Merge pull request #1205 from sbwalker/dev
Ensure Install Wizard will only be displayed if the Master database connection string in appsettings.json is not specified. This addresses a potential security issue where the Install Wizard could be displayed in an existing installation if the Master database connection failed during startup.
This commit is contained in:
Shaun Walker
GitHub
commit
c037614917
|
|
@ -1,31 +1,39 @@
|
|||
@inject IInstallationService InstallationService
|
||||
@inject IInstallationService InstallationService
|
||||
|
||||
@if (_initialized)
|
||||
{
|
||||
@if (!_installed)
|
||||
@if (!_installation.Success)
|
||||
{
|
||||
<Installer />
|
||||
}
|
||||
else
|
||||
{
|
||||
<CascadingAuthenticationState>
|
||||
<CascadingValue Value="@PageState">
|
||||
<SiteRouter OnStateChange="@ChangeState" />
|
||||
</CascadingValue>
|
||||
</CascadingAuthenticationState>
|
||||
@if (string.IsNullOrEmpty(_installation.Message))
|
||||
{
|
||||
<CascadingAuthenticationState>
|
||||
<CascadingValue Value="@PageState">
|
||||
<SiteRouter OnStateChange="@ChangeState" />
|
||||
</CascadingValue>
|
||||
</CascadingAuthenticationState>
|
||||
}
|
||||
else
|
||||
{
|
||||
<div class="app-alert">
|
||||
@_installation.Message
|
||||
</div>
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@code {
|
||||
private Installation _installation;
|
||||
private bool _initialized;
|
||||
private bool _installed;
|
||||
|
||||
private PageState PageState { get; set; }
|
||||
|
||||
protected override async Task OnParametersSetAsync()
|
||||
{
|
||||
var installation = await InstallationService.IsInstalled();
|
||||
_installed = installation.Success;
|
||||
_installation = await InstallationService.IsInstalled();
|
||||
_initialized = true;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ else
|
|||
<Row>
|
||||
<td><ActionLink Action="Edit" Parameters="@($"id=" + context.AliasId.ToString())" ResourceKey="EditSite" /></td>
|
||||
<td><ActionDialog Header="Delete Site" Message="@Localizer["Are You Sure You Wish To Delete The {0} Site?", context.Name]" Action="Delete" Security="SecurityAccessLevel.Admin" Class="btn btn-danger" OnClick="@(async () => await DeleteSite(context))" ResourceKey="DeleteSite" /></td>
|
||||
<td><a href="@(_scheme + context.Name)">@context.Name</a></td>
|
||||
<td><a href="@(_scheme + context.Name +"?reload")">@context.Name</a></td>
|
||||
</Row>
|
||||
</Pager>
|
||||
}
|
||||
|
|
|
|||
|
|
@ -55,8 +55,7 @@ namespace Oqtane.Controllers
|
|||
[HttpGet("installed")]
|
||||
public Installation IsInstalled()
|
||||
{
|
||||
bool isInstalled = _databaseManager.IsInstalled();
|
||||
return new Installation {Success = isInstalled, Message = string.Empty};
|
||||
return _databaseManager.IsInstalled();
|
||||
}
|
||||
|
||||
[HttpGet("upgrade")]
|
||||
|
|
|
|||
|
|
@ -33,27 +33,30 @@ namespace Oqtane.Infrastructure
|
|||
_cache = cache;
|
||||
}
|
||||
|
||||
public bool IsInstalled()
|
||||
public Installation IsInstalled()
|
||||
{
|
||||
var defaultConnectionString = NormalizeConnectionString(_config.GetConnectionString(SettingKeys.ConnectionStringKey));
|
||||
var result = !string.IsNullOrEmpty(defaultConnectionString);
|
||||
if (result)
|
||||
var result = new Installation { Success = false, Message = string.Empty };
|
||||
if (!string.IsNullOrEmpty(_config.GetConnectionString(SettingKeys.ConnectionStringKey)))
|
||||
{
|
||||
result.Success = true;
|
||||
using (var scope = _serviceScopeFactory.CreateScope())
|
||||
{
|
||||
var db = scope.ServiceProvider.GetRequiredService<MasterDBContext>();
|
||||
result = db.Database.CanConnect();
|
||||
if (result)
|
||||
if (db.Database.CanConnect())
|
||||
{
|
||||
try
|
||||
{
|
||||
result = db.Tenant.Any();
|
||||
var provisioned = db.Tenant.Any();
|
||||
}
|
||||
catch
|
||||
{
|
||||
result = false;
|
||||
result.Message = "Master Database Not Installed Correctly";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
result.Message = "Cannot Connect To Master Database";
|
||||
}
|
||||
}
|
||||
}
|
||||
return result;
|
||||
|
|
@ -74,7 +77,8 @@ namespace Oqtane.Infrastructure
|
|||
// startup or silent installation
|
||||
install = new InstallConfig { ConnectionString = _config.GetConnectionString(SettingKeys.ConnectionStringKey), TenantName = TenantNames.Master, IsNewTenant = false };
|
||||
|
||||
if (!IsInstalled())
|
||||
var installation = IsInstalled();
|
||||
if (!installation.Success)
|
||||
{
|
||||
install.Aliases = GetInstallationConfig(SettingKeys.DefaultAliasKey, string.Empty);
|
||||
install.HostPassword = GetInstallationConfig(SettingKeys.HostPasswordKey, string.Empty);
|
||||
|
|
@ -97,6 +101,14 @@ namespace Oqtane.Infrastructure
|
|||
install.ConnectionString = "";
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!string.IsNullOrEmpty(installation.Message))
|
||||
{
|
||||
// problem with prior installation
|
||||
install.ConnectionString = "";
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
using Oqtane.Models;
|
||||
using Oqtane.Models;
|
||||
using Oqtane.Shared;
|
||||
|
||||
namespace Oqtane.Infrastructure
|
||||
{
|
||||
public interface IDatabaseManager
|
||||
{
|
||||
bool IsInstalled();
|
||||
Installation IsInstalled();
|
||||
Installation Install();
|
||||
Installation Install(InstallConfig install);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,14 +25,12 @@ namespace Oqtane.Infrastructure
|
|||
|
||||
public void Upgrade(Tenant tenant, string version)
|
||||
{
|
||||
// core framework upgrade logic - note that you can check if current tenant is Master if you only want to execute logic once
|
||||
var pageTemplates = new List<PageTemplate>();
|
||||
|
||||
// core framework upgrade logic - note that you can check if current tenant is Master if you only want to execute the logic once
|
||||
switch (version)
|
||||
{
|
||||
case "0.9.0":
|
||||
// add a page to all existing sites on upgrade
|
||||
|
||||
// this code is commented out on purpose - it provides an example of how to programmatically add a page to all existing sites on upgrade
|
||||
var pageTemplates = new List<PageTemplate>();
|
||||
//pageTemplates.Add(new PageTemplate
|
||||
//{
|
||||
// Name = "Test",
|
||||
|
|
@ -68,7 +66,12 @@ namespace Oqtane.Infrastructure
|
|||
case "2.0.2":
|
||||
if (tenant.Name == TenantNames.Master)
|
||||
{
|
||||
Directory.Delete(Utilities.PathCombine(_environment.WebRootPath, "Modules", "Templates", "Internal", Path.DirectorySeparatorChar.ToString()), true);
|
||||
// remove Internal module template files as they are no longer supported
|
||||
var internalTemplatePath = Utilities.PathCombine(_environment.WebRootPath, "Modules", "Templates", "Internal", Path.DirectorySeparatorChar.ToString());
|
||||
if (Directory.Exists(internalTemplatePath))
|
||||
{
|
||||
Directory.Delete(internalTemplatePath, true);
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,9 @@
|
|||
|
||||
@if (Model.Message != "")
|
||||
{
|
||||
@Model.Message
|
||||
<div class="app-alert">
|
||||
@Model.Message
|
||||
</div>
|
||||
}
|
||||
|
||||
<script src="js/interop.js"></script>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
@import url('open-iconic/font/css/open-iconic-bootstrap.min.css');
|
||||
@import url('open-iconic/font/css/open-iconic-bootstrap.min.css');
|
||||
|
||||
html, body {
|
||||
font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif;
|
||||
|
|
@ -125,6 +125,13 @@ app {
|
|||
vertical-align: inherit;
|
||||
}
|
||||
|
||||
.app-alert {
|
||||
padding: 20px;
|
||||
background-color: #f44336; /* red */
|
||||
color: white;
|
||||
margin-bottom: 15px;
|
||||
}
|
||||
|
||||
/* Tooltips */
|
||||
.app-tooltip {
|
||||
cursor: help;
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user