Merge branch 'main' into testing6

Author: simonLeary42

CONTRIBUTING.md

@@ -51,4 +51,4 @@ The following users are available for testing:
 
 ### Changes to Dev Environment
 
-Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
+Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.

defaults/config.ini.default

@@ -75,6 +75,7 @@ title[] = "Test Medium Footer"
 [loginshell]  ; Login shells that show up as options in the account settings page
 shell[] = "/bin/bash"
 shell[] = "/bin/zsh"
+shell[] = "/bin/tcsh"
 
 [menuitems]  ; menu items, add a label and link for each
 labels[] = "Global Menuitem 1"

resources/lib/UnityGroup.php

@@ -198,44 +198,44 @@ public function denyGroup($operator = null, $send_mail = true)
         }
     }
 
-    /**
-     * This method will delete the group, either by admin action or PI action
-     */
-    public function removeGroup($send_mail = true)
-    {
-        // remove any pending requests
-        // this will silently fail if the request doesn't exist (which is what we want)
-        $this->SQL->removeRequests($this->pi_uid);
-
-        // we don't need to do anything extra if the group is already deleted
-        if (!$this->exists()) {
-            return;
-        }
-
-        // first, we must record the users in the group currently
-        $users = $this->getGroupMembers();
-
-        // now we delete the ldap entry
-        $ldapPiGroupEntry = $this->getLDAPPiGroup();
-        if ($ldapPiGroupEntry->exists()) {
-            $ldapPiGroupEntry->delete();
-            $this->REDIS->removeCacheArray("sorted_groups", "", $this->getPIUID());
-            foreach ($users as $user) {
-                $this->REDIS->removeCacheArray($user->getUID(), "groups", $this->getPIUID());
-            }
-        }
-
-        // send email to every user of the now deleted PI group
-        if ($send_mail) {
-            foreach ($users as $user) {
-                $this->MAILER->sendMail(
-                    $user->getMail(),
-                    "group_disband",
-                    array("group_name" => $this->pi_uid)
-                );
-            }
-        }
-    }
+    // /**
+    //  * This method will delete the group, either by admin action or PI action
+    //  */
+    // public function removeGroup($send_mail = true)
+    // {
+    //     // remove any pending requests
+    //     // this will silently fail if the request doesn't exist (which is what we want)
+    //     $this->SQL->removeRequests($this->pi_uid);
+
+    //     // we don't need to do anything extra if the group is already deleted
+    //     if (!$this->exists()) {
+    //         return;
+    //     }
+
+    //     // first, we must record the users in the group currently
+    //     $users = $this->getGroupMembers();
+
+    //     // now we delete the ldap entry
+    //     $ldapPiGroupEntry = $this->getLDAPPiGroup();
+    //     if ($ldapPiGroupEntry->exists()) {
+    //         $ldapPiGroupEntry->delete();
+    //         $this->REDIS->removeCacheArray("sorted_groups", "", $this->getPIUID());
+    //         foreach ($users as $user) {
+    //             $this->REDIS->removeCacheArray($user->getUID(), "groups", $this->getPIUID());
+    //         }
+    //     }
+
+    //     // send email to every user of the now deleted PI group
+    //     if ($send_mail) {
+    //         foreach ($users as $user) {
+    //             $this->MAILER->sendMail(
+    //                 $user->getMail(),
+    //                 "group_disband",
+    //                 array("group_name" => $this->pi_uid)
+    //             );
+    //         }
+    //     }
+    // }
 
     /**
      * This method is executed when a user is approved to join the group (either by admin or the group owner)

resources/lib/UnityUser.php

@@ -424,8 +424,16 @@ public function getSSHKeys($ignorecache = false)
      */
     public function setLoginShell($shell, $operator = null, $send_mail = true)
     {
-        // FIXME throw error if shell is not ascii
         // ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
+        if (!mb_check_encoding($shell, 'ASCII')) {
+            throw new Exception("non ascii characters are not allowed in a login shell!");
+        }
+        if ($shell != trim($shell)) {
+            throw new Exception("leading/trailing whitespace is not allowed in a login shell!");
+        }
+        if (empty($shell)) {
+            throw new Exception("login shell must not be empty!");
+        }
         $ldapUser = $this->getLDAPUser();
         if ($ldapUser->exists()) {
             $ldapUser->setAttribute("loginshell", $shell);

test/functional/LoginShellSetTest.php

@@ -26,31 +26,22 @@ public static function getShells()
         return [["/bin/bash"]] + array_map(function($x){return [$x];}, $HTTP_HEADER_TEST_INPUTS);
     }
 
-    #[DataProvider("getShells")]
-    public function testSetLoginShellCustom(string $shell): void
+    private function isShellValid(string $shell)
     {
-        global $USER;
-        // FIXME add check to avoid warning from ldap_modify
-        if (!mb_check_encoding($shell, 'ASCII')) {
-            $this->expectException("Exception");
-        }
-        // FIXME shell is not validated
-        post(
-            __DIR__ . "/../../webroot/panel/account.php",
-            ["form_type" => "loginshell", "shellSelect" => "custom", "shell" => $shell]
+        return (
+            (mb_check_encoding($shell, 'ASCII')) &&
+            ($shell == trim($shell)) &&
+            (!empty($shell))
         );
-        $this->assertEquals($shell, $USER->getLoginShell());
     }
 
     #[DataProvider("getShells")]
-    public function testSetLoginShellSelect(string $shell): void
+    public function testSetLoginShell(string $shell): void
     {
         global $USER;
-        // FIXME add check to avoid warning from ldap_modify
-        if (!mb_check_encoding($shell, 'ASCII')) {
-            $this->expectException(RuntimeException::class);
+        if (!$this->isShellValid($shell)) {
+            $this->expectException("Exception");
         }
-        // FIXME shell is not validated
         post(
             __DIR__ . "/../../webroot/panel/account.php",
             ["form_type" => "loginshell", "shellSelect" => $shell]

webroot/admin/pi-mgmt.php

@@ -26,11 +26,6 @@
                 $group->denyGroup($OPERATOR);
             }
 
-            break;
-        case "remGroup":
-            $remGroup = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
-            $remGroup->removeGroup();
-
             break;
         case "reqChild":
             $parent_group = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $REDIS, $WEBHOOK);
@@ -128,15 +123,6 @@
         " " . $pi_user->getLastname() . "</td>";
         echo "<td>" . $pi_group->getPIUID() . "</td>";
         echo "<td><a href='mailto:" . $pi_user->getMail() . "'>" . $pi_user->getMail() . "</a></td>";
-        echo "<td>";
-        echo
-        "<form action='' method='POST'
-    onsubmit='return confirm(\"Are you sure you want to remove " . $pi_group->getPIUID() . "?\")'>
-        <input type='hidden' name='form_name' value='remGroup'>
-        <input type='hidden' name='pi' value='" . $pi_group->getPIUID() . "'>
-        <input type='submit' value='Remove'>
-    </form>";
-        echo "</td>";
         echo "</tr>";
     }
     ?>

webroot/css/global.css

@@ -28,6 +28,12 @@ code {
     line-height: 22pt;
 }
 
+.code {
+    background: var(--light_panel_background);
+    line-height: 22pt;
+    font-family: monospace
+}
+
 a {
     color: var(--accent);
     text-decoration: none;
@@ -98,14 +104,16 @@ p {
     transform: translateY(-50%);
 }
 
-button.plusBtn {
+button.plusBtn span{
     font-size: 24pt;
-    display: block;
+    font-family: monospace;
+}
+
+button.plusBtn{
     width: 100%;
     max-width: 200px;
     padding: 0;
     overflow: hidden;
-    margin-top: 10px;
 }
 
 /* Form Elements */
@@ -184,8 +192,7 @@ input[type=radio] {
 select {
     border: 1px solid var(--light_borders);
     background: white;
-    padding: 5px;
-    width: 100%;
+    padding: 5px 10px 5px 20px;
     max-width: 300px;
     border-radius: 5px;
 }
@@ -335,4 +342,4 @@ div.searchWrapper>* {
 
 div.searchWrapper>*:hover {
     background: var(--light_panel_background);
-}
+}

webroot/css/tables.css

@@ -16,7 +16,7 @@ table.longTable tr:not(:last-child) {
 
 table tr,
 table td {
-    padding: 8px 20px 8px 4px;
+    padding: 0 20px 0 4px;
     overflow: hidden;
     white-space: nowrap;
 }
@@ -139,4 +139,4 @@ tr.key>td:first-child {
 tr.key>td:last-child {
     border-top-right-radius: 10px;
     border-bottom-right-radius: 10px;
-}
+}

webroot/js/ajax/ssh_validate.php

@@ -1,5 +1,6 @@
 <?php
 
 require_once __DIR__ . "/../../../resources/lib/UnitySite.php";
+require_once __DIR__ . "/../../../vendor/autoload.php";
 
 echo UnityWebPortal\lib\UnitySite::testValidSSHKey($_POST["key"]) ? "true" : "false";