upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 12

feat: declarative password salt, secret config

Browse source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nikolaos Karaolidis 2026-02-02 11:04:15 +00:00 committed by provokateurin
parent 34c2125217
commit d73d5a25cb
No known key found for this signature in database
2 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
core/Command/Maintenance/Install.php
View file

@ -48,7 +48,9 @@ class Install extends Command {
->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin')
->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account')
->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account')
->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data');
->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data')
->addOption('password-salt', null, InputOption::VALUE_OPTIONAL, 'Password salt, at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters (will be randomly generated if not provided)')
->addOption('server-secret', null, InputOption::VALUE_OPTIONAL, 'Server secret, at least ' . Setup::MIN_SECRET_LENGTH . ' characters (will be randomly generated if not provided)');
}
protected function execute(InputInterface $input, OutputInterface $output): int {
@ -152,6 +154,16 @@ class Install extends Command {
throw new InvalidArgumentException('Invalid e-mail-address <' . $adminEmail . '> for <' . $adminLogin . '>.');
}
$passwordSalt = $input->getOption('password-salt');
$secret = $input->getOption('server-secret');
if ($passwordSalt !== null && strlen($passwordSalt) < Setup::MIN_PASSWORD_SALT_LENGTH) {
throw new InvalidArgumentException('Password salt must be at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters long.');
}
if ($secret !== null && strlen($secret) < Setup::MIN_SECRET_LENGTH) {
throw new InvalidArgumentException('Server secret must be at least ' . Setup::MIN_SECRET_LENGTH . ' characters long.');
}
$options = [
'dbtype' => $db,
'dbuser' => $dbUser,
@ -162,7 +174,9 @@ class Install extends Command {
'adminlogin' => $adminLogin,
'adminpass' => $adminPassword,
'adminemail' => $adminEmail,
'directory' => $dataDir
'directory' => $dataDir,
'passwordsalt' => $passwordSalt,
'secret' => $secret,
];
if ($db === 'oci') {
$options['dbtablespace'] = $input->getParameterOption('--database-table-space', '');

9
lib/private/Setup.php
View file

@ -43,6 +43,9 @@ use OCP\ServerVersion;
use Psr\Log\LoggerInterface;
class Setup {
public const MIN_PASSWORD_SALT_LENGTH = 30;
public const MIN_SECRET_LENGTH = 48;
protected IL10N $l10n;
public function __construct(
@ -357,10 +360,8 @@ class Setup {
$dbType = 'sqlite3';
}
//generate a random salt that is used to salt the local passwords
$salt = $this->random->generate(30);
// generate a secret
$secret = $this->random->generate(48);
$salt = $options['passwordsalt'] ?: $this->random->generate(self::MIN_PASSWORD_SALT_LENGTH);
$secret = $options['secret'] ?: $this->random->generate(self::MIN_SECRET_LENGTH);
//write the config file
$newConfigValues = [