issue#99 database password in config.php

Author: mlojewski-me

CHANGELOG.md

@@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - Support for Nextcloud 19
 - Argon2id support
+- System wide values option
 
 ## [4.4.1] - 2020-02-02
 ### Fixed

README.md

@@ -40,19 +40,20 @@ Name | Description | Details
 **Database** | The name of the database. | Mandatory.
 **Username** | The name of the user for the connection. | Optional.
 **Password** | The password of the user for the connection. | Optional.
+**System wide values** | Place where database connection parameters are stored.<br/>- *true* - config.php (System wide values).<br/>- *false* - database (App values). | Optional.<br/>Default: *false*.
 
 #### Options
 
 Here are all currently supported options.
 
 Name | Description | Details
 --- | --- | ---
-**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: false.<br/>Requires: user *Display name* column.
-**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: false.
-**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.<br/>Default: false.
-**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: false.
-**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: false.
-**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: false.
+**Allow display name change** | With this option enabled user can change its display name. The display name change is propagated to the database. | Optional.<br/>Default: *false*.<br/>Requires: user *Display name* column.
+**Allow password change** | Can user change its password. The password change is propagated to the database. See [Hash algorithms](#hash-algorithms). | Optional.<br/>Default: *false*.
+**Allow providing avatar** | Can user provide its avatar. The value is used when column *Provide avatar* is not set. | Optional.<br/>Default: *false*.
+**Case-insensitive username** | Whether user query should be case-sensitive or case-insensitive. | Optional.<br/>Default: *false*.
+**Reverse active column** | Reverse value of active column in user table. | Optional.<br/>Default: *false*.
+**Use cache** | Use database query results cache. The cache can be cleared any time with the *Clear cache* button click. | Optional.<br/>Default: *false*.
 **Hash algorithm** | How users passwords are stored in the database. See [Hash algorithms](#hash-algorithms). | Mandatory.
 **Name sync** | Sync display name with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the display name to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the display name to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the display name to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Display name* column.
 **Email sync** | Sync e-mail address with the Nextcloud.<br/>- *None* - Disables this feature. This is the default option.<br/>- *Synchronise only once* - Copy the e-mail address to the Nextcloud preferences if its not set.<br/>- *Nextcloud always wins* - Always copy the e-mail address to the database. This updates the user table.<br/>- *SQL always wins* - Always copy the e-mail address to the Nextcloud preferences. | Optional.<br/>Default: *None*.<br/>Requires: user *Email* column.
@@ -74,11 +75,11 @@ Name | Description | Details
 **Password** | Password hash column. | Mandatory for user backend.
 **Display name** | Display name column. | Optional.
 **Active** | Flag indicating if user can log in. | Optional.<br/>Default: true.
-**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.<br/>Default: false.
-**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: false.
+**Disabled** | Flag indicating if user should not be visible (not included in searches). | Optional.<br/>Default: *false*.
+**Provide avatar** | Flag indicating if user can change its avatar. | Optional.<br/>Default: *false*.
 **Salt** | Salt which is appended to password when checking or changing the password. | Optional.
-**Append salt** | Append a salt to the password. | Optional.<br/>Default: false.
-**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: false.
+**Append salt** | Append a salt to the password. | Optional.<br/>Default: *false*.
+**Prepend salt** | Prepend a salt to the password. | Optional.<br/>Default: *false*.
 
 #### Group table
 

lib/Constant/Opt.php

@@ -2,7 +2,7 @@
 /**
  * Nextcloud - user_sql
  *
- * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
  * @author    Marcin Łojewski <dev@mlojewski.me>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -44,5 +44,6 @@ final class Opt
     const PROVIDE_AVATAR = "opt.provide_avatar";
     const QUOTA_SYNC = "opt.quota_sync";
     const REVERSE_ACTIVE = "opt.reverse_active";
+    const SAFE_STORE = "opt.safe_store";
     const USE_CACHE = "opt.use_cache";
 }

lib/Controller/SettingsController.php

@@ -2,7 +2,7 @@
 /**
  * Nextcloud - user_sql
  *
- * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
  * @author    Marcin Łojewski <dev@mlojewski.me>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -28,6 +28,7 @@
 use OC\DB\ConnectionFactory;
 use OCA\UserSQL\Cache;
 use OCA\UserSQL\Constant\App;
+use OCA\UserSQL\Constant\DB;
 use OCA\UserSQL\Constant\Opt;
 use OCA\UserSQL\Crypto\IPasswordAlgorithm;
 use OCA\UserSQL\Platform\PlatformFactory;
@@ -208,6 +209,15 @@ public function saveProperties()
             ];
         }
 
+        $safeStore = $this->request->getParam(str_replace(".", "-", Opt::SAFE_STORE), App::FALSE_VALUE);
+        if ($safeStore !== $this->properties[Opt::SAFE_STORE]) {
+            unset($this->properties[DB::HOSTNAME]);
+            unset($this->properties[DB::PASSWORD]);
+            unset($this->properties[DB::USERNAME]);
+            unset($this->properties[DB::DATABASE]);
+            $this->properties[Opt::SAFE_STORE] = $safeStore;
+        }
+
         foreach ($properties as $key => $value) {
             $reqValue = $this->request->getParam(str_replace(".", "-", $key));
             $appValue = $this->properties[$key];

lib/Properties.php

@@ -2,7 +2,7 @@
 /**
  * Nextcloud - user_sql
  *
- * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
  * @author    Marcin Łojewski <dev@mlojewski.me>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -59,6 +59,10 @@ class Properties implements \ArrayAccess
      * @var array The properties array.
      */
     private $data;
+    /**
+     * @var boolean Store confidential data in file.
+     */
+    private $safeStore;
 
     /**
      * The default constructor.
@@ -95,9 +99,15 @@ private function loadProperties()
 
         $params = $this->getParameterArray();
         $this->data = [];
+        $this->safeStore
+            = $this->config->getAppValue($this->appName, Opt::SAFE_STORE, App::FALSE_VALUE) === App::TRUE_VALUE;
 
         foreach ($params as $param) {
-            $value = $this->config->getAppValue($this->appName, $param, null);
+            if ($this->isSystemValue($param)) {
+                $value = $this->config->getSystemValue("user_sql." . $param, null);
+            } else {
+                $value = $this->config->getAppValue($this->appName, $param, null);
+            }
 
             if ($this->isBooleanParam($param)) {
                 if ($value === App::FALSE_VALUE) {
@@ -143,6 +153,16 @@ private function getParameterArray()
         return $params;
     }
 
+    /**
+     * @param $param string Parameter name.
+     *
+     * @return bool TRUE if this is a system wide parameter FALSE otherwise.
+     */
+    private function isSystemValue($param)
+    {
+        return $this->safeStore && in_array($param, array(DB::HOSTNAME, DB::PASSWORD, DB::USERNAME, DB::DATABASE));
+    }
+
     /**
      * Is given parameter a boolean parameter.
      *
@@ -156,7 +176,8 @@ private function isBooleanParam($param)
             $param, [
                 Opt::APPEND_SALT, Opt::CASE_INSENSITIVE_USERNAME,
                 Opt::NAME_CHANGE, Opt::PASSWORD_CHANGE, Opt::PREPEND_SALT,
-                Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::USE_CACHE
+                Opt::PROVIDE_AVATAR, Opt::REVERSE_ACTIVE, Opt::SAFE_STORE,
+                Opt::USE_CACHE
             ]
         );
     }
@@ -204,7 +225,15 @@ public function offsetGet($offset)
      */
     public function offsetSet($offset, $value)
     {
-        $this->config->setAppValue($this->appName, $offset, $value);
+        if ($offset == Opt::SAFE_STORE) {
+            $this->safeStore = ($value === App::TRUE_VALUE);
+        }
+
+        if ($this->isSystemValue($offset)) {
+            $this->config->setSystemValue("user_sql." . $offset, $value);
+        } else {
+            $this->config->setAppValue($this->appName, $offset, $value);
+        }
 
         if ($this->isBooleanParam($offset)) {
             if ($value === App::FALSE_VALUE) {
@@ -228,7 +257,15 @@ public function offsetSet($offset, $value)
      */
     public function offsetUnset($offset)
     {
-        $this->config->deleteAppValue($this->appName, $offset);
+        if ($offset == Opt::SAFE_STORE) {
+            $this->safeStore = App::FALSE_VALUE;
+        }
+
+        if ($this->isSystemValue($offset)) {
+            $this->config->deleteSystemValue("user_sql." . $offset);
+        } else {
+            $this->config->deleteAppValue($this->appName, $offset);
+        }
         unset($this->data[$offset]);
     }
 }

templates/admin.php

@@ -2,7 +2,7 @@
 /**
  * Nextcloud - user_sql
  *
- * @copyright 2018 Marcin Łojewski <dev@mlojewski.me>
+ * @copyright 2020 Marcin Łojewski <dev@mlojewski.me>
  * @author    Marcin Łojewski <dev@mlojewski.me>
  *
  * This program is free software: you can redistribute it and/or modify
@@ -98,7 +98,8 @@ function print_select_options(
                 print_text_input($l, "db-hostname", "Hostname", $_["db.hostname"]);
                 print_text_input($l, "db-database", "Database", $_["db.database"]);
                 print_text_input($l, "db-username", "Username", $_["db.username"]);
-                print_text_input($l, "db-password", "Password", $_["db.password"], "password"); ?>
+                print_text_input($l, "db-password", "Password", $_["db.password"], "password");
+                print_checkbox_input($l, "opt-safe_store", "System wide values", $_["opt.safe_store"]); ?>
                 <div class="button-right">
                     <input type="submit" id="user_sql-db_connection_verify" value="<?php p($l->t("Verify settings")); ?>">
                 </div>