composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-21 00:02:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

N°8604 N°8605 - Add authentication to combodo-db-tools binaries (#817)

Browse Source 
* N°8604 N°8605 - Add autoloader and dedicated classes for binaries utils

* N°8605 - Harden security

* N°8604 - Harden security

* N°8604 N°8605 - Fixes from code review

* N°8604 N°8605 - Improve robustness whether module is in datamodels/2.x or env-xxx folder
This commit is contained in:
Molkobain
2026-02-26 09:29:20 +01:00
committed by GitHub
parent f82389d156
commit 62e09f1224
18 changed files with 1361 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
datamodels/2.x/combodo-db-tools/bin/rebuildhk.php
View File

@@ -10,22 +10,87 @@
*/
use Combodo\iTop\Core\MetaModel\HierarchicalKey;
use Combodo\iTop\DBTools\Enum\BinExitCode;
use Combodo\iTop\DBTools\Exception\AuthenticationException;
require_once('../../../approot.inc.php');
// env-xxx folders
if (file_exists(__DIR__.'/../../../approot.inc.php')) {
require_once __DIR__.'/../../../approot.inc.php';
}
// datamodel/2.x and data/xxx-modules folders
elseif (file_exists(__DIR__.'/../../../../approot.inc.php')) {
require_once __DIR__.'/../../../../approot.inc.php';
}
require_once APPROOT.'application/startup.inc.php';
foreach (MetaModel::GetClasses() as $sClass) {
if (!MetaModel::HasTable($sClass)) {
continue;
}
// Prepare output page
$sPageTitle = "Database maintenance tools - Report";
$bIsModeCLI = utils::IsModeCLI();
if ($bIsModeCLI) {
$oP = new CLIPage($sPageTitle);
foreach (MetaModel::ListAttributeDefs($sClass) as $sAttCode => $oAttDef) {
// Check (once) all the attributes that are hierarchical keys
if ((MetaModel::GetAttributeOrigin($sClass, $sAttCode) == $sClass) && $oAttDef->IsHierarchicalKey()) {
echo "Rebuild hierarchical key $sAttCode from $sClass.\n";
HierarchicalKey::Rebuild($sClass, $sAttCode, $oAttDef);
}
}
SetupUtils::CheckPhpAndExtensionsForCli($oP, BinExitCode::FATAL->value);
} else {
$oP = new WebPage($sPageTitle);
}
echo "Done\n";
// Authentication logic
try {
utils::UseParamFile();
if ($bIsModeCLI) {
$sAuthUser = utils::ReadParam('auth_user', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
$sAuthPwd = utils::ReadParam('auth_pwd', null, true, utils::ENUM_SANITIZATION_FILTER_RAW_DATA);
if (utils::IsNullOrEmptyString($sAuthUser) || utils::IsNullOrEmptyString($sAuthPwd)) {
throw new AuthenticationException("Access credentials not provided, usage: php rebuildhk.php --auth_user=<login> --auth_pwd=<password> [--param_file=<file_path>]");
}
if (UserRights::CheckCredentials($sAuthUser, $sAuthPwd)) {
UserRights::Login($sAuthUser);
} else {
throw new AuthenticationException("Access wrong credentials ('$sAuthUser')");
}
} else {
// Check user rights and prompt if needed
LoginWebPage::DoLoginEx(null, true);
}
if (!UserRights::IsAdministrator()) {
throw new AuthenticationException("Access restricted to administrators");
}
} catch (AuthenticationException $oException) {
$oP->p($oException->getMessage());
$oP->output();
exit(BinExitCode::ERROR->value);
} catch (Exception $oException) {
$oP->p("Error: ".$oException->GetMessage());
$oP->output();
exit(BinExitCode::FATAL->value);
}
// Business logic
try {
foreach (MetaModel::GetClasses() as $sClass) {
if (!MetaModel::HasTable($sClass)) {
continue;
}
foreach (MetaModel::ListAttributeDefs($sClass) as $sAttCode => $oAttDef) {
// Check (once) all the attributes that are hierarchical keys
if ((MetaModel::GetAttributeOrigin($sClass, $sAttCode) == $sClass) && $oAttDef->IsHierarchicalKey()) {
$oP->p("Rebuild hierarchical key $sAttCode from $sClass.");
HierarchicalKey::Rebuild($sClass, $sAttCode, $oAttDef);
}
}
}
$oP->p("Done");
$oP->output();
} catch (AuthenticationException $oException) {
$oP->p($oException->getMessage());
$oP->output();
exit(BinExitCode::ERROR->value);
} catch (Exception $oException) {
$oP->p("Error: ".$oException->GetMessage());
$oP->output();
exit(BinExitCode::FATAL->value);
}