[TASK] Decouple security report from install tool 11/35611/5
authorFrederic Gaus <gaus@flagbit.de>
Sat, 20 Dec 2014 19:42:57 +0000 (20:42 +0100)
committerBenjamin Mack <benni@typo3.org>
Sat, 3 Jan 2015 12:25:39 +0000 (13:25 +0100)
Decouple \TYPO3\CMS\Reports\Report\SecurityStatus from install tools. In
this status report several checks are made which are closely coupled to
the install tool. This patch decouples them by introducing a security
status check in the install tool extension

Change-Id: I50e26107a8fc249a3fbe7592a67751c5513388e6
Resolves: #64002
Releases: master
Reviewed-on: http://review.typo3.org/35611
Reviewed-by: Helmut Hummel <helmut.hummel@typo3.org>
Reviewed-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Tested-by: Mathias Schreiber <mathias.schreiber@wmdb.de>
Reviewed-by: Benjamin Mack <benni@typo3.org>
Tested-by: Benjamin Mack <benni@typo3.org>
typo3/sysext/install/Classes/Report/SecurityStatusReport.php [new file with mode: 0644]
typo3/sysext/install/Resources/Private/Language/Report/locallang.xlf
typo3/sysext/install/ext_tables.php
typo3/sysext/reports/Classes/Report/Status/SecurityStatus.php

diff --git a/typo3/sysext/install/Classes/Report/SecurityStatusReport.php b/typo3/sysext/install/Classes/Report/SecurityStatusReport.php
new file mode 100644 (file)
index 0000000..59e2a54
--- /dev/null
@@ -0,0 +1,127 @@
+<?php
+namespace TYPO3\CMS\Install\Report;
+
+/*
+ * This file is part of the TYPO3 CMS project.
+ *
+ * It is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License, either version 2
+ * of the License, or any later version.
+ *
+ * For the full copyright and license information, please read the
+ * LICENSE.txt file that was distributed with this source code.
+ *
+ * The TYPO3 project - inspiring people to share!
+ */
+
+use TYPO3\CMS\Backend\Utility\BackendUtility;
+use TYPO3\CMS\Core\Utility\GeneralUtility;
+use TYPO3\CMS\Install\Service\Exception;
+use TYPO3\CMS\Reports\Status;
+use TYPO3\CMS\Install\Service\EnableFileService;
+
+/**
+ * Provides an status report of the security of the install tool
+ *
+ * @author Ingo Renner <ingo@typo3.org>
+ * @author Frederic Gaus <frederic.gaus@typo3.org>
+ *
+ */
+class SecurityStatusReport implements \TYPO3\CMS\Reports\StatusProviderInterface {
+
+       /**
+        * Compiles a collection of system status checks as a status report.
+        *
+        * @return Status[]
+        */
+       public function getStatus() {
+               $this->executeAdminCommand();
+               $statuses = array(
+                       'installToolPassword' => $this->getInstallToolPasswordStatus(),
+                       'installToolProtection' => $this->getInstallToolProtectionStatus()
+               );
+               return $statuses;
+       }
+
+       /**
+        * Checks whether the Install Tool password is set to its default value.
+        *
+        * @return Status An object representing the security of the install tool password
+        */
+       protected function getInstallToolPasswordStatus() {
+               $value = $GLOBALS['LANG']->getLL('status_ok');
+               $message = '';
+               $severity = Status::OK;
+               $validPassword = TRUE;
+               $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
+               $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
+               if (is_object($saltFactory)) {
+                       $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
+               } elseif ($installToolPassword === md5('joh316')) {
+                       $validPassword = FALSE;
+               }
+               if (!$validPassword) {
+                       $value = $GLOBALS['LANG']->getLL('status_insecure');
+                       $severity = Status::ERROR;
+                       $changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('system_InstallInstall');
+                       $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.installtool_default_password'),
+                               '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">', '</a>');
+               }
+               return GeneralUtility::makeInstance(Status::class,
+                       $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installToolPassword'), $value, $message, $severity);
+       }
+
+       /**
+        * Checks for the existence of the ENABLE_INSTALL_TOOL file.
+        *
+        * @return Status An object representing whether ENABLE_INSTALL_TOOL exists
+        */
+       protected function getInstallToolProtectionStatus() {
+               $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
+               $value = $GLOBALS['LANG']->getLL('status_disabled');
+               $message = '';
+               $severity = Status::OK;
+               if (EnableFileService::installToolEnableFileExists()) {
+                       if (EnableFileService::isInstallToolEnableFilePermanent()) {
+                               $severity = Status::WARNING;
+                               $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
+                               $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledPermanently');
+                               $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled'),
+                                       '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>');
+                               $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
+                                       $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
+                       } else {
+                               if (EnableFileService::installToolEnableFileLifetimeExpired()) {
+                                       EnableFileService::removeInstallToolEnableFile();
+                               } else {
+                                       $severity = Status::NOTICE;
+                                       $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
+                                       $value = $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_enabledTemporarily');
+                                       $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installEnabledTemporarily'),
+                                               '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>', floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60));
+                                       $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
+                                               $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
+                               }
+                       }
+               }
+               return GeneralUtility::makeInstance(Status::class,
+                       $GLOBALS['LANG']->sL('LLL:EXT:install/Resources/Private/Language/Report/locallang.xlf:status_installTool'), $value, $message, $severity);
+       }
+
+       /**
+        * Executes commands like removing the Install Tool enable file.
+        *
+        * @return void
+        */
+       protected function executeAdminCommand() {
+               $command = GeneralUtility::_GET('adminCmd');
+               switch ($command) {
+                       case 'remove_ENABLE_INSTALL_TOOL':
+                               EnableFileService::removeInstallToolEnableFile();
+                               break;
+                       default:
+                               // Do nothing
+               }
+       }
+
+}
index ea12d31..8243031 100644 (file)
                        <trans-unit id="status_newVersion" xml:space="preserve">
                                <source>There is a new version of TYPO3 available. You can update to version %s</source>
                        </trans-unit>
+                       <trans-unit id="status_installToolPassword" xml:space="preserve">
+                               <source>Install Tool Password</source>
+                       </trans-unit>
+                       <trans-unit id="status_installTool" xml:space="preserve">
+                               <source>Install Tool</source>
+                       </trans-unit>
+                       <trans-unit id="status_enabledPermanently" xml:space="preserve">
+                               <source>Enabled permanently</source>
+                       </trans-unit>
+                       <trans-unit id="status_enabledTemporarily" xml:space="preserve">
+                               <source>Enabled temporarily</source>
+                       </trans-unit>
+                       <trans-unit id="status_installEnabledTemporarily" xml:space="preserve">
+                               <source>The Install Tool is temporarily enabled. Delete the file "%s" when you have finished setting up TYPO3. If not used the Install Tool will be disabled automatically in %s minutes.</source>
+                       </trans-unit>
                </body>
        </file>
 </xliff>
index 5b69432..2d3adfa 100644 (file)
@@ -5,6 +5,7 @@ if (TYPO3_MODE === 'BE') {
        // Register report module additions
        $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['reports']['tx_reports']['status']['providers']['typo3'][] = \TYPO3\CMS\Install\Report\InstallStatusReport::class;
        $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['reports']['tx_reports']['status']['providers']['system'][] = \TYPO3\CMS\Install\Report\EnvironmentStatusReport::class;
+       $GLOBALS['TYPO3_CONF_VARS']['SC_OPTIONS']['reports']['tx_reports']['status']['providers']['security'][] = \TYPO3\CMS\Install\Report\SecurityStatusReport::class;
 
        // Register backend module
        \TYPO3\CMS\Extbase\Utility\ExtensionUtility::registerModule(
index fef52a3..515c2d7 100644 (file)
@@ -17,7 +17,6 @@ namespace TYPO3\CMS\Reports\Report\Status;
 use TYPO3\CMS\Backend\Utility\BackendUtility;
 use TYPO3\CMS\Core\Messaging\FlashMessage;
 use TYPO3\CMS\Core\Utility\GeneralUtility;
-use TYPO3\CMS\Install\Service\EnableFileService;
 use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
 
 /**
@@ -28,19 +27,16 @@ use TYPO3\CMS\Saltedpasswords\Utility\SaltedPasswordsUtility;
 class SecurityStatus implements \TYPO3\CMS\Reports\StatusProviderInterface {
 
        /**
-        * Determines the Install Tool's status, mainly concerning its protection.
+        * Determines the security of this TYPO3 installation
         *
-        * @return array List of statuses
+        * @return \TYPO3\CMS\Reports\Status[] List of statuses
         */
        public function getStatus() {
-               $this->executeAdminCommand();
                $statuses = array(
                        'adminUserAccount' => $this->getAdminAccountStatus(),
                        'encryptionKeyEmpty' => $this->getEncryptionKeyStatus(),
                        'fileDenyPattern' => $this->getFileDenyPatternStatus(),
                        'htaccessUpload' => $this->getHtaccessUploadStatus(),
-                       'installToolEnabled' => $this->getInstallToolProtectionStatus(),
-                       'installToolPassword' => $this->getInstallToolPasswordStatus(),
                        'saltedpasswords' => $this->getSaltedPasswordsStatus()
                );
                return $statuses;
@@ -164,51 +160,7 @@ class SecurityStatus implements \TYPO3\CMS\Reports\StatusProviderInterface {
        }
 
        /**
-        * Executes commands like removing the Install Tool enable file.
-        *
-        * @return void
-        */
-       protected function executeAdminCommand() {
-               $command = GeneralUtility::_GET('adminCmd');
-               switch ($command) {
-                       case 'remove_ENABLE_INSTALL_TOOL':
-                               EnableFileService::removeInstallToolEnableFile();
-                               break;
-                       default:
-                               // Do nothing
-               }
-       }
-
-       /**
-        * Checks whether the Install Tool password is set to its default value.
-        *
-        * @return \TYPO3\CMS\Reports\Status An object representing the security of the install tool password
-        */
-       protected function getInstallToolPasswordStatus() {
-               $value = $GLOBALS['LANG']->getLL('status_ok');
-               $message = '';
-               $severity = \TYPO3\CMS\Reports\Status::OK;
-               $validPassword = TRUE;
-               $installToolPassword = $GLOBALS['TYPO3_CONF_VARS']['BE']['installToolPassword'];
-               $saltFactory = \TYPO3\CMS\Saltedpasswords\Salt\SaltFactory::getSaltingInstance($installToolPassword);
-               if (is_object($saltFactory)) {
-                       $validPassword = !$saltFactory->checkPassword('joh316', $installToolPassword);
-               } elseif ($installToolPassword === md5('joh316')) {
-                       $validPassword = FALSE;
-               }
-               if (!$validPassword) {
-                       $value = $GLOBALS['LANG']->getLL('status_insecure');
-                       $severity = \TYPO3\CMS\Reports\Status::ERROR;
-                       $changeInstallToolPasswordUrl = BackendUtility::getModuleUrl('system_InstallInstall');
-                       $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.installtool_default_password'),
-                               '<a href="' . htmlspecialchars($changeInstallToolPasswordUrl) . '">', '</a>');
-               }
-               return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class,
-                       $GLOBALS['LANG']->getLL('status_installToolPassword'), $value, $message, $severity);
-       }
-
-       /**
-        * Checks whether the Install Tool password is set to its default value.
+        * Checks whether salted Passwords are configured or not.
         *
         * @return \TYPO3\CMS\Reports\Status An object representing the security of the saltedpassswords extension
         */
@@ -253,41 +205,4 @@ class SecurityStatus implements \TYPO3\CMS\Reports\StatusProviderInterface {
                        $GLOBALS['LANG']->getLL('status_saltedPasswords'), $value, $message, $severity);
        }
 
-       /**
-        * Checks for the existence of the ENABLE_INSTALL_TOOL file.
-        *
-        * @return \TYPO3\CMS\Reports\Status An object representing whether ENABLE_INSTALL_TOOL exists
-        */
-       protected function getInstallToolProtectionStatus() {
-               $enableInstallToolFile = PATH_site . EnableFileService::INSTALL_TOOL_ENABLE_FILE_PATH;
-               $value = $GLOBALS['LANG']->getLL('status_disabled');
-               $message = '';
-               $severity = \TYPO3\CMS\Reports\Status::OK;
-               if (EnableFileService::installToolEnableFileExists()) {
-                       if (EnableFileService::isInstallToolEnableFilePermanent()) {
-                               $severity = \TYPO3\CMS\Reports\Status::WARNING;
-                               $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
-                               $value = $GLOBALS['LANG']->getLL('status_enabledPermanently');
-                               $message = sprintf($GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled'),
-                                       '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>');
-                               $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
-                                       $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
-                       } else {
-                               if (EnableFileService::installToolEnableFileLifetimeExpired()) {
-                                       EnableFileService::removeInstallToolEnableFile();
-                               } else {
-                                       $severity = \TYPO3\CMS\Reports\Status::NOTICE;
-                                       $disableInstallToolUrl = GeneralUtility::getIndpEnv('TYPO3_REQUEST_URL') . '&adminCmd=remove_ENABLE_INSTALL_TOOL';
-                                       $value = $GLOBALS['LANG']->getLL('status_enabledTemporarily');
-                                       $message = sprintf($GLOBALS['LANG']->getLL('status_installEnabledTemporarily'),
-                                               '<span style="white-space: nowrap;">' . $enableInstallToolFile . '</span>', floor((@filemtime($enableInstallToolFile) + EnableFileService::INSTALL_TOOL_ENABLE_FILE_LIFETIME - time()) / 60));
-                                       $message .= ' <a href="' . htmlspecialchars($disableInstallToolUrl) . '">' .
-                                               $GLOBALS['LANG']->sL('LLL:EXT:lang/locallang_core.xlf:warning.install_enabled_cmd') . '</a>';
-                               }
-                       }
-               }
-               return GeneralUtility::makeInstance(\TYPO3\CMS\Reports\Status::class,
-                       $GLOBALS['LANG']->getLL('status_installTool'), $value, $message, $severity);
-       }
-
 }
\ No newline at end of file