Skip to content

IBX-9898: Added mandatory admin user password altering on ibexa:install #525

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

IBX-9898: Added mandatory admin user password altering on ibexa:install #525

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
79da057
Added mandatory admin user password altering on `ibexa:install`
konradoboza Apr 18, 2025
3ab4fbc
cr remarks
konradoboza Apr 18, 2025
a0829ef
cr remarks 2
konradoboza Apr 18, 2025
afc3533
cr remarks 3
konradoboza Apr 18, 2025
b0f3010
skipped checking password when `--no-interaction` is used
konradoboza Apr 22, 2025
ef8bf71
[tmp] ci-scripts branch
micszo Apr 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions phpstan-baseline.neon
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3498,6 +3498,12 @@ parameters:
count: 1
path: src/bundle/Core/Fragment/SiteAccessSerializationTrait.php

-
message: '#^Method Ibexa\\Bundle\\Core\\IbexaCoreBundle\:\:getContainerExtension\(\) never returns null so it can be removed from the return type\.$#'
identifier: return.unusedType
count: 1
path: src/bundle/Core/IbexaCoreBundle.php

-
message: '#^Method Ibexa\\Bundle\\Core\\Imagine\\AliasCleaner\:\:removeAliases\(\) has no return type specified\.$#'
identifier: missingType.return
Expand Down Expand Up @@ -12828,6 +12834,12 @@ parameters:
count: 1
path: src/lib/MVC/Symfony/Security/UserInterface.php

-
message: '#^Property Ibexa\\Core\\MVC\\Symfony\\Security\\UserWrapped\:\:\$apiUser in isset\(\) is not nullable nor uninitialized\.$#'
identifier: isset.initializedProperty
count: 1
path: src/lib/MVC/Symfony/Security/UserWrapped.php

-
message: '#^Method Ibexa\\Core\\MVC\\Symfony\\SiteAccess\:\:__construct\(\) has parameter \$groups with no value type specified in iterable type array\.$#'
identifier: missingType.iterableValue
Expand Down
46 changes: 45 additions & 1 deletion src/bundle/RepositoryInstaller/Command/InstallPlatformCommand.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,12 @@

use Doctrine\DBAL\Connection;
use Ibexa\Contracts\Core\Container\ApiLoader\RepositoryConfigurationProviderInterface;
use Ibexa\Contracts\Core\Repository\Exceptions\ContentFieldValidationException;
use LogicException;
use Psr\Cache\CacheItemPoolInterface;
use Symfony\Component\Console\Attribute\AsCommand;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\ArrayInput;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
Expand Down Expand Up @@ -84,9 +87,9 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$this->checkParameters();
$this->checkCreateDatabase($output);

$io = new SymfonyStyle($input, $output);
$schemaManager = $this->connection->getSchemaManager();
if (!empty($schemaManager->listTables())) {
$io = new SymfonyStyle($input, $output);
if (!$io->confirm('Running this command will delete data in all Ibexa generated tables. Continue?')) {
return self::SUCCESS;
}
Expand All @@ -108,6 +111,15 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$installer->importSchema();
$installer->importData();
$installer->importBinaries();

$io->warning(
'For security reasons, you\'re required to change the default admin password. Remember to follow currently set password validation rules.'
);

do {
$exitCode = $this->changeDefaultAdminPassword($input);
} while ($exitCode !== self::SUCCESS);

$this->cacheClear($output);

if (!$input->getOption('skip-indexing')) {
Expand Down Expand Up @@ -272,4 +284,36 @@ private function executeCommand(OutputInterface $output, $cmd, $timeout = 300)
throw new \RuntimeException(sprintf('An error occurred when executing the "%s" command.', escapeshellarg($cmd)));
}
}

private function changeDefaultAdminPassword(InputInterface $input): int
{
$io = new SymfonyStyle($input, $this->output);
$password = $io->askHidden('Password (your input will be hidden)');

$commandInput = new ArrayInput([
'command' => 'ibexa:user:update-user',
'user' => 'admin',
'--password' => $password,
]);

$commandInput->setInteractive(
$input->isInteractive()
);

$application = $this->getApplication();

if ($application === null) {
throw new LogicException('Command application not found');
}

try {
$application->doRun($commandInput, $this->output);
} catch (ContentFieldValidationException $e) {
$io->error($e->getMessage());

return self::FAILURE;
}

return self::SUCCESS;
}
}
Loading