Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Ensure Install Wizard will only be displayed if the Master database connection string in appsettings.json is not specified. This addresses a potential security issue where the Install Wizard could be displayed in an existing installation if the Master database connection failed during startup.

Browse Source
This commit is contained in:
Shaun Walker
2021-03-30 17:48:49 -04:00
parent 5cd1d3a7af
commit 09c040128a
8 changed files with 63 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
Oqtane.Server/Infrastructure/DatabaseManager.cs
View File

@ -33,27 +33,30 @@ namespace Oqtane.Infrastructure
_cache = cache;
}
public bool IsInstalled()
public Installation IsInstalled()
{
var defaultConnectionString = NormalizeConnectionString(_config.GetConnectionString(SettingKeys.ConnectionStringKey));
var result = !string.IsNullOrEmpty(defaultConnectionString);
if (result)
var result = new Installation { Success = false, Message = string.Empty };
if (!string.IsNullOrEmpty(_config.GetConnectionString(SettingKeys.ConnectionStringKey)))
{
result.Success = true;
using (var scope = _serviceScopeFactory.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService<MasterDBContext>();
result = db.Database.CanConnect();
if (result)
if (db.Database.CanConnect())
{
try
{
result = db.Tenant.Any();
var provisioned = db.Tenant.Any();
}
catch
{
result = false;
result.Message = "Master Database Not Installed Correctly";
}
}
else
{
result.Message = "Cannot Connect To Master Database";
}
}
}
return result;
@ -74,7 +77,8 @@ namespace Oqtane.Infrastructure
// startup or silent installation
install = new InstallConfig { ConnectionString = _config.GetConnectionString(SettingKeys.ConnectionStringKey), TenantName = TenantNames.Master, IsNewTenant = false };
if (!IsInstalled())
var installation = IsInstalled();
if (!installation.Success)
{
install.Aliases = GetInstallationConfig(SettingKeys.DefaultAliasKey, string.Empty);
install.HostPassword = GetInstallationConfig(SettingKeys.HostPasswordKey, string.Empty);
@ -97,6 +101,14 @@ namespace Oqtane.Infrastructure
install.ConnectionString = "";
}
}
else
{
if (!string.IsNullOrEmpty(installation.Message))
{
// problem with prior installation
install.ConnectionString = "";
}
}
}
else
{

4
Oqtane.Server/Infrastructure/Interfaces/IDatabaseManager.cs
View File

@ -1,11 +1,11 @@
using Oqtane.Models;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Infrastructure
{
public interface IDatabaseManager
{
bool IsInstalled();
Installation IsInstalled();
Installation Install();
Installation Install(InstallConfig install);
}

15
Oqtane.Server/Infrastructure/UpgradeManager.cs
View File

@ -25,14 +25,12 @@ namespace Oqtane.Infrastructure
public void Upgrade(Tenant tenant, string version)
{
// core framework upgrade logic - note that you can check if current tenant is Master if you only want to execute logic once
var pageTemplates = new List<PageTemplate>();
// core framework upgrade logic - note that you can check if current tenant is Master if you only want to execute the logic once
switch (version)
{
case "0.9.0":
// add a page to all existing sites on upgrade
// this code is commented out on purpose - it provides an example of how to programmatically add a page to all existing sites on upgrade
var pageTemplates = new List<PageTemplate>();
//pageTemplates.Add(new PageTemplate
//{
// Name = "Test",
@ -68,7 +66,12 @@ namespace Oqtane.Infrastructure
case "2.0.2":
if (tenant.Name == TenantNames.Master)
{
Directory.Delete(Utilities.PathCombine(_environment.WebRootPath, "Modules", "Templates", "Internal", Path.DirectorySeparatorChar.ToString()), true);
// remove Internal module template files as they are no longer supported
var internalTemplatePath = Utilities.PathCombine(_environment.WebRootPath, "Modules", "Templates", "Internal", Path.DirectorySeparatorChar.ToString());
if (Directory.Exists(internalTemplatePath))
{
Directory.Delete(internalTemplatePath, true);
}
}
break;
}