mirror of
https://github.com/nuxsmin/sysPass.git
synced 2026-02-27 21:24:06 +01:00
325 lines
11 KiB
PHP
325 lines
11 KiB
PHP
<?php
|
|
/*
|
|
* sysPass
|
|
*
|
|
* @author nuxsmin
|
|
* @link https://syspass.org
|
|
* @copyright 2012-2021, Rubén Domínguez nuxsmin@$syspass.org
|
|
*
|
|
* This file is part of sysPass.
|
|
*
|
|
* sysPass is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation, either version 3 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* sysPass is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with sysPass. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
namespace SP\Modules\Cli\Commands\Crypt;
|
|
|
|
use Exception;
|
|
use Psr\Log\LoggerInterface;
|
|
use RuntimeException;
|
|
use SP\Config\Config;
|
|
use SP\Modules\Cli\Commands\CommandBase;
|
|
use SP\Modules\Cli\Commands\Validators;
|
|
use SP\Services\Account\AccountService;
|
|
use SP\Services\Config\ConfigService;
|
|
use SP\Services\Crypt\MasterPassService;
|
|
use SP\Services\Crypt\UpdateMasterPassRequest;
|
|
use SP\Util\Util;
|
|
use Symfony\Component\Console\Command\LockableTrait;
|
|
use Symfony\Component\Console\Input\InputInterface;
|
|
use Symfony\Component\Console\Input\InputOption;
|
|
use Symfony\Component\Console\Output\OutputInterface;
|
|
use Symfony\Component\Console\Style\StyleInterface;
|
|
use Symfony\Component\Console\Style\SymfonyStyle;
|
|
|
|
/**
|
|
* Class CryptCommand
|
|
*
|
|
* @package SP\Modules\Cli\Commands\Crypt
|
|
*/
|
|
final class UpdateMasterPasswordCommand extends CommandBase
|
|
{
|
|
use LockableTrait;
|
|
|
|
/**
|
|
* @var string[]
|
|
*/
|
|
public static array $envVarsMapping = [
|
|
'currentMasterPassword' => 'CURRENT_MASTER_PASSWORD',
|
|
'masterPassword' => 'MASTER_PASSWORD',
|
|
'update' => 'UPDATE',
|
|
];
|
|
/**
|
|
* @var string
|
|
*/
|
|
protected static $defaultName = 'sp:crypt:update-master-password';
|
|
/**
|
|
* @var MasterPassService
|
|
*/
|
|
private MasterPassService $masterPassService;
|
|
/**
|
|
* @var ConfigService
|
|
*/
|
|
private ConfigService $configService;
|
|
/**
|
|
* @var \SP\Services\Account\AccountService
|
|
*/
|
|
private AccountService $accountService;
|
|
|
|
/**
|
|
* @param \SP\Services\Crypt\MasterPassService $masterPassService
|
|
* @param \SP\Services\Account\AccountService $accountService
|
|
* @param \SP\Services\Config\ConfigService $configService
|
|
* @param \Psr\Log\LoggerInterface $logger
|
|
* @param \SP\Config\Config $config
|
|
*/
|
|
public function __construct(MasterPassService $masterPassService,
|
|
AccountService $accountService,
|
|
ConfigService $configService,
|
|
LoggerInterface $logger,
|
|
Config $config)
|
|
{
|
|
$this->masterPassService = $masterPassService;
|
|
$this->accountService = $accountService;
|
|
$this->configService = $configService;
|
|
|
|
parent::__construct($logger, $config);
|
|
}
|
|
|
|
protected function configure(): void
|
|
{
|
|
$this->setDescription(__('Update sysPass master password'))
|
|
->setHelp(__('This command updates sysPass master password for all the encrypted data'))
|
|
->addOption('masterPassword',
|
|
null,
|
|
InputOption::VALUE_REQUIRED,
|
|
__('The new master password to encrypt the data'))
|
|
->addOption('currentMasterPassword',
|
|
null,
|
|
InputOption::VALUE_REQUIRED,
|
|
__('The current master password'))
|
|
->addOption('update',
|
|
null,
|
|
InputOption::VALUE_NONE,
|
|
__('Skip asking to confirm the update'));
|
|
}
|
|
|
|
/**
|
|
* @param InputInterface $input
|
|
* @param OutputInterface $output
|
|
*
|
|
* @return int
|
|
*/
|
|
protected function execute(InputInterface $input, OutputInterface $output): int
|
|
{
|
|
$style = new SymfonyStyle($input, $output);
|
|
|
|
if (!$this->lock()) {
|
|
$style->warning(__('The command is already running in another process'));
|
|
|
|
return self::SUCCESS;
|
|
}
|
|
|
|
try {
|
|
$this->checkInstalled();
|
|
$this->checkMaintenance();
|
|
|
|
$masterPassword = $this->getMasterPassword($input, $style);
|
|
$currentMasterPassword = $this->getCurrentMasterPassword($input, $style);
|
|
|
|
if ($masterPassword === $currentMasterPassword) {
|
|
$this->logger->debug(__u('Passwords are the same'));
|
|
$style->info(__('Passwords are the same'));
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
$this->checkMasterPassword($currentMasterPassword);
|
|
|
|
$request = new UpdateMasterPassRequest(
|
|
$currentMasterPassword,
|
|
$masterPassword,
|
|
$this->configService->getByParam(MasterPassService::PARAM_MASTER_PASS_HASH)
|
|
);
|
|
|
|
if (!$this->getUpdate($input, $style)) {
|
|
$this->logger->debug(__u('Master password update aborted'));
|
|
$style->info(__('Master password update aborted'));
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
$style->warning(__('You should save the new password on a secure place'));
|
|
$style->warning(__('All accounts passwords will be encrypted again.'));
|
|
$style->warning(__('Users will need to enter the new Master Password.'));
|
|
$style->warning(printf(
|
|
__('It will be updated %s accounts. This process could take some time long.'),
|
|
$this->accountService->getTotalNumAccounts()
|
|
));
|
|
$style->newLine();
|
|
$style->caution(__('This is a critical process, please do not cancel/close this CLI'));
|
|
|
|
$style->ask(__('Please, press any key to continue'));
|
|
|
|
$this->masterPassService->changeMasterPassword($request);
|
|
|
|
$this->logger->info(__u('Master password updated'));
|
|
|
|
$style->success(__('Master password updated'));
|
|
$style->info(__('Please, restart any browser session to update it'));
|
|
|
|
return self::SUCCESS;
|
|
} catch (Exception $e) {
|
|
$this->logger->error($e->getTraceAsString());
|
|
$this->logger->error($e->getMessage());
|
|
|
|
$style->error(__($e->getMessage()));
|
|
} finally {
|
|
$this->release();
|
|
}
|
|
|
|
return self::FAILURE;
|
|
}
|
|
|
|
private function checkInstalled(): void
|
|
{
|
|
if (!defined('TEST_ROOT')
|
|
&& !$this->configData->isInstalled()) {
|
|
throw new RuntimeException(__u('sysPass is not installed'));
|
|
}
|
|
}
|
|
|
|
private function checkMaintenance(): void
|
|
{
|
|
if (!defined('TEST_ROOT')
|
|
&& !$this->configData->isMaintenance()) {
|
|
throw new RuntimeException(__u('Maintenance mode not enabled'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param InputInterface $input
|
|
* @param StyleInterface $style
|
|
*
|
|
* @return array|false|mixed|string
|
|
*/
|
|
private function getMasterPassword(
|
|
InputInterface $input,
|
|
StyleInterface $style
|
|
)
|
|
{
|
|
$password = self::getEnvVarOrOption('masterPassword', $input);
|
|
|
|
if (empty($password)) {
|
|
$this->logger->debug(__u('Ask for master password'));
|
|
|
|
$password = $style->askHidden(
|
|
__('Please provide the new master password'),
|
|
fn($value) => Validators::valueNotEmpty(
|
|
$value,
|
|
sprintf(__u('%s cannot be blank'), 'Master password')
|
|
)
|
|
);
|
|
$passwordRepeat = $style->askHidden(
|
|
__('Please provide the new master password again'),
|
|
fn($value) => Validators::valueNotEmpty(
|
|
$value,
|
|
sprintf(__u('%s cannot be blank'), 'Master password')
|
|
)
|
|
);
|
|
|
|
if ($password !== $passwordRepeat) {
|
|
throw new RuntimeException(__u('Passwords do not match'));
|
|
} elseif (null === $password || null === $passwordRepeat) {
|
|
throw new RuntimeException(sprintf(__u('%s cannot be blank'), 'Master password'));
|
|
}
|
|
}
|
|
|
|
return $password;
|
|
}
|
|
|
|
/**
|
|
* @param InputInterface $input
|
|
* @param StyleInterface $style
|
|
*
|
|
* @return array|false|mixed|string
|
|
*/
|
|
private function getCurrentMasterPassword(
|
|
InputInterface $input,
|
|
StyleInterface $style
|
|
)
|
|
{
|
|
$password = self::getEnvVarOrOption('currentMasterPassword', $input);
|
|
|
|
if (empty($password)) {
|
|
$this->logger->debug(__u('Ask for current master password'));
|
|
|
|
$password = $style->askHidden(
|
|
__('Please provide the current master password'),
|
|
fn($value) => Validators::valueNotEmpty(
|
|
$value,
|
|
sprintf(__u('%s cannot be blank'), 'Master password')
|
|
)
|
|
);
|
|
$passwordRepeat = $style->askHidden(
|
|
__('Please provide the current master password again'),
|
|
fn($value) => Validators::valueNotEmpty(
|
|
$value,
|
|
sprintf(__u('%s cannot be blank'), 'Master password')
|
|
)
|
|
);
|
|
|
|
if ($password !== $passwordRepeat) {
|
|
throw new RuntimeException(__u('Passwords do not match'));
|
|
} elseif (null === $password || null === $passwordRepeat) {
|
|
throw new RuntimeException(sprintf(__u('%s cannot be blank'), 'Master password'));
|
|
}
|
|
}
|
|
|
|
return $password;
|
|
}
|
|
|
|
/**
|
|
* @throws \SP\Services\ServiceException
|
|
* @throws \SP\Repositories\NoSuchItemException
|
|
*/
|
|
private function checkMasterPassword(string $password): void
|
|
{
|
|
if (!$this->masterPassService->checkMasterPassword($password)) {
|
|
throw new RuntimeException(__u('The current master password does not match'));
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @param InputInterface $input
|
|
* @param StyleInterface $style
|
|
*
|
|
* @return bool
|
|
*/
|
|
private function getUpdate(InputInterface $input, StyleInterface $style): bool
|
|
{
|
|
$option = 'update';
|
|
|
|
$envUpdate = self::getEnvVarForOption($option);
|
|
|
|
$value = $envUpdate !== false
|
|
? Util::boolval($envUpdate)
|
|
: $input->getOption($option);
|
|
|
|
if ($value === false) {
|
|
return $style->confirm(__('Update master password? (This process cannot be undone)'), false);
|
|
}
|
|
|
|
return true;
|
|
}
|
|
} |