From: Marcin Haba <marcin.haba@bacula.pl>
Date: Fri, 17 Aug 2018 21:08:44 +0000 (+0200)
Subject: baculum: Do not store any main oauth2 client nor main http basic user in api config
X-Git-Tag: Release-9.2.2~28
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dd7000bf45eeefb3e48e46cfe02d02936c865ab0;p=thirdparty%2Fbacula.git

baculum: Do not store any main oauth2 client nor main http basic user in api config
---

diff --git a/gui/baculum/protected/API/Pages/Panel/APIHome.page b/gui/baculum/protected/API/Pages/Panel/APIHome.page
index d52f8d7f6..258422712 100644
--- a/gui/baculum/protected/API/Pages/Panel/APIHome.page
+++ b/gui/baculum/protected/API/Pages/Panel/APIHome.page
@@ -62,8 +62,9 @@
 					<com:TActiveLinkButton
 						Text="<%[ Delete ]%>"
 						OnCommand="SourceTemplateControl.deleteBasicItem"
-						CommandParameter="<%=$this->getParent()->Data['username']%>"
-						Attributes.onclick="if(!confirm('<%[ Are you sure? ]%>')) return false;"
+						CommandParameter="<%#$this->getParent()->Data['username']%>"
+						Attributes.onclick="return confirm('<%[ Are you sure? ]%>')"
+						Visible="<%=($this->getParent()->getParent()->getItemCount() > 1)%>"
 					/>
 				</prop:ItemTemplate>
 				</com:TTemplateColumn>
@@ -106,8 +107,9 @@
 					<com:TActiveLinkButton
 						Text="<%[ Delete ]%>"
 						OnCommand="SourceTemplateControl.deleteOAuth2Item"
-						CommandParameter="<%=$this->getParent()->Data['client_id']%>"
+						CommandParameter="<%#$this->getParent()->Data['client_id']%>"
 						Attributes.onclick="if(!confirm('<%[ Are you sure? ]%>')) return false;"
+						Visible="<%=($this->getParent()->getParent()->getItemCount() > 1)%>"
 					/>
 				</prop:ItemTemplate>
 				</com:TTemplateColumn>
@@ -269,6 +271,7 @@
 				this.set_auth_params();
 				this.init_auth();
 				this.init_tabs();
+				this.change_auth_params();
 			},
 			init_auth: function() {
 				if (typeof(this.baculum_auth) == 'object') {
@@ -353,10 +356,12 @@
 					this.set_default_command(el.value);
 				}.bind(this));
 				var auth_params_combo = document.getElementById(this.ids.auth_params_combo);
-				auth_params_combo.addEventListener('change', function(e) {
-					this.auth_params_cb.setCallbackParameter(auth_params_combo.value)
-					this.auth_params_cb.dispatch();
-				}.bind(this));
+				auth_params_combo.addEventListener('change', this.change_auth_params.bind(this));
+			},
+			change_auth_params: function(e) {
+				var auth_params_combo = document.getElementById(this.ids.auth_params_combo);
+				this.auth_params_cb.setCallbackParameter(auth_params_combo.value)
+				this.auth_params_cb.dispatch();
 			},
 			set_default_command: function(section) {
 				if (this.default_commands.hasOwnProperty(section)) {
@@ -369,7 +374,8 @@
 				if (this.baculum_auth.auth_type == 'oauth2' && this.token) {
 					headers = {'Authorization': 'Bearer ' + this.token};
 				} else if (this.baculum_auth.auth_type == 'basic') {
-					headers = {'Authorization': 'Basic ' + btoa(this.baculum_auth.login + ":" + this.baculum_auth.password)};
+					// Password is not known so don't send auth header (it should be inherited automatically)
+					// headers = {'Authorization': 'Basic ' + btoa(this.baculum_auth.login + ":" + this.baculum_auth.password)};
 				}
 				this.clear_result();
 				var request = $.ajax({
diff --git a/gui/baculum/protected/API/Pages/Panel/APIHome.php b/gui/baculum/protected/API/Pages/Panel/APIHome.php
index 519c1f0ac..c5f2a2136 100644
--- a/gui/baculum/protected/API/Pages/Panel/APIHome.php
+++ b/gui/baculum/protected/API/Pages/Panel/APIHome.php
@@ -53,8 +53,6 @@ class APIHome extends BaculumAPIPage {
 			$client_id = null;
 			if (is_object($param)) {
 				$client_id = $param->CallbackParameter;
-			} elseif (key_exists($config['api']['client_id'], $oauth2_cfg)) {
-				$client_id = $config['api']['client_id'];
 			}
 			if (is_string($client_id)) {
 				$params = array(
@@ -65,12 +63,12 @@ class APIHome extends BaculumAPIPage {
 				);
 			}
 		} elseif ($config['api']['auth_type'] === 'basic') {
-			if (is_null($param)) {
-				$params['login'] = $config['api']['login'];
-				$params['password'] = $config['api']['password'];
-			} elseif (is_object($param)) {
+			if (is_object($param)) {
 				$params['login'] = $param->CallbackParameter;
 				$params['password'] = '';
+			} else {
+				// no auth params, possibly no authentication
+				$params['login'] = $params['password'] = '';
 			}
 		}
 		$params = array_merge($base_params, $params);
diff --git a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.page b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.page
index 0466b9de3..9048f44c4 100644
--- a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.page
+++ b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.page
@@ -431,7 +431,6 @@
 					ID="AuthOAuth2"
 					GroupName="SelectAuth"
 					Attributes.onclick="$('#configure_basic_auth').hide();$('#configure_oauth2_auth').show();"
-					OnCallback="setOAuth2Validation"
 				/>
 				<com:TLabel
 					ForControl="AuthOAuth2"
@@ -444,7 +443,6 @@
 					GroupName="SelectAuth"
 					Checked="true"
 					Attributes.onclick="$('#configure_oauth2_auth').hide();$('#configure_basic_auth').show();"
-					OnCallback="setBasicValidation"
 				/>
 				<com:TLabel
 					ForControl="AuthBasic"
@@ -812,38 +810,42 @@
 						<%=$this->AuthOAuth2->Checked ? 'OAuth2' : ''%>
 					</div>
 				</div>
-				<div style="display: <%=$this->AuthBasic->Checked ? 'block' : 'none'%>">
-					<div class="line">
-						<div class="text"><%[ Administration login: ]%></div>
-						<div class="field bold"><%=$this->APILogin->Text%></div>
-					</div>
-					<div class="line">
-						<div class="text"><%[ Administration password: ]%></div>
-						<div class="field bold"><%=preg_replace('/.{1}/', '*', $this->APIPassword->Text)%></div>
-					</div>
-				</div>
-				<div style="display: <%=$this->AuthOAuth2->Checked ? 'block' : 'none'%>">
-					<div class="line">
-						<div class="text">Client ID:</div>
-						<div class="field bold"><%=$this->APIOAuth2ClientId->Text%></div>
-					</div>
-					<div class="line">
-						<div class="text">Client Secret:</div>
-						<div class="field bold"><%=preg_replace('/.{1}/', '*', $this->APIOAuth2ClientSecret->Text)%></div>
-					</div>
-					<div class="line">
-						<div class="text">Redirect URI:</div>
-						<div class="field bold"><%=$this->APIOAuth2RedirectURI->Text%></div>
-					</div>
-					<div class="line">
-						<div class="text">Scope:</div>
-						<div class="field bold"><%=$this->APIOAuth2Scope->Text%></div>
+				<com:TPanel Visible="<%=$this->first_run%>">
+					<div style="display: <%=$this->AuthBasic->Checked ? 'block' : 'none'%>">
+						<div class="line">
+							<div class="text"><%[ Administration login: ]%></div>
+							<div class="field bold"><%=$this->APILogin->Text%></div>
+						</div>
+						<div class="line">
+							<div class="text"><%[ Administration password: ]%></div>
+							<div class="field bold"><%=preg_replace('/.{1}/', '*', $this->APIPassword->Text)%></div>
+						</div>
 					</div>
-					<div class="line">
-						<div class="text"><%[ Dedicated Bconsole config file path: ]%></div>
-						<div class="field bold"><%=!empty($this->APIOAuth2BconsoleCfgPath->Text) ? $this->APIOAuth2BconsoleCfgPath->Text : '-'%></div>
+				</com:TPanel>
+				<com:TPanel Visible="<%=($this->first_run || $this->add_auth_params)%>">
+					<div style="display: <%=$this->AuthOAuth2->Checked ? 'block' : 'none'%>">
+						<div class="line">
+							<div class="text">Client ID:</div>
+							<div class="field bold"><%=$this->APIOAuth2ClientId->Text%></div>
+						</div>
+						<div class="line">
+							<div class="text">Client Secret:</div>
+							<div class="field bold"><%=preg_replace('/.{1}/', '*', $this->APIOAuth2ClientSecret->Text)%></div>
+						</div>
+						<div class="line">
+							<div class="text">Redirect URI:</div>
+							<div class="field bold"><%=$this->APIOAuth2RedirectURI->Text%></div>
+						</div>
+						<div class="line">
+							<div class="text">Scope:</div>
+							<div class="field bold"><%=$this->APIOAuth2Scope->Text%></div>
+						</div>
+						<div class="line">
+							<div class="text"><%[ Dedicated Bconsole config file path: ]%></div>
+							<div class="field bold"><%=!empty($this->APIOAuth2BconsoleCfgPath->Text) ? $this->APIOAuth2BconsoleCfgPath->Text : '-'%></div>
+						</div>
 					</div>
-				</div>
+				</com:TPanel>
 			</fieldset>
 		</com:TWizardStep>
 	</com:TWizard>
diff --git a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
index c27ef6e0e..a968a70e3 100644
--- a/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
+++ b/gui/baculum/protected/API/Pages/Panel/APIInstallWizard.php
@@ -3,7 +3,7 @@
  * Bacula(R) - The Network Backup Solution
  * Baculum   - Bacula web interface
  *
- * Copyright (C) 2013-2016 Kern Sibbald
+ * Copyright (C) 2013-2018 Kern Sibbald
  *
  * The main author of Baculum is Marcin Haba.
  * The original author of Bacula is Kern Sibbald, with contributions
@@ -145,22 +145,10 @@ class APIInstallWizard extends BaculumAPIPage {
 					// API basic auth data
 					$this->AuthBasic->Checked = true;
 					$this->AuthOAuth2->Checked = false;
-					$this->APILogin->Text = $this->config['api']['login'];
-					$this->APIPassword->Text = $this->config['api']['password'];
-					$this->RetypeAPIPassword->Text = $this->config['api']['password'];
 				} elseif ($this->config['api']['auth_type'] === 'oauth2') {
 					// API oauth2 auth data
 					$this->AuthBasic->Checked = false;
 					$this->AuthOAuth2->Checked = true;
-					$oauth2_cfg = $this->getModule('oauth2_config')->getConfig();
-					if (key_exists($this->config['api']['client_id'], $oauth2_cfg)) {
-						$this->APIOAuth2ClientId->Text = $this->config['api']['client_id'];
-						$this->APIOAuth2ClientSecret->Text = $oauth2_cfg[$this->config['api']['client_id']]['client_secret'];
-						$this->APIOAuth2RedirectURI->Text = $oauth2_cfg[$this->config['api']['client_id']]['redirect_uri'];
-						$this->APIOAuth2Scope->Text = $oauth2_cfg[$this->config['api']['client_id']]['scope'];
-						$this->APIOAuth2BconsoleCfgPath->Text = $oauth2_cfg[$this->config['api']['client_id']]['bconsole_cfg_path'];
-						$this->APIOAuth2Name->Text = $oauth2_cfg[$this->config['api']['client_id']]['name'];
-					}
 				}
 			}
 		}
@@ -185,11 +173,8 @@ class APIInstallWizard extends BaculumAPIPage {
 		);
 		if ($this->AuthBasic->Checked) {
 			$cfg_data['api']['auth_type'] =  'basic';
-			$cfg_data['api']['login'] = $this->APILogin->Text;
-			$cfg_data['api']['password'] = $this->APIPassword->Text;
 		} elseif($this->AuthOAuth2->Checked) {
 			$cfg_data['api']['auth_type'] =  'oauth2';
-			$cfg_data['api']['client_id'] = $this->APIOAuth2ClientId->Text;
 		}
 		$cfg_data['api']['debug'] = isset($this->config['api']['debug']) ? $this->config['api']['debug'] : "0";
 		$cfg_data['api']['lang'] = isset($_SESSION['language']) ? $_SESSION['language'] : APIConfig::DEFAULT_LANGUAGE;
@@ -218,18 +203,17 @@ class APIInstallWizard extends BaculumAPIPage {
 		$cfg_data['jsontools']['bcons_cfg_path'] = $this->BconsCfgPath->Text;
 
 		$ret = $this->getModule('api_config')->setConfig($cfg_data);
-		if($ret) {
+		if ($ret && ($this->first_run || $this->add_auth_params)) {
 			if ($this->AuthBasic->Checked && $this->getModule('basic_apiuser')->isUsersConfig()) {
-				$previous_user = !$this->first_run && array_key_exists('login', $this->config['api']) ? $this->config['api']['login'] : null;
 				$this->getModule('basic_apiuser')->setUsersConfig(
-					$cfg_data['api']['login'],
-					$cfg_data['api']['password'],
-					$this->first_run,
-					$previous_user
+					$this->APILogin->Text,
+					$this->APIPassword->Text,
+					true,
+					$_SERVER['PHP_AUTH_USER']
 				);
 
 				// Automatic login after finish wizard.
-				$this->switchToUser($cfg_data['api']['login'], $cfg_data['api']['password']);
+				$this->switchToUser($this->APILogin->Text, $this->APIPassword->Text);
 				// here is exit
 			}
 			if ($this->AuthOAuth2->Checked) {
@@ -243,8 +227,8 @@ class APIInstallWizard extends BaculumAPIPage {
 				$oauth2_cfg[$this->APIOAuth2ClientId->Text]['name'] = $this->APIOAuth2Name->Text;
 				$this->getModule('oauth2_config')->setConfig($oauth2_cfg);
 			}
-			$this->goToDefaultPage();
 		}
+		$this->goToDefaultPage();
 
 	}