Skip to content

Commit d9d5b4d

Browse files
authored
Remove custom shell (#203)
* add check for special characters in login shell * display invalid reason in <p> like the rest of the page * remove comment * update unityuser to do same checks on login shell as frontend does * update CONTRIBUTING.md * add check for empty shell * update tests * update CONTRIBUTING.md * remove custom login shell * remove note from contrib * update test
1 parent 4c14eef commit d9d5b4d

File tree

5 files changed

+26
-49
lines changed

5 files changed

+26
-49
lines changed

CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -51,4 +51,4 @@ The following users are available for testing:
5151

5252
### Changes to Dev Environment
5353

54-
Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.
54+
Should the default schema of the web portal change, the `ldap/bootstrap.ldif` and `sql/bootstrap.sql` must be updated for the LDAP server and the MySQL server, respectively.

defaults/config.ini.default

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,6 +75,7 @@ title[] = "Test Medium Footer"
7575
[loginshell] ; Login shells that show up as options in the account settings page
7676
shell[] = "/bin/bash"
7777
shell[] = "/bin/zsh"
78+
shell[] = "/bin/tcsh"
7879

7980
[menuitems] ; menu items, add a label and link for each
8081
labels[] = "Global Menuitem 1"

resources/lib/UnityUser.php

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -446,8 +446,16 @@ public function getSSHKeys($ignorecache = false)
446446
*/
447447
public function setLoginShell($shell, $operator = null, $send_mail = true)
448448
{
449-
// FIXME throw error if shell is not ascii
450449
// ldap schema syntax is "IA5 String (1.3.6.1.4.1.1466.115.121.1.26)"
450+
if (!mb_check_encoding($shell, 'ASCII')) {
451+
throw new Exception("non ascii characters are not allowed in a login shell!");
452+
}
453+
if ($shell != trim($shell)) {
454+
throw new Exception("leading/trailing whitespace is not allowed in a login shell!");
455+
}
456+
if (empty($shell)) {
457+
throw new Exception("login shell must not be empty!");
458+
}
451459
$ldapUser = $this->getLDAPUser();
452460
if ($ldapUser->exists()) {
453461
$ldapUser->setAttribute("loginshell", $shell);

test/functional/LoginShellSetTest.php

Lines changed: 7 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -28,31 +28,22 @@ public static function getShells()
2828
// phpcs:enable
2929
}
3030

31-
#[DataProvider("getShells")]
32-
public function testSetLoginShellCustom(string $shell): void
31+
private function isShellValid(string $shell)
3332
{
34-
global $USER;
35-
// FIXME add check to avoid warning from ldap_modify
36-
if (!mb_check_encoding($shell, 'ASCII')) {
37-
$this->expectException("Exception");
38-
}
39-
// FIXME shell is not validated
40-
post(
41-
__DIR__ . "/../../webroot/panel/account.php",
42-
["form_type" => "loginshell", "shellSelect" => "Custom", "shell" => $shell]
33+
return (
34+
(mb_check_encoding($shell, 'ASCII')) &&
35+
($shell == trim($shell)) &&
36+
(!empty($shell))
4337
);
44-
$this->assertEquals($shell, $USER->getLoginShell());
4538
}
4639

4740
#[DataProvider("getShells")]
48-
public function testSetLoginShellSelect(string $shell): void
41+
public function testSetLoginShell(string $shell): void
4942
{
5043
global $USER;
51-
// FIXME add check to avoid warning from ldap_modify
52-
if (!mb_check_encoding($shell, 'ASCII')) {
44+
if (!$this->isShellValid($shell)) {
5345
$this->expectException("Exception");
5446
}
55-
// FIXME shell is not validated
5647
post(
5748
__DIR__ . "/../../webroot/panel/account.php",
5849
["form_type" => "loginshell", "shellSelect" => $shell]

webroot/panel/account.php

Lines changed: 8 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -69,11 +69,7 @@
6969
$USER->setSSHKeys($keys, $OPERATOR); // Update user keys
7070
break;
7171
case "loginshell":
72-
if ($_POST["shellSelect"] == "Custom") {
73-
$USER->setLoginShell($_POST["shell"], $OPERATOR);
74-
} else {
75-
$USER->setLoginShell($_POST["shellSelect"], $OPERATOR);
76-
}
72+
$USER->setLoginShell($_POST["shellSelect"], $OPERATOR);
7773
break;
7874
case "pi_request":
7975
if (!$USER->isPI()) {
@@ -210,21 +206,11 @@
210206
foreach ($CONFIG["loginshell"]["shell"] as $shell) {
211207
echo "<option>$shell</option>";
212208
}
213-
echo "<option id='customLoginSelectorOption'>Custom</option>";
214209
?>
215210
</select>
216-
<?php
217-
echo "
218-
<input
219-
id='customLoginBox'
220-
type='text'
221-
placeholder='Enter login shell path (ie. /bin/bash)'
222-
name='shell'
223-
/>
224-
";
225-
?>
226211
<br>
227212
<input id='submitLoginShell' type='submit' value='Set Login Shell' />
213+
<label id='labelSubmitLoginShell'> <!-- value set by JS --> </label>
228214
</form>
229215
<hr>
230216

@@ -257,7 +243,6 @@
257243

258244
<hr>
259245

260-
261246
<script>
262247
const sitePrefix = '<?php echo $CONFIG["site"]["prefix"]; ?>';
263248
const ldapLoginShell = '<?php echo $USER->getLoginShell(); ?>';
@@ -266,29 +251,21 @@
266251
openModal("Add New Key", `${sitePrefix}/panel/modal/new_key.php`);
267252
});
268253

269-
var defaultShellSelected = false;
270254
$("#loginSelector option").each(function(i, e) {
271255
if ($(this).val() == ldapLoginShell) {
272256
$(this).prop("selected", true);
273-
defaultShellSelected = true;
274257
}
275258
});
276-
if (!defaultShellSelected) {
277-
$("#customLoginBox").val(ldapLoginShell);
278-
$("#customLoginSelectorOption").prop("selected", true);
279-
}
280259

281-
function showOrHideCustomLoginBox() {
282-
var customBox = $("#customLoginBox");
283-
if($("#loginSelector").val() == "Custom") {
284-
customBox.show();
260+
function enableOrDisableSubmitLoginShell() {
261+
if ($("#loginSelector").val() == ldapLoginShell) {
262+
$("#submitLoginShell").prop("disabled", true);
285263
} else {
286-
customBox.hide();
264+
$("#submitLoginShell").prop("disabled", false);
287265
}
288266
}
289-
$("#loginSelector").change(showOrHideCustomLoginBox);
290-
showOrHideCustomLoginBox();
291-
267+
$("#loginSelector").change(enableOrDisableSubmitLoginShell);
268+
enableOrDisableSubmitLoginShell()
292269
</script>
293270

294271
<style>

0 commit comments

Comments
 (0)