//generate a random salt that is used to salt the local user passwords
178			$salt = \OC::$server->getSecureRandom()->getLowStrengthGenerator()->generate(30);
179			// generate a secret
180			$secret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(48);
181
182			//write the config file
183			\OC::$server->getConfig()->setSystemValues([
184			'passwordsalt' => $salt,
185			'secret' => $secret,
186			'trusted_domains' => $trustedDomains,
187			'datadirectory' => $dataDir,
188			'overwrite.cli.url' => \OC_Request::serverProtocol() . '://' . \OC_Request::serverHost() . OC::$WEBROOT,
189			'dbtype' => $dbType,
190			'version' => implode('.', OC_Util::getVersion()),
191			]);
192
193			try {
194			$dbSetup->initialize($options);
195			$dbSetup->setupDatabase($username);
196			} catch (\OC\DatabaseSetupException $e) {
197			$error[] = array(
198			'error' => $e->getMessage(),
199			'hint' => $e->getHint()
200			);
201			return($error);
202			} catch (Exception $e) {
203			$error[] = array(
204			'error' => 'Error while trying to create admin user: ' . $e->getMessage(),
205			'hint' => ''
206			);
207			return($error);
208			}
209
210			//create the user and group
211			try {
212			OC_User::createUser($username, $password);
213			} catch(Exception $exception) {
214			$error[] = $exception->getMessage();
215			}
216
217			if(count($error) == 0) {
218			$appConfig = \OC::$server->getAppConfig();
219			$appConfig->setValue('core', 'installedat', microtime(true));
220			$appConfig->setValue('core', 'lastupdatedat', microtime(true));
221
222			OC_Group::createGroup('admin');
223			OC_Group::addToGroup($username, 'admin');
224			OC_User::login($username, $password);
225
226			//guess what this does
227			OC_Installer::installShippedApps();
228
229			// create empty file in data dir, so we can later find
230			// out that this is indeed an ownCloud data directory
231			file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/.ocdata', '');
232
233			// Update htaccess files for apache hosts
234			if (isset($_SERVER['SERVER_SOFTWARE']) && strstr($_SERVER['SERVER_SOFTWARE'], 'Apache')) {
235			self::updateHtaccess();
236			self::protectDataDirectory();
237			}
238
239			//and we are done
240			OC_Config::setValue('installed', true);
241			}
242
243			return $error;
244			}
245
246			/**
247			* @return string Absolute path to htaccess
248			*/
249			private function pathToHtaccess() {
250			return OC::$SERVERROOT.'/.htaccess';
251			}
252
253			/**
254			* Checks if the .htaccess contains the current version parameter
255			*
256			* @return bool
257			*/
258			private function isCurrentHtaccess() {
259			$version = \OC_Util::getVersion();
260			unset($version[3]);
261
262			return !strpos(
263			file_get_contents($this->pathToHtaccess()),
264			'Version: '.implode('.', $version)
265			) === false;
266			}
267
268			/**
269			* Append the correct ErrorDocument path for Apache hosts
270			*
271			* @throws \OC\HintException If .htaccess does not include the current version
272			*/
273			public static function updateHtaccess() {
274			$setupHelper = new OC_Setup(\OC::$server->getConfig());
275			if(!$setupHelper->isCurrentHtaccess()) {
276			throw new \OC\HintException('.htaccess file has the wrong version. Please upload the correct version. Maybe you forgot to replace it after updating?');
277			}
278
279			$content = "\n";
280			$content.= "ErrorDocument 403 ".OC::$WEBROOT."/core/templates/403.php\n";//custom 403 error page
281			$content.= "ErrorDocument 404 ".OC::$WEBROOT."/core/templates/404.php";//custom 404 error page
282			@file_put_contents($setupHelper->pathToHtaccess(), $content, FILE_APPEND); //suppress errors in case we don't have permissions for it
			0 ignored issues – show Security Best Practice introduced 2016-02-06 08:50 UTC by Report Bug Copy Issue Report It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
283			}
284
285			public static function protectDataDirectory() {
286			//Require all denied
287			$now = date('Y-m-d H:i:s');
288			$content = "# Generated by ownCloud on $now\n";
289			$content.= "# line below if for Apache 2.4\n";
290			$content.= "<ifModule mod_authz_core.c>\n";
291			$content.= "Require all denied\n";
292			$content.= "</ifModule>\n\n";
293			$content.= "# line below if for Apache 2.2\n";
294			$content.= "<ifModule !mod_authz_core.c>\n";
295			$content.= "deny from all\n";
296			$content.= "</ifModule>\n\n";
297			$content.= "# section for Apache 2.2 and 2.4\n";
298			$content.= "IndexIgnore *\n";
299			file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/.htaccess', $content);
300			file_put_contents(OC_Config::getValue('datadirectory', OC::$SERVERROOT.'/data').'/index.html', '');
301			}
302			}
303

owncloud / core

Pull Request — stable8 (#25141)

OC_Setup::pathToHtaccess() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like