From 79da05700be298752b6a1429858a549738b9d796 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Fri, 18 Apr 2025 12:29:44 +0200 Subject: [PATCH 1/6] Added mandatory admin user password altering on `ibexa:install` --- phpstan-baseline.neon | 12 ++++++++++ .../Command/InstallPlatformCommand.php | 22 +++++++++++++++++++ 2 files changed, 34 insertions(+) diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon index 1a7c8538ea..bb988256fb 100644 --- a/phpstan-baseline.neon +++ b/phpstan-baseline.neon @@ -3498,6 +3498,12 @@ parameters: count: 1 path: src/bundle/Core/Fragment/SiteAccessSerializationTrait.php + - + message: '#^Method Ibexa\\Bundle\\Core\\IbexaCoreBundle\:\:getContainerExtension\(\) never returns null so it can be removed from the return type\.$#' + identifier: return.unusedType + count: 1 + path: src/bundle/Core/IbexaCoreBundle.php + - message: '#^Method Ibexa\\Bundle\\Core\\Imagine\\AliasCleaner\:\:removeAliases\(\) has no return type specified\.$#' identifier: missingType.return @@ -12828,6 +12834,12 @@ parameters: count: 1 path: src/lib/MVC/Symfony/Security/UserInterface.php + - + message: '#^Property Ibexa\\Core\\MVC\\Symfony\\Security\\UserWrapped\:\:\$apiUser in isset\(\) is not nullable nor uninitialized\.$#' + identifier: isset.initializedProperty + count: 1 + path: src/lib/MVC/Symfony/Security/UserWrapped.php + - message: '#^Method Ibexa\\Core\\MVC\\Symfony\\SiteAccess\:\:__construct\(\) has parameter \$groups with no value type specified in iterable type array\.$#' identifier: missingType.iterableValue diff --git a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php index 240b971bc1..3395a9724e 100644 --- a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php +++ b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php @@ -108,6 +108,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int $installer->importSchema(); $installer->importData(); $installer->importBinaries(); + + $this->changeDefaultAdminPassword($input); + $this->cacheClear($output); if (!$input->getOption('skip-indexing')) { @@ -272,4 +275,23 @@ private function executeCommand(OutputInterface $output, $cmd, $timeout = 300) throw new \RuntimeException(sprintf('An error occurred when executing the "%s" command.', escapeshellarg($cmd))); } } + + private function changeDefaultAdminPassword(InputInterface $input): void + { + $io = new SymfonyStyle($input, $this->output); + $io->warning(<<askHidden('Password (your input will be hidden)'); + + $this->executeCommand( + $this->output, + 'ibexa:user:update-user admin --password=' . $password + ); + } } From 3ab4fbc70c8f96da55b72ec63a8a180419ff31a1 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Fri, 18 Apr 2025 14:08:05 +0200 Subject: [PATCH 2/6] cr remarks --- .../Command/InstallPlatformCommand.php | 51 ++++++++++++++----- 1 file changed, 37 insertions(+), 14 deletions(-) diff --git a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php index 3395a9724e..ec4ad1e000 100644 --- a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php +++ b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php @@ -9,9 +9,11 @@ use Doctrine\DBAL\Connection; use Ibexa\Contracts\Core\Container\ApiLoader\RepositoryConfigurationProviderInterface; +use Ibexa\Contracts\Core\Repository\Exceptions\ContentFieldValidationException; use Psr\Cache\CacheItemPoolInterface; use Symfony\Component\Console\Attribute\AsCommand; use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Input\ArrayInput; use Symfony\Component\Console\Input\InputArgument; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Input\InputOption; @@ -84,9 +86,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int $this->checkParameters(); $this->checkCreateDatabase($output); + $io = new SymfonyStyle($input, $output); $schemaManager = $this->connection->getSchemaManager(); if (!empty($schemaManager->listTables())) { - $io = new SymfonyStyle($input, $output); if (!$io->confirm('Running this command will delete data in all Ibexa generated tables. Continue?')) { return self::SUCCESS; } @@ -109,7 +111,13 @@ protected function execute(InputInterface $input, OutputInterface $output): int $installer->importData(); $installer->importBinaries(); - $this->changeDefaultAdminPassword($input); + $io->warning( + 'For security reasons, you\'re required to change the default admin password. Remember to follow currently set password validation rules.' + ); + + do { + $exitCode = $this->changeDefaultAdminPassword($input); + } while ($exitCode !== self::SUCCESS); $this->cacheClear($output); @@ -276,22 +284,37 @@ private function executeCommand(OutputInterface $output, $cmd, $timeout = 300) } } - private function changeDefaultAdminPassword(InputInterface $input): void + private function changeDefaultAdminPassword(InputInterface $input): int { $io = new SymfonyStyle($input, $this->output); - $io->warning(<<askHidden('Password (your input will be hidden)'); - $this->executeCommand( - $this->output, - 'ibexa:user:update-user admin --password=' . $password + $commandInput = new ArrayInput([ + 'command' => 'ibexa:user:update-user', + 'user' => 'admin', + '--password' => $password, + ]); + + $commandInput->setInteractive( + $commandInput->isInteractive() ); + + $application = $this->getApplication(); + + if ($application === null) { + $io->error('Command application not found'); + + return self::FAILURE; + } + + try { + $application->doRun($commandInput, $this->output); + } catch (ContentFieldValidationException $e) { + $io->error($e->getMessage()); + + return self::FAILURE; + } + + return self::SUCCESS; } } From a0829efa4be079df48ea58fe6a866dfb8b03731d Mon Sep 17 00:00:00 2001 From: konradoboza Date: Fri, 18 Apr 2025 14:22:47 +0200 Subject: [PATCH 3/6] cr remarks 2 --- .../RepositoryInstaller/Command/InstallPlatformCommand.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php index ec4ad1e000..d906db2349 100644 --- a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php +++ b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php @@ -296,7 +296,7 @@ private function changeDefaultAdminPassword(InputInterface $input): int ]); $commandInput->setInteractive( - $commandInput->isInteractive() + $input->isInteractive() ); $application = $this->getApplication(); From afc3533a94e6fa71dd8392b4172f5a4b78d52531 Mon Sep 17 00:00:00 2001 From: konradoboza Date: Fri, 18 Apr 2025 14:25:03 +0200 Subject: [PATCH 4/6] cr remarks 3 --- .../RepositoryInstaller/Command/InstallPlatformCommand.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php index d906db2349..98865fb52e 100644 --- a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php +++ b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php @@ -10,6 +10,7 @@ use Doctrine\DBAL\Connection; use Ibexa\Contracts\Core\Container\ApiLoader\RepositoryConfigurationProviderInterface; use Ibexa\Contracts\Core\Repository\Exceptions\ContentFieldValidationException; +use LogicException; use Psr\Cache\CacheItemPoolInterface; use Symfony\Component\Console\Attribute\AsCommand; use Symfony\Component\Console\Command\Command; @@ -302,9 +303,7 @@ private function changeDefaultAdminPassword(InputInterface $input): int $application = $this->getApplication(); if ($application === null) { - $io->error('Command application not found'); - - return self::FAILURE; + throw new LogicException('Command application not found'); } try { From b0f3010769f0dd4768cc160c739cf6b91e1e112c Mon Sep 17 00:00:00 2001 From: konradoboza Date: Tue, 22 Apr 2025 11:56:44 +0200 Subject: [PATCH 5/6] skipped checking password when `--no-interaction` is used --- .../Command/InstallPlatformCommand.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php index 98865fb52e..459daa585c 100644 --- a/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php +++ b/src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php @@ -112,13 +112,15 @@ protected function execute(InputInterface $input, OutputInterface $output): int $installer->importData(); $installer->importBinaries(); - $io->warning( - 'For security reasons, you\'re required to change the default admin password. Remember to follow currently set password validation rules.' - ); + if ($input->isInteractive()) { + $io->warning( + 'For security reasons, you\'re required to change the default admin password. Remember to follow currently set password validation rules.' + ); - do { - $exitCode = $this->changeDefaultAdminPassword($input); - } while ($exitCode !== self::SUCCESS); + do { + $exitCode = $this->changeDefaultAdminPassword($input); + } while ($exitCode !== self::SUCCESS); + } $this->cacheClear($output); @@ -296,10 +298,6 @@ private function changeDefaultAdminPassword(InputInterface $input): int '--password' => $password, ]); - $commandInput->setInteractive( - $input->isInteractive() - ); - $application = $this->getApplication(); if ($application === null) { From ef8bf71e2260cf1612076e887e0c8b22969b6c3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20Szo=C5=82tysek?= Date: Tue, 22 Apr 2025 12:19:47 +0200 Subject: [PATCH 6/6] [tmp] ci-scripts branch --- .github/workflows/browser-tests.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/browser-tests.yaml b/.github/workflows/browser-tests.yaml index 345c838fdc..a562b7405d 100644 --- a/.github/workflows/browser-tests.yaml +++ b/.github/workflows/browser-tests.yaml @@ -12,6 +12,7 @@ jobs: name: "Kernel Behat Core tests" uses: ibexa/gh-workflows/.github/workflows/browser-tests.yml@main with: + ci-scripts-branch: 'ibx-9898' project-edition: 'oss' test-setup-phase-1: '--mode=standard --profile=core --suite=setup' test-suite: "--mode=standard --profile=core --tags='~@broken&&~@setup'"