upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

feat: declarative password salt, secret config

Browse source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nikolaos Karaolidis 2026-02-02 11:04:15 +00:00 committed by provokateurin
parent 34c2125217
commit d73d5a25cb
No known key found for this signature in database
2 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
core/Command/Maintenance/Install.php
View file

@ -48,7 +48,9 @@ class Install extends Command {
->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin') ->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin')
->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account') ->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account')
->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account') ->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account')
->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data'); ->addOption('data-dir', null, InputOption::VALUE_REQUIRED, 'Path to data directory', \OC::$SERVERROOT . '/data')
->addOption('password-salt', null, InputOption::VALUE_OPTIONAL, 'Password salt, at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters (will be randomly generated if not provided)')
->addOption('server-secret', null, InputOption::VALUE_OPTIONAL, 'Server secret, at least ' . Setup::MIN_SECRET_LENGTH . ' characters (will be randomly generated if not provided)');
} }
protected function execute(InputInterface $input, OutputInterface $output): int { protected function execute(InputInterface $input, OutputInterface $output): int {
@ -152,6 +154,16 @@ class Install extends Command {
throw new InvalidArgumentException('Invalid e-mail-address <' . $adminEmail . '> for <' . $adminLogin . '>.'); throw new InvalidArgumentException('Invalid e-mail-address <' . $adminEmail . '> for <' . $adminLogin . '>.');
} }
$passwordSalt = $input->getOption('password-salt');
$secret = $input->getOption('server-secret');
if ($passwordSalt !== null && strlen($passwordSalt) < Setup::MIN_PASSWORD_SALT_LENGTH) {
throw new InvalidArgumentException('Password salt must be at least ' . Setup::MIN_PASSWORD_SALT_LENGTH . ' characters long.');
}
if ($secret !== null && strlen($secret) < Setup::MIN_SECRET_LENGTH) {
throw new InvalidArgumentException('Server secret must be at least ' . Setup::MIN_SECRET_LENGTH . ' characters long.');
}
$options = [ $options = [
'dbtype' => $db, 'dbtype' => $db,
'dbuser' => $dbUser, 'dbuser' => $dbUser,
@ -162,7 +174,9 @@ class Install extends Command {
'adminlogin' => $adminLogin, 'adminlogin' => $adminLogin,
'adminpass' => $adminPassword, 'adminpass' => $adminPassword,
'adminemail' => $adminEmail, 'adminemail' => $adminEmail,
'directory' => $dataDir 'directory' => $dataDir,
'passwordsalt' => $passwordSalt,
'secret' => $secret,
]; ];
if ($db === 'oci') { if ($db === 'oci') {
$options['dbtablespace'] = $input->getParameterOption('--database-table-space', ''); $options['dbtablespace'] = $input->getParameterOption('--database-table-space', '');

9
lib/private/Setup.php
View file

@ -43,6 +43,9 @@ use OCP\ServerVersion;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
class Setup { class Setup {
public const MIN_PASSWORD_SALT_LENGTH = 30;
public const MIN_SECRET_LENGTH = 48;
protected IL10N $l10n; protected IL10N $l10n;
public function __construct( public function __construct(
@ -357,10 +360,8 @@ class Setup {
$dbType = 'sqlite3'; $dbType = 'sqlite3';
} }
//generate a random salt that is used to salt the local passwords $salt = $options['passwordsalt'] ?: $this->random->generate(self::MIN_PASSWORD_SALT_LENGTH);
$salt = $this->random->generate(30); $secret = $options['secret'] ?: $this->random->generate(self::MIN_SECRET_LENGTH);
// generate a secret
$secret = $this->random->generate(48);
//write the config file //write the config file
$newConfigValues = [ $newConfigValues = [