Skip to content

Commit

Permalink
Merge pull request #32 from OnePlc/1.0.25-dev
Browse files Browse the repository at this point in the history 
1.0.25 dev
  • Loading branch information
@Praesidiarius
Praesidiarius authored Apr 1, 2021
2 parents f52ec3c + 7f3db23 commit 0a242e2
Show file tree
Hide file tree
Showing 11 changed files with 346 additions and 36 deletions.
26 changes: 13 additions & 13 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,25 +1,25 @@
# Changelog

All notable changes to this project will be documented in this file, in reverse chronological order by release.
All notable changes to oneplace-event will be documented in this file.

## 1.0.0 - TBD
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

### Added
## [1.0.25] -

- Its a composer package now
### Added
- User Interface for Application Firewall (pre-alpha)
- Module can now be updated
- Firewall Whitelist for Logged-in users

### Changed

- 100% of 0.9.x Codebase

### Deprecated
## [1.0.24] - 2021-03-31

- 100% of 0.9.x Codebase

### Removed
### Added

- 100% of 0.9.x Codebase
- Theme and Language Fields in User Form

### Fixed
### Changed

- Removed dependencies
- New Login Route to /home instead of /
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
"description": "onePlace User Module",
"type": "oneplace-module",
"license": "BSD-3-Clause",
"version": "1.0.24",
"version": "1.0.25",
"keywords": [
"laminas",
"mvc",
Expand Down
24 changes: 24 additions & 0 deletions config/module.config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,16 @@
],
],
],
'user-update' => [
'type' => Literal::class,
'options' => [
'route' => '/user/update',
'defaults' => [
'controller' => Controller\UserController::class,
'action' => 'update',
],
],
],
'signup' => [
'type' => Segment::class,
'options' => [
Expand Down Expand Up @@ -131,6 +141,20 @@
],
],
],
'user-firewall' => [
'type' => Segment::class,
'options' => [
'route' => '/firewall[/:action[/:id]]',
'constraints' => [
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]+',
],
'defaults' => [
'controller' => Controller\FirewallController::class,
'action' => 'index',
],
],
],
],
],

Expand Down
7 changes: 5 additions & 2 deletions data/data.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ INSERT INTO `core_index_table` (`table_name`, `form`, `label`) VALUES
INSERT INTO `permission` (`permission_key`, `module`, `label`, `nav_label`, `nav_href`, `show_in_menu`, `needs_globaladmin`) VALUES
('add', 'OnePlace\\User\\Controller\\UserController', 'Add', '', '', 0, 0),
('edit', 'OnePlace\\User\\Controller\\UserController', 'Edit', '', '', 0, 0),
('update', 'OnePlace\\User\\Controller\\UserController', 'Update Module', '', '', 0, 0),
('index', 'OnePlace\\User\\Controller\\UserController', 'Index', 'Users', '/user', 1, 0),
('updateindexcolumnsort', 'OnePlace\\User\\Controller\\UserController', 'Update Column Index', '', '', 0, 0),
('settheme', 'OnePlace\\User\\Controller\\UserController', 'Set own Theme', '', '', 0, 0),
Expand All @@ -72,7 +73,8 @@ INSERT INTO `permission` (`permission_key`, `module`, `label`, `nav_label`, `nav
('add', 'OnePlace\\User\\Controller\\ApiController', 'Create API Key', '', '', 0, 1),
('globaladmin', 'OnePlace\\Core', 'Super Admin', '', '', 0, 1),
('updatesetting', 'OnePlace\\User\\Controller\\UserController', 'Update Personal Setting', '', '', 0, 0),
('languages', 'OnePlace\\User\\Controller\\UserController', 'Language Selection', '', '', 0, 0);
('languages', 'OnePlace\\User\\Controller\\UserController', 'Language Selection', '', '', 0, 0),
('index', 'OnePlace\\User\\Controller\\FirewallController', 'Firewall Index', '', '', 0, 0);

--
-- Default Leveling Settings
Expand Down Expand Up @@ -193,4 +195,5 @@ INSERT INTO `settings` (`settings_key`, `settings_value`) VALUES ('user-icon', '
--
-- basic whitelist
--
INSERT INTO `settings` (`settings_key`, `settings_value`) VALUES ('firewall-whitelist', '[\"setup\",\"login\",\"reset-pw\",\"forgot-pw\",\"home\"]');
INSERT INTO `settings` (`settings_key`, `settings_value`) VALUES ('firewall-whitelist', '[\"setup\",\"login\",\"reset-pw\",\"forgot-pw\",\"home\"]');
INSERT INTO `settings` (`settings_key`, `settings_value`) VALUES ('firewall-user-whitelist', '[\"login\",\"reset-pw\",\"forgot-pw\",\"home\",\"app-home\",\"route\"]');
4 changes: 4 additions & 0 deletions data/update_1.0.24-1.0.25.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
INSERT INTO `settings` (`settings_key`, `settings_value`) VALUES ('firewall-user-whitelist', '[\"login\",\"reset-pw\",\"forgot-pw\",\"home\",\"app-home\",\"route\"]');

INSERT INTO `permission` (`permission_key`, `module`, `label`, `nav_label`, `nav_href`, `show_in_menu`, `needs_globaladmin`) VALUES
('index', 'OnePlace\\User\\Controller\\FirewallController', 'Firewall Index', '', '', 0, 0);
68 changes: 68 additions & 0 deletions src/Controller/FirewallController.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
<?php
/**
* FirewallController.php - Firewall Controller
*
* Main Controller for Application Firewall Management
*
* @category Controller
* @package User
* @author Verein onePlace
* @copyright (C) 2021 Verein onePlace <[email protected]>
* @license https://opensource.org/licenses/BSD-3-Clause
* @version 1.0.0
* @since 1.0.24
*/

declare(strict_types=1);

namespace OnePlace\User\Controller;

use Application\Controller\CoreController;
use OnePlace\User\Model\Apikey;
use OnePlace\User\Model\ApikeyTable;
use OnePlace\User\Model\UserTable;
use Laminas\View\Model\ViewModel;
use Laminas\Db\Adapter\AdapterInterface;
use Laminas\Db\TableGateway\TableGateway;
use Laminas\Paginator\Paginator;
use Laminas\Paginator\Adapter\DbSelect;
use Laminas\Db\Sql\Select;
use Laminas\Db\Sql\Where;
use Laminas\Math\Rand;

class FirewallController extends CoreController
{
/**
* Skeleton Table Object
*
* @since 1.0.0
*/
private $oTableGateway;

/**
* ApiController constructor.
*
* @param AdapterInterface $oDbAdapter
* @param UserTable $oTableGateway
* @since 1.0.0
*/
public function __construct(AdapterInterface $oDbAdapter, UserTable $oTableGateway, $oServiceManager)
{
parent::__construct($oDbAdapter, $oTableGateway, $oServiceManager);
$this->oTableGateway = $oTableGateway;
$this->sSingleForm = 'firewall-single';
}

/**
* Firewall Home - Main Index
*
* @return bool - no View File
* @since 1.0.0
*/
public function indexAction()
{
$this->setThemeBasedLayout('firewall');

return new ViewModel([]);
}
}
65 changes: 65 additions & 0 deletions src/Controller/UserController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -803,4 +803,69 @@ public function copyAction()
return $this->redirect()->toRoute('user', ['action' => 'view','id' => $iNewUserID]);
}
}

/**
* Update Module to the latest version
*
* @return ViewModel
* @since 1.0.25
*/
public function updateAction()
{
# Set Layout based on users theme
$this->setThemeBasedLayout('user');

$oModTbl = new TableGateway('core_module', CoreController::$oDbAdapter);
$oCurrentMod = $oModTbl->select([
'module_key'=>'oneplace-user',
])->current();

$oRequest = $this->getRequest();
if(! $oRequest->isPost()) {
return new ViewModel([
'oCurrentModule' => $oCurrentMod,
]);
}

$sNewVer = \OnePlace\User\Module::VERSION;

$sUpdateSQL = \OnePlace\User\Module::getModuleDir().'data/update_'.$oCurrentMod->version.'-'.$sNewVer.'.sql';
if(file_exists($sUpdateSQL)) {
$this->parseSQLInstallFile($sUpdateSQL,CoreController::$oDbAdapter);
}
$oModTbl->update([
'version' => $sNewVer,
],[
'module_key'=>'oneplace-user',
]);

$this->flashMessenger()->addSuccessMessage('User Module successfully updated to version '.$sNewVer);

return $this->redirect()->toRoute('application', ['action' => 'checkforupdates']);
}

/**
* Parse SQL File from Installer and save to database
*
* @param string $sFile location of sql file
* @param AdapterInterface $oAdapter database connection
* @since 1.0.2.1
*/
private function parseSQLInstallFile($sFile,$oAdapter) {
$templine = '';
$lines = file($sFile);
// Loop through each line
foreach ($lines as $line) {
if (substr($line, 0, 2) == '--' || $line == '')
continue;
// Add this line to the current segment
$templine .= $line;
// If it has a semicolon at the end, it's the end of the query
if (substr(trim($line), -1, 1) == ';')
{
$results = $oAdapter->query($templine, $oAdapter::QUERY_MODE_EXECUTE);
$templine = '';
}
}
}
}
82 changes: 62 additions & 20 deletions src/Module.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ class Module
*
* @since 1.0.0
*/
const VERSION = '1.0.24';
const VERSION = '1.0.25';

/**
* Load module config file
Expand All @@ -47,6 +47,17 @@ public function getConfig() : array
return include __DIR__ . '/../config/module.config.php';
}

/**
* Get Modules File Directory
*
* @return string
* @since 1.0.25
*/
public static function getModuleDir() : string
{
return __DIR__.'/../';
}

/**
* On Bootstrap - is executed on every page request
*
Expand All @@ -71,6 +82,8 @@ function ($e) {
$app = $e->getApplication();
$routeMatch = $e->getRouteMatch();
$sm = $app->getServiceManager();
$sRouteName = $routeMatch->getMatchedRouteName();
$aRouteInfo = $routeMatch->getParams();

$oDbAdapter = $sm->get(AdapterInterface::class);

Expand Down Expand Up @@ -103,11 +116,19 @@ function ($e) {
$manager = new SessionManager($config);
**/

$sRouteName = $routeMatch->getMatchedRouteName();
$aRouteInfo = $routeMatch->getParams();

$app->getMvcEvent()->getViewModel()->setVariables(['sRouteName' => $sRouteName]);

/**
* preparign for firewall access log
$log = "User: ".$_SERVER['REMOTE_ADDR'].' - '.date("F j, Y, g:i a").PHP_EOL.
"URL: ".$sRouteName.PHP_EOL.
"Attempt: ".('Success').PHP_EOL.
"-------------------------".PHP_EOL;
//Save string to log, use FILE_APPEND to append.
file_put_contents('./log_'.date("Y-m-d").'.log', $log, FILE_APPEND);
* */

# get session
$container = new Container('plcauth');
$bLoggedIn = false;
Expand All @@ -125,18 +146,27 @@ function ($e) {

$bIsSetupController = stripos($aRouteInfo['controller'], 'InstallController');
if ($bIsSetupController === false) {
if (! $container->oUser->hasPermission($aRouteInfo['action'], $aRouteInfo['controller'])
&& $sRouteName != 'denied') {
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine(
'Location',
$e->getRouter()->assemble(
['permission' => $aRouteInfo['action'].'-'.str_replace(['\\'],['-'],$aRouteInfo['controller'])],
['name' => 'denied']
)
);
$response->setStatusCode(302);
return $response;
$aWhiteListedRoutes = [];
$aWhiteListedRoutesDB = json_decode(CoreController::$aGlobalSettings['firewall-user-whitelist']);
if(is_array($aWhiteListedRoutesDB)) {
foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
$aWhiteListedRoutes[$sWhiteRoute] = [];
}
}
if(!array_key_exists($sRouteName, $aWhiteListedRoutes)) {
if (! $container->oUser->hasPermission($aRouteInfo['action'], $aRouteInfo['controller'])
&& $sRouteName != 'denied') {
$response = $e->getResponse();
$response->getHeaders()->addHeaderLine(
'Location',
$e->getRouter()->assemble(
['permission' => $aRouteInfo['action'].'-'.str_replace(['\\'],['-'],$aRouteInfo['controller'])],
['name' => 'denied']
)
);
$response->setStatusCode(302);
return $response;
}
}
} else {
# let user install module
Expand Down Expand Up @@ -165,13 +195,17 @@ function ($e) {

# Whitelisted routes that need no authentication
$aWhiteListedRoutes = [
'tokenlogin' => [],
'setup' => [],
'login' => [],
'reset-pw' => [],
'forgot-pw' => [],
'register' => [],
];
if(isset(CoreController::$aGlobalSettings['firewall-whitelist'])) {
$aWhiteListedRoutesDB = json_decode(CoreController::$aGlobalSettings['firewall-whitelist']);
if(is_array($aWhiteListedRoutesDB)) {
foreach($aWhiteListedRoutesDB as $sWhiteRoute) {
$aWhiteListedRoutes[$sWhiteRoute] = [];
}
}
}

/**
* Redirect to Login Page if not logged in
Expand Down Expand Up @@ -278,6 +312,14 @@ public function getControllerConfig() : array
$container
);
},
Controller\FirewallController::class => function ($container) {
$oDbAdapter = $container->get(AdapterInterface::class);
return new Controller\FirewallController(
$oDbAdapter,
$container->get(Model\UserTable::class),
$container
);
},
],
];
}
Expand Down
Loading

0 comments on commit 0a242e2

Please sign in to comment.