Skip to content

Commit

Permalink
Merge pull request #4491 from nilsteampassnet/fix_install
Browse files Browse the repository at this point in the history 
Fix install
  • Loading branch information
@nilsteampassnet
nilsteampassnet authored Nov 29, 2024
2 parents 5ddc174 + 5529771 commit e49993f
Show file tree
Hide file tree
Showing 5 changed files with 272 additions and 165 deletions.
4 changes: 2 additions & 2 deletions includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,8 @@
*/

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1732630844");
define('TP_VERSION_MINOR', '170');
define("UPGRADE_MIN_DATE", "1732264740");
define('TP_VERSION_MINOR', '172');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
2 changes: 0 additions & 2 deletions includes/config/settings.sample.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@
define("DB_CONNECT_OPTIONS", array(
MYSQLI_OPT_CONNECT_TIMEOUT => 10
));
define("SECUREPATH", "");
define("SECUREFILE", "");
define("IKEY", "");
define("SKEY", "");
define("HOST", "");
Expand Down
66 changes: 40 additions & 26 deletions install/install.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,6 @@ $(function() {
alert("Paste option is disabled !!");
e.preventDefault();
});

/*
* Removing automatic action
// Auto start
if ($("#step").val() == 5) {
$('#but_launch').trigger('click');
}
*/
});

function aesEncrypt(text)
Expand All @@ -47,7 +39,9 @@ var global_error_on_query = false,
dbInfo = "",
index = "",
multiple = "",
jsonValues = "";
jsonValues = "",
skFile = "";
let progressNotification;

function checkPage()
{
Expand All @@ -57,26 +51,25 @@ function checkPage()
index = "";
tasks = [];
dbInfo = [];
skFile = [];
multiple = "";
tsk = "";
$("#step_error").addClass("hidden").html("");
$("#res_"+step).html("");

alertify
.message('Working on it... <i class="fas fa-cog fa-spin fa-2x"></i>', 0)
.dismissOthers();


if (step === "2") {
// STEP 2
if ($("#url_path").val() === "" || $("#absolute_path").val() === "") {
if ($("#url_path").val() === "" || $("#absolute_path").val() === "" || $("#sk_path").val() === "") {
error = "Fields need to be filled in!";
} else {
jsonValues = {"absolute_path":$("#absolute_path").val(), "url_path":$("#url_path").val()};
jsonValues = {"absolute_path":sanitizeString($("#absolute_path").val()), "url_path":sanitizeString($("#url_path").val()), "sk_path":sanitizeString($("#sk_path").val())};
dataToUse = JSON.stringify(jsonValues);
tasks = ["folder*install", "folder*includes", "folder*includes/config", "folder*includes/avatars", "folder*includes/libraries/csrfp/libs", "folder*includes/libraries/csrfp/js", "folder*includes/libraries/csrfp/log", "extension*mbstring", "extension*openssl", "extension*bcmath", "extension*iconv", "extension*gd", "extension*xml", "extension*curl", "version*php", "ini*max_execution_time", "extension*gmp", "folder*files", "folder*upload"];
tasks = ["folder*install", "folder*includes", "folder*includes/config", "folder*includes/avatars", "folder*includes/libraries/csrfp/libs", "folder*includes/libraries/csrfp/js", "folder*includes/libraries/csrfp/log", "extension*mbstring", "extension*openssl", "extension*bcmath", "extension*iconv", "extension*gd", "extension*xml", "extension*curl", "version*php", "ini*max_execution_time", "extension*gmp", "folder*files", "folder*upload", "folder*secure"];
multiple = true;
$("#hid_absolute_path").val($("#absolute_path").val());
$("#hid_url_path").val($("#url_path").val());
$("#hid_sk_path").val($("#sk_path").val());
}
} else if (step === "3") {
// STEP 3
Expand Down Expand Up @@ -130,7 +123,7 @@ function checkPage()
}

$("#hid_db_pre").val($("#tbl_prefix").val());
jsonValues = {"tbl_prefix":sanitizeString($("#tbl_prefix").val()), "sk_path":sanitizeString($("#sk_path").val()), "admin_pwd":sanitizeString($("#admin_pwd").val()), "admin_email":sanitizeString($("#admin_email").val()), "send_stats":""};
jsonValues = {"tbl_prefix":sanitizeString($("#tbl_prefix").val()), "admin_pwd":sanitizeString($("#admin_pwd").val()), "admin_email":sanitizeString($("#admin_email").val()), "send_stats":""};
dataToUse = JSON.stringify(jsonValues);
tasks = ["misc*preparation"];
multiple = "";
Expand All @@ -139,11 +132,12 @@ function checkPage()
dataToUse = "";
tasks = ["table*utf8", "table*api", "table*automatic_del", "table*cache", "table*cache_tree", "table*categories", "table*categories_folders", "table*categories_items", "table*defuse_passwords", "table*emails", "table*export", "table*files", "table*items", "table*items_change", "table*items_edition", "table*items_otp", "table*kb", "table*kb_categories", "table*kb_items", "table*ldap_groups_roles", "table*languages", "table*log_items", "table*log_system", "table*misc", "table*nested_tree", "table*notification", "table*otv", "table*background_tasks", "table*background_subtasks", "table*background_tasks_logs", "table*restriction_to_roles", "table*rights", "table*roles_title", "table*roles_values", "table*sharekeys_fields", "table*sharekeys_files", "table*sharekeys_items", "table*sharekeys_logs", "table*sharekeys_suggestions", "table*suggestion", "table*tags", "table*templates", "table*tokens", "table*users", "table*auth_failures"];
multiple = true;
$('#step5_wip').removeClass('hidden');
} else if (step === "6") {
// STEP 6
jsonValues = {"url_path":sanitizeString($("#hid_url_path").val())};
dataToUse = JSON.stringify(jsonValues);
tasks = ["install*init", "file*security", "file*settings.php", "file*csrfp-token", "install*cleanup", "install*cronJob"];
tasks = [ "file*settings.php","install*init", "file*security", "file*settings.php", "file*csrfp-token", "install*cleanup", "install*cronJob"];
multiple = true;
}

Expand All @@ -152,9 +146,13 @@ function checkPage()
global_error_on_query = false;
index = 0;
dbInfo = {"db_host" : $("#hid_db_host").val(), "db_bdd" : $("#hid_db_bdd").val(), "db_login" : $("#hid_db_login").val(), "db_pw" : $("#hid_db_pwd").val(), "db_port" : $("#hid_db_port").val(), "db_pre" : $("#hid_db_pre").val()};
skFile = {"sk_path" : $("#hid_sk_path").val(), "sk_filename" : $("#hid_sk_filename").val(), "sk_key" : $("#hid_sk_key").val()};

$("#step_res").val("true");
$("#pop_db").html("");

progressNotification = alertify.message('<i class="fas fa-spinner fa-spin"></i> Processing tasks...', 0); // Timeout = 0 means persistent


var promise = tasks.slice(1)
.reduce(
Expand All @@ -167,12 +165,15 @@ function checkPage()
promise.then(function(){
// do something when all requests are ready
// all requests are complete
$('.progress').addClass('hidden');
if ($("#step_res").val() === "false" || global_error_on_query === true) {
progressNotification.dismiss();
alertify
.error('<i class="fas fa-ban mr-2"></i>At least one task has failed! Please correct and relaunch.', 0)
.dismissOthers();
return false;
} else {
progressNotification.dismiss();
alertify
.success('<i class="fas fa-check text-success mr-2"></i><b>Done</b>.<br>Click next to continue', 1)
.dismissOthers();
Expand All @@ -190,18 +191,24 @@ function checkPage()
.addClass("hidden");
}
}

});
} else if (error === "" && multiple === "") {

progressNotification = alertify.message('<i class="fas fa-spinner fa-spin"></i> Processing tasks...', 0);

tsk = tasks[0].split("*");

dbInfo = {"db_host" : $("#hid_db_host").val(), "db_bdd" : $("#hid_db_bdd").val(), "db_login" : $("#hid_db_login").val(), "db_pw" : $("#hid_db_pwd").val(), "db_port" : $("#hid_db_port").val()};
skFile = {"sk_path" : $("#hid_sk_path").val(), "sk_filename" : $("#hid_sk_filename").val(), "sk_key" : $("#hid_sk_key").val()};

dataToUse = {
type: "step_"+step,
data: aesEncrypt(dataToUse),
activity: aesEncrypt(tsk[0]),
task: aesEncrypt(tsk[1]),
db: aesEncrypt(JSON.stringify(dbInfo)),
skFile: aesEncrypt(JSON.stringify(skFile)),
index: index,
multiple: multiple,
info: tsk[0]+"-"+tsk[1],
Expand Down Expand Up @@ -236,7 +243,9 @@ function checkPage()
}
});
} else {
$("#step_error").removeClass("hidden").html(error);
alertify
.error('<i class="fas fa-ban mr-2"></i>' + error + '</i><br />Please correct and relaunch.', 10)
.dismissOthers();
}
}

Expand All @@ -246,9 +255,8 @@ function checkPage()
*/
function doGetJson(task)
{
console.log("\n\n--- PREPARATION---\n"+step+"\n"+dataToUse+"\n"+dbInfo+"\n"+index+"\n"+multiple+"\n"+task+"\n-------\n")
tsk = task.split("*");

return $.ajax({
url: "install.queries.php",
type : "POST",
Expand All @@ -260,22 +268,22 @@ function doGetJson(task)
activity: aesEncrypt(tsk[0]),
task: aesEncrypt(tsk[1]),
db: aesEncrypt(JSON.stringify(dbInfo)),
skFile: aesEncrypt(JSON.stringify(skFile)),
index: index,
multiple: multiple,
info: tsk[0]+"-"+tsk[1]
}
})
.complete(function(data) {
console.log("\n\n--- RECEPTION---\n"+JSON.stringify(data, null, 2)+"\n-------\n")
if (data.responseText === "") {
alertify
.error('<i class="fas fa-ban mr-2">[ERROR] Answer from server is empty.', 10)
.dismissOthers();
} else {
data = $.parseJSON(data.responseText);
console.log("RETOUR:");
console.log(data)

if (data[0].error === "") {
progressNotification.setContent(`<i class="fas fa-spinner fa-spin"></i> Task ${tsk[1]} completed successfully.`);
if (step === "5") {
if (data[0].activity === "table") {
$("#pop_db").append("<li>Table <b>"+data[0].task+"</b> created</li>");
Expand All @@ -293,12 +301,18 @@ function doGetJson(task)
.dismissOthers();
}
} else {
$("#res"+step+"_check"+data[0].index).html('<span class="badge badge-danger"><i class="fas fa-ban text-warning mr-2"></i>' + data[0].error + "</i></span>");
progressNotification.setContent(`<i class="fas fa-ban text-danger"></i> Task ${tsk[1]} failed: ${data[0].error}`);

// Considere only a warning on GMP extension
if (data[0].index !== "16") {
if (step !== "5" && data[0].index !== "16") {
global_error_on_query = true;
}

if (step === "5") {
if (data[0].activity === "table" && data[0].error.includes("Duplicate key name") === false) {
global_error_on_query = true;
}
}
}
}
index++;
Expand Down
38 changes: 29 additions & 9 deletions install/install.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,21 @@
if (empty($post_sk_path) === true) {
$post_sk_path = filter_input(INPUT_POST, 'hid_sk_path', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
if (empty($post_sk_filename) === true) {
$post_sk_filename = filter_input(INPUT_POST, 'hid_sk_filename', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}
if (empty($post_sk_key) === true) {
$post_sk_key= filter_input(INPUT_POST, 'hid_sk_key', FILTER_SANITIZE_FULL_SPECIAL_CHARS);
}

if (isset($_COOKIE['PHPSESSID'])) {
setcookie('PHPSESSID', '', time() - 10, '/', '', false, true);
}
if (session_status() === PHP_SESSION_ACTIVE) {
session_unset();
session_destroy();
}


// Get some data
include "../includes/config/include.php";
Expand Down Expand Up @@ -133,6 +148,8 @@
<input type="hidden" name="hid_absolute_path" id="hid_absolute_path" value="', isset($post_absolute_path) ? $post_absolute_path : '', '" />
<input type="hidden" name="hid_url_path" id="hid_url_path" value="', isset($post_url_path) ? $post_url_path : '', '" />
<input type="hidden" name="hid_sk_path" id="hid_sk_path" value="', isset($post_sk_path) ? $post_sk_path : '', '" />
<input type="hidden" name="hid_sk_filename" id="hid_sk_filename" value="', isset($post_sk_path) ? $post_sk_path : '', '" />
<input type="hidden" name="hid_sk_key" id="hid_sk_key" value="', isset($post_sk_path) ? $post_sk_path : '', '" />
<div class="card card-default color-palette-box">
<div class="card-header">
Expand Down Expand Up @@ -191,6 +208,13 @@
<label>Full URL to TeamPass</label>
<input type="text" class="form-control" name="url_path" id="url_path" class="ui-widget" value="' . $protocol . $_SERVER['HTTP_HOST'] . substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/') - 8) . '">
</div>
<div class="form-group">
<label>Absolute path to secure path</label>
<small class="form-text text-muted">
For security reasons, the secure path shall be defined outside the WWW folder of your server (example: /var/teampass/). It will host an encryption key used for several Teampass features.
</small>
<input type="text" class="form-control" name="sk_path" id="sk_path" class="ui-widget" value="">
</div>
</div>
</div>
</div>
Expand All @@ -206,7 +230,8 @@
<div class="card-body">
<ul>
<li>File "/includes/config/settings.php is available"&nbsp;<span id="res2_check99"></span></li>
<li>Secure folder is available&nbsp;<span id="res2_check19"></span></li>
<li>File "/includes/config/settings.php is available&nbsp;<span id="res2_check99"></span></li>
<li>Directory "/install/" is writable&nbsp;<span id="res2_check0"></span></li>
<li>Directory "/includes/" is writable&nbsp;<span id="res2_check1"></span></li>
<li>Directory "/includes/config/" is writable&nbsp;<span id="res2_check2"></span></li>
Expand Down Expand Up @@ -297,14 +322,6 @@
<input type="text" class="form-control" name="tbl_prefix" id="tbl_prefix" class="ui-widget" value="teampass_"><span id="res4_check0"></span>
</div>
<div class="form-group">
<label>Absolute path to SaltKey</label>
<input type="text" class="form-control" name="sk_path" id="sk_path" class="ui-widget" value=""><span id="res4_check2"></span>
<small class="form-text text-muted">
The SaltKey is stored in a file called teampass-seckey.txt and hashed for security purpose. For security reasons, this file should be stored in a folder outside the WWW folder of your server (example: /var/teampass/). This key will be used to encrypt data when sharing information with users without any Teampass account. If this field remains empty, this file will be stored in folder <path to Teampass>/includes/.
</small>
</div>
<div class="form-group">
<label>Teampass Administrator password</label>
<input type="password" class="form-control" id="admin_pwd" class="ui-widget" value=""><span id="res4_check10"></span>
Expand Down Expand Up @@ -342,6 +359,9 @@
<ul id="pop_db"></ul>
</div>
</div>
<div class="card card-info hidden progress" id="step5_wip">
Work in progress... <i class="fas fa-cog fa-spin fa-2x"></i>
</div>
</div>
</div>';

Expand Down
Loading

0 comments on commit e49993f

Please sign in to comment.