Ensure Install Wizard will only be displayed if the Master database connection string in appsettings.json is not specified. This addresses a potential security issue where the Install Wizard could be displayed in an existing installation if the Master database connection failed during startup.

2021-03-30 17:48:49 -04:00
parent 5cd1d3a7af
commit 09c040128a
8 changed files with 63 additions and 32 deletions
--- a/Oqtane.Server/Infrastructure/DatabaseManager.cs
+++ b/Oqtane.Server/Infrastructure/DatabaseManager.cs
@ -33,27 +33,30 @@ namespace Oqtane.Infrastructure
            _cache = cache;
        }

-        public bool IsInstalled()
+        public Installation IsInstalled()
        {
-            var defaultConnectionString = NormalizeConnectionString(_config.GetConnectionString(SettingKeys.ConnectionStringKey));
-            var result = !string.IsNullOrEmpty(defaultConnectionString);
-            if (result)
+            var result = new Installation { Success = false, Message = string.Empty };
+            if (!string.IsNullOrEmpty(_config.GetConnectionString(SettingKeys.ConnectionStringKey)))
            {
+                result.Success = true;
                using (var scope = _serviceScopeFactory.CreateScope())
                {
                    var db = scope.ServiceProvider.GetRequiredService<MasterDBContext>();
-                    result = db.Database.CanConnect();
-                    if (result)
+                    if (db.Database.CanConnect())
                    {
                        try
                        {
-                            result = db.Tenant.Any();
+                            var provisioned = db.Tenant.Any();
                        }
                        catch
                        {
-                            result = false;
+                            result.Message = "Master Database Not Installed Correctly";
                        }
                    }
+                    else
+                    {
+                        result.Message = "Cannot Connect To Master Database";
+                    }
                }
            }
            return result;
@ -74,7 +77,8 @@ namespace Oqtane.Infrastructure
                // startup or silent installation
                install = new InstallConfig { ConnectionString = _config.GetConnectionString(SettingKeys.ConnectionStringKey), TenantName = TenantNames.Master, IsNewTenant = false };

-                if (!IsInstalled())
+                var installation = IsInstalled();
+                if (!installation.Success)
                {
                    install.Aliases = GetInstallationConfig(SettingKeys.DefaultAliasKey, string.Empty);
                    install.HostPassword = GetInstallationConfig(SettingKeys.HostPasswordKey, string.Empty);
@ -97,6 +101,14 @@ namespace Oqtane.Infrastructure
                        install.ConnectionString = "";
                    }
                }
+                else
+                {
+                    if (!string.IsNullOrEmpty(installation.Message))
+                    {
+                        // problem with prior installation
+                        install.ConnectionString = "";
+                    }
+                }
            }
            else
            {