NextCloudPlus Activation

From 925c6fe7e5ef094f61fb701a9aeb3d9618ac55b8 Mon Sep 17 00:00:00 2001 From: nachoparker Date: Thu, 29 Mar 2018 12:57:39 +0200 Subject: ncp-web: use random passwords for NC and ncp-web --- changelog.md | 4 +- etc/nextcloudpi-config.d/nc-admin.sh | 48 +++++++ etc/nextcloudpi-config.d/nc-nextcloud.sh | 1 - etc/nextcloudpi-config.d/nc-passwd.sh | 6 +- etc/nextcloudpi-config.d/nc-webui.sh | 7 +- ncp-web/activate/CSS.css | 233 +++++++++++++++++++++++++++++++ ncp-web/activate/JS.js | 113 +++++++++++++++ ncp-web/activate/index.php | 64 +++++++++ ncp-web/img/background.png | Bin 0 -> 125193 bytes ncp-web/img/clippy.svg | 55 ++++++++ ncp-web/img/loading-small.gif | Bin 0 -> 1772 bytes ncp-web/index.php | 9 +- ncp-web/loading-small.gif | Bin 1772 -> 0 bytes ncp-web/ncp-launcher.php | 2 +- ncp-web/ncp.js | 3 +- nextcloudpi.sh | 25 +++- update.sh | 24 ++++ 17 files changed, 584 insertions(+), 10 deletions(-) create mode 100644 etc/nextcloudpi-config.d/nc-admin.sh create mode 100644 ncp-web/activate/CSS.css create mode 100644 ncp-web/activate/JS.js create mode 100644 ncp-web/activate/index.php create mode 100644 ncp-web/img/background.png create mode 100644 ncp-web/img/clippy.svg create mode 100644 ncp-web/img/loading-small.gif delete mode 100644 ncp-web/loading-small.gif diff --git a/changelog.md b/changelog.md index eec5e558..ca29219d 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,9 @@ +[v0.53.7](https://github.com/nextcloud/nextcloudpi/commit/a574460) (2018-03-29) ncp-web: use random passwords for NC and ncp-web + [v0.53.6 ](https://github.com/nextcloud/nextcloudpi/commit/151160b) (2018-03-27) samba: dont force NAME_REGEX for username -[v0.53.5](https://github.com/nextcloud/nextcloudpi/commit/ae5ad77) (2018-03-20) NFS: check user and group existence +[v0.53.5 ](https://github.com/nextcloud/nextcloudpi/commit/ae5ad77) (2018-03-20) NFS: check user and group existence [v0.53.4 ](https://github.com/nextcloud/nextcloudpi/commit/5192766) (2018-03-18) nc-ramlogs: fix enabled by default upon installoation diff --git a/etc/nextcloudpi-config.d/nc-admin.sh b/etc/nextcloudpi-config.d/nc-admin.sh new file mode 100644 index 00000000..16cf79ce --- /dev/null +++ b/etc/nextcloudpi-config.d/nc-admin.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +# Change password for the Nextcloud admin user +# +# Copyleft 2017 by Ignacio Nunez Hernanz +# GPL licensed (see end of file) * Use at your own risk! +# +# Usage: +# +# ./installer.sh nc-admin.sh () +# +# See installer.sh instructions for details +# More at: https://ownyourbits.com +# + +USER_=ncp +PASSWORD_=ownyourbits +CONFIRM_=ownyourbits + +DESCRIPTION="Change password for the Nextcloud admin user" + +configure() +{ + [[ "$PASSWORD_" == "$CONFIRM_" ]] || { echo "passwords do not match"; return 1; } + + OC_PASS="$PASSWORD_" \ + sudo -E -u www-data php /var/www/nextcloud/occ \ + user:resetpassword --password-from-env "$USER_" +} + +install() { :; } + +# License +# +# This script is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This script is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this script; if not, write to the +# Free Software Foundation, Inc., 59 Temple Place, Suite 330, +# Boston, MA 02111-1307 USA diff --git a/etc/nextcloudpi-config.d/nc-nextcloud.sh b/etc/nextcloudpi-config.d/nc-nextcloud.sh index 0eeea963..8cc9b2e6 100644 --- a/etc/nextcloudpi-config.d/nc-nextcloud.sh +++ b/etc/nextcloudpi-config.d/nc-nextcloud.sh @@ -221,7 +221,6 @@ EOF EOF - a2ensite nextcloud cat > /etc/apache2/sites-available/000-default.conf <<'EOF' diff --git a/etc/nextcloudpi-config.d/nc-passwd.sh b/etc/nextcloudpi-config.d/nc-passwd.sh index e6303ade..f5604137 100644 --- a/etc/nextcloudpi-config.d/nc-passwd.sh +++ b/etc/nextcloudpi-config.d/nc-passwd.sh @@ -18,11 +18,14 @@ CONFIRM_=ownyourbits DESCRIPTION="Change password for the NextCloudPi Panel" -configure() +configure() { echo -e "$PASSWORD_\n$CONFIRM_" | passwd ncp &>/dev/null && \ echo "password updated successfully" || \ { echo "passwords do not match"; return 1; } + a2ensite ncp nextcloud + a2dissite ncp-activation + bash -c "sleep 1.5 && service apache2 reload" &>/dev/null & } install() { :; } @@ -43,4 +46,3 @@ install() { :; } # along with this script; if not, write to the # Free Software Foundation, Inc., 59 Temple Place, Suite 330, # Boston, MA 02111-1307 USA - diff --git a/etc/nextcloudpi-config.d/nc-webui.sh b/etc/nextcloudpi-config.d/nc-webui.sh index fe7437cb..6bd28579 100644 --- a/etc/nextcloudpi-config.d/nc-webui.sh +++ b/etc/nextcloudpi-config.d/nc-webui.sh @@ -13,10 +13,15 @@ # More at: https://ownyourbits.com # -ACTIVE_=yes +ACTIVE_=no LANGUAGE_=[_auto_,en,de] DESCRIPTION="Enable or disable the NCP web interface" +is_active() +{ + a2query -s ncp &>/dev/null +} + configure() { if [[ $ACTIVE_ != "yes" ]]; then diff --git a/ncp-web/activate/CSS.css b/ncp-web/activate/CSS.css new file mode 100644 index 00000000..572eb603 --- /dev/null +++ b/ncp-web/activate/CSS.css @@ -0,0 +1,233 @@ +/* + * NextcloudPlus Web Panel style sheets. Based on official Nextcloud 12 datasheets + * + * Copyleft 2018 by Ignacio Nunez Hernanz + * GPL licensed (see end of file) * Use at your own risk! + * + * More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +*/ + + +html,body { + height:100% +} +article,aside,dialog,figure,footer,header,hgroup,nav,section { + display:block +} +body { + text-align: center; + line-height:1.5 +} +a { + border:0; + color:#fff; + text-decoration:none; + cursor:pointer +} +a * { + cursor:pointer +} +select,.button span,label { + cursor:pointer +} +body { + background-image: url(../img/background.png); + background-color:#0082c9; + font-weight:400; + line-height:1.6em; + font-family:'Open Sans', Frutiger, Calibri, 'Myriad Pro', Myriad, sans-serif; + color:#fff; + height:auto +} +#nojavascript { + position:fixed; + top:0; + bottom:0; + height:100%; + width:100%; + z-index:9000; + text-align:center; + background-color:rgba(0, 0, 0, 0.5); + color:#fff; + line-height:125%; + font-size:24px +} +#nojavascript div { + display:block; + position:relative; + width:50%; + top:35%; + margin:0px auto +} +#nojavascript a { + color:#fff; + border-bottom:2px dotted #fff +} +#nojavascript a:hover,#nojavascript a:focus { + color:#dbdbdb +} +::-webkit-scrollbar { + width:5px +} +::-webkit-scrollbar-track-piece { + background-color:transparent +} +::-webkit-scrollbar-thumb { + background:#dbdbdb; + border-radius:3px +} +select,button,input,textarea { + width: 3em; + min-height:32px; + box-sizing:border-box; + text-align: center; +} +select,button,.button,input:not([type='range']),textarea,#quota,.pager li a { + margin:3px 3px 3px 0; + padding:7px 6px; + font-size:13px; + background-color:#fff; + color:#545454; + border:1px solid #dbdbdb; + outline:none; + border-radius:3px; +} +select:not(:disabled):not(.primary),button:not(:disabled):not(.primary),.button:not(:disabled):not(.primary),input:not([type='range']):not(:disabled):not(.primary),textarea:not(:disabled):not(.primary),#quota:not(:disabled):not(.primary),.pager li a:not(:disabled):not(.primary) { +} +select:not(:disabled):not(.primary):not(#quota):hover,button:not(:disabled):not(.primary):not(#quota):hover,.button:not(:disabled):not(.primary):not(#quota):hover,input:not([type='range']):not(:disabled):not(.primary):not(#quota):hover,textarea:not(:disabled):not(.primary):not(#quota):hover,#quota:not(:disabled):not(.primary):not(#quota):hover,.pager li a:not(:disabled):not(.primary):not(#quota):hover,select:not(:disabled):not(.primary):focus,button:not(:disabled):not(.primary):focus,.button:not(:disabled):not(.primary):focus,input:not([type='range']):not(:disabled):not(.primary):focus,textarea:not(:disabled):not(.primary):focus,#quota:not(:disabled):not(.primary):focus,.pager li a:not(:disabled):not(.primary):focus,select:not(:disabled):not(.primary).active,button:not(:disabled):not(.primary).active,.button:not(:disabled):not(.primary).active,input:not([type='range']):not(:disabled):not(.primary).active,textarea:not(:disabled):not(.primary).active,#quota:not(:disabled):not(.primary).active,.pager li a:not(:disabled):not(.primary).active { + border-color:#0082c9; + outline:none +} +select:not(:disabled):not(.primary):active,button:not(:disabled):not(.primary):active,.button:not(:disabled):not(.primary):active,input:not([type='range']):not(:disabled):not(.primary):active,textarea:not(:disabled):not(.primary):active,#quota:not(:disabled):not(.primary):active,.pager li a:not(:disabled):not(.primary):active { + outline:none; + background-color:#fff +} +select:disabled,button:disabled,.button:disabled,input:not([type='range']):disabled,textarea:disabled,#quota:disabled,.pager li a:disabled { + background-color:#ebebeb; + color:rgba(0, 0, 0, 0.4); + cursor:default; + opacity:0.5 +} +select.primary,button.primary,.button.primary,input:not([type='range']).primary,textarea.primary,#quota.primary,.pager li a.primary { + border:1px solid #0082c9; + background-color:rgba(0, 130, 201, .7); + color:#fff; + cursor:pointer +} +select.primary:not(:disabled):hover,button.primary:not(:disabled):hover,.button.primary:not(:disabled):hover,input:not([type='range']).primary:not(:disabled):hover,textarea.primary:not(:disabled):hover,#quota.primary:not(:disabled):hover,.pager li a.primary:not(:disabled):hover,select.primary:not(:disabled):focus,button.primary:not(:disabled):focus,.button.primary:not(:disabled):focus,input:not([type='range']).primary:not(:disabled):focus,textarea.primary:not(:disabled):focus,#quota.primary:not(:disabled):focus,.pager li a.primary:not(:disabled):focus { + background-color:rgba(0, 130, 201, .85) +} +select.primary:not(:disabled):active,button.primary:not(:disabled):active,.button.primary:not(:disabled):active,input:not([type='range']).primary:not(:disabled):active,textarea.primary:not(:disabled):active,#quota.primary:not(:disabled):active,.pager li a.primary:not(:disabled):active { + background-color:rgba(0, 130, 201, .7) +} +select.primary:disabled,button.primary:disabled,.button.primary:disabled,input:not([type='range']).primary:disabled,textarea.primary:disabled,#quota.primary:disabled,.pager li a.primary:disabled { + background-color:rgba(0, 130, 201, .7); + color:#bababa +} +input { +} +input:not([type='radio']):not([type='checkbox']):not([type='range']):not([type='submit']):not([type='button']):not([type='reset']):not([type='color']):not([type='file']):not([type='image']) { + -webkit-appearance:textfield; + -moz-appearance:textfield +} +select,button,.button,input[type='button'],input[type='submit'],input[type='reset'] { + padding:6px 12px; + width:auto; + min-height:34px; + cursor:pointer; + box-sizing:border-box; + background-color:#f7f7f7 +} +button,.button,input[type='button'],input[type='submit'],input[type='reset'] { + font-weight:bold; +} +button::-moz-focus-inner,.button::-moz-focus-inner,input[type='button']::-moz-focus-inner,input[type='submit']::-moz-focus-inner,input[type='reset']::-moz-focus-inner { + border:0 +} +button,.button { +} +button > span[class^='icon-'],.button > span[class^='icon-'],button > span[class*=' icon-'],.button > span[class*=' icon-'] { + display:inline-block; + vertical-align:text-bottom; + opacity:0.5 +} +textarea { + color:#545454; + cursor:text; + font-family:inherit; + height:auto +} +textarea:not(:disabled):active,textarea:not(:disabled):hover,textarea:not(:disabled):focus { + border-color:#dbdbdb !important; + background-color:#fff !important +} +select { + -webkit-appearance:none; + -moz-appearance:none; + appearance:none; + background:url('../../../core/css/../img/actions/triangle-s.svg') no-repeat right 4px center; + background-color:inherit; + outline:0; + padding-right:24px !important +} +button img,.button img { + cursor:pointer +} +input[type='checkbox'].radio,input[type='radio'].radio,input[type='checkbox'].checkbox,input[type='radio'].checkbox { + position:absolute; + left:-10000px; + top:auto; + width:1px; + height:1px; + overflow:hidden +} +#header { + color: white; +} +h2 { + font-size:20px; + font-weight:300; + margin-bottom:12px; + line-height:140% +} +h3 { + font-size:15px; + font-weight:300; + margin:12px 0 +} +em { + font-style:normal; + -ms-filter:'progid:DXImageTransform.Microsoft.Alpha(Opacity=50)'; + opacity:0.5 +} +dl { + padding:12px 0 +} +dt,dd { + display:inline-block; + padding:12px; + padding-left:0 +} +dt { + width:130px; + white-space:nowrap; + text-align:right +} +kbd { + padding:4px 10px; + border:1px solid #ccc; + box-shadow:0 1px 0 rgba(0, 0, 0, .2); + border-radius:3px; + display:inline-block; + white-space:nowrap +} + +hr { border: solid 1px white; } + +#ncp-logo { margin-top: 24px; } + +#loading-gif { display: none; } + +#ncp-pwd,#nc-pwd{ width:30em; } + +img { vertical-align: middle; } diff --git a/ncp-web/activate/JS.js b/ncp-web/activate/JS.js new file mode 100644 index 00000000..e9152707 --- /dev/null +++ b/ncp-web/activate/JS.js @@ -0,0 +1,113 @@ +/// +// NextcloudPi Web Panel javascript library +// +// Copyleft 2017 by Ignacio Nunez Hernanz +// GPL licensed (see end of file) * Use at your own risk! +// +// More at https://ownyourbits.com/2017/02/13/nextcloud-ready-raspberry-pi-image/ +/// + +var MINI = require('minified'); +var $ = MINI.$, $$ = MINI.$$, EE = MINI.EE; +var selectedID = null; +var confLock = false; + +function errorMsg() +{ + $('#error-box').fill( "Something went wrong. Try refreshing the page" ); +} + +$(function() +{ + // print info page + $( '#print-pwd' ).on( 'click', function(e) { window.print(); } ); + + // copy to clipboard + $( '#cp-ncp' ).on( 'click', function(e) + { + var input = document.getElementById('ncp-pwd'); + input.focus(); + input.select(); + var res =document.execCommand( 'copy' ); + $('#cp-ncp-ok').fill( res ? "✓" : "✘" ); + input.selectionStart = input.selectionEnd; + } ); + + // copy to clipboard + $( '#cp-nc' ).on( 'click', function(e) + { + var input = document.getElementById('nc-pwd'); + input.focus(); + input.select(); + var res =document.execCommand( 'copy' ); + $('#cp-nc-ok').fill( res ? "✓" : "✘" ); + input.selectionStart = input.selectionEnd; + } ); + + // activate NextCloudPi + $( '#activate-ncp' ).on( 'click', function(e) + { + $( '#activate-ncp' ).hide(); + $( '#print-pwd' ).hide(); + $('#loading-gif').set( { $display: 'inline' } ); + + // request + $.request('post', '../ncp-launcher.php', { action: 'launch', + ref : 'nc-admin', + config: '{ "PASSWORD":"' + $('#nc-pwd').get('.value') + '",' + + '"CONFIRM" :"' + $('#nc-pwd').get('.value') + '",' + + '"USER" : "ncp" }', + csrf_token: $( '#csrf-token' ).get( '.value' ) }).then( + function success( result ) + { + var ret = $.parseJSON( result ); + if ( ret.ret == '0' ) { + if ( ret.token ) + $('#csrf-token').set( { value: ret.token } ); + + // request + $.request('post', '../ncp-launcher.php', { action: 'launch', + ref : 'nc-passwd', + config: '{ "PASSWORD":"' + $('#ncp-pwd').get('.value') + '",' + + '"CONFIRM" :"' + $('#ncp-pwd').get('.value') + '"}', + csrf_token: $( '#csrf-token' ).get( '.value' ) }).then( + + function success( result ) + { + var ret = $.parseJSON( result ); + if ( ret.ret == '0' ) + { + setTimeout( function(){ + $('#loading-gif').hide(); + $('#error-box').fill( "ACTIVATION SUCCESSFUL" ); + var url = window.location.protocol + '//' + window.location.hostname + ':4443'; + if ( !window.open( url, '_blank' ) ) // try to open in a new tab first + window.location.replace( url ); + }, 2000 ); + } else { + $('#error-box').fill( "nc-passwd error" ); + } + } ).error( errorMsg ); + } else { + $('#error-box').fill( "nc-admin error" ); + } + } ).error( errorMsg ); + } ); +} ); + +// License +// +// This script is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License as published by +// the Free Software Foundation; either version 2 of the License, or +// (at your option) any later version. +// +// This script is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this script; if not, write to the +// Free Software Foundation, Inc., 59 Temple Place, Suite 330, +// Boston, MA 02111-1307 USA diff --git a/ncp-web/activate/index.php b/ncp-web/activate/index.php new file mode 100644 index 00000000..0b08f61e --- /dev/null +++ b/ncp-web/activate/index.php @@ -0,0 +1,64 @@ + + + + + + NextCloudPlus Activation + + + + + + + + +

+ This application requires JavaScript for correct operation. Please enable JavaScript and reload the page.

+ +

+ + '; + ?> + + + + diff --git a/ncp-web/img/background.png b/ncp-web/img/background.png new file mode 100644 index 00000000..9e7be378 Binary files /dev/null and b/ncp-web/img/background.png differ diff --git a/ncp-web/img/clippy.svg b/ncp-web/img/clippy.svg new file mode 100644 index 00000000..f3917155 --- /dev/null +++ b/ncp-web/img/clippy.svg @@ -0,0 +1,55 @@ + + diff --git a/ncp-web/img/loading-small.gif b/ncp-web/img/loading-small.gif new file mode 100644 index 00000000..2d04fd0d Binary files /dev/null and b/ncp-web/img/loading-small.gif differ diff --git a/ncp-web/index.php b/ncp-web/index.php index 70a6e26d..ff66862f 100644 --- a/ncp-web/index.php +++ b/ncp-web/index.php @@ -17,6 +17,11 @@ ; rel=preload; as=script;,; rel=preload; as=script;,; rel=preload; as=style;,; rel=preload; as=image;, ; rel=preload; as=image;, rel=preconnect href=ncp-launcher.php;"); + header("Link: ; rel=preload; as=script;,; rel=preload; as=script;,; rel=preload; as=style;,; rel=preload; as=image;, ; rel=preload; as=image;, rel=preconnect href=ncp-launcher.php;"); ?> @@ -175,7 +180,7 @@ HTML;

diff --git a/ncp-web/loading-small.gif b/ncp-web/loading-small.gif deleted file mode 100644 index 2d04fd0d..00000000 Binary files a/ncp-web/loading-small.gif and /dev/null differ diff --git a/ncp-web/ncp-launcher.php b/ncp-web/ncp-launcher.php index aba9b985..004432d0 100644 --- a/ncp-web/ncp-launcher.php +++ b/ncp-web/ncp-launcher.php @@ -118,7 +118,7 @@ else if ( $_POST['action'] == "launch" && $_POST['config'] ) { $value = "[". join(",", $value) ."]"; } - preg_match( '/^[\[\]\w-.,@_\/:]+$/' , $value , $matches ) + preg_match( '/^[\[\]\w+-.,@_\/:]+$/' , $value , $matches ) or exit( '{ "output": "Invalid input" , "token": "' . getCSRFToken() . '" }' ); $code = preg_replace( '/\n' . $name . '_=.*' . PHP_EOL . '/' , PHP_EOL . $name . '_=' . $value . PHP_EOL , diff --git a/ncp-web/ncp.js b/ncp-web/ncp.js index 5d60537c..cd28779d 100644 --- a/ncp-web/ncp.js +++ b/ncp-web/ncp.js @@ -127,7 +127,7 @@ $(function() // request $.request('post', 'ncp-launcher.php', { action:'launch', ref:selectedID , - config: $.toJSON(cfg) , + config: $.toJSON(cfg), csrf_token: $( '#csrf-token' ).get( '.value' ) }).then( function success( result ) { @@ -254,6 +254,7 @@ $(function() { $('#poweroff-dialog').hide(); $('#overlay').hide(); + // request $.request('post', 'ncp-launcher.php', { action:'poweroff', csrf_token: $( '#csrf-token' ).get( '.value' ) }).then( diff --git a/nextcloudpi.sh b/nextcloudpi.sh index 2d2af3da..75a66a9f 100644 --- a/nextcloudpi.sh +++ b/nextcloudpi.sh @@ -40,6 +40,29 @@ install() # NEXTCLOUDPI-CONFIG WEB ## VIRTUAL HOST + cat > /etc/apache2/sites-available/ncp-activation.conf < + DocumentRoot /var/www/ncp-web/ + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + + + + + + Require host localhost + Require local + Require ip 192.168 + Require ip 172 + Require ip 10 + + + + +EOF + cat > /etc/apache2/sites-available/ncp.conf < @@ -91,7 +114,7 @@ EOF $APTINSTALL libapache2-mod-authnz-external pwauth a2enmod authnz_external authn_core auth_basic - a2ensite ncp + a2ensite ncp-activation ## NCP USER FOR AUTHENTICATION useradd --home-dir /nonexistent "$WEBADMIN" diff --git a/update.sh b/update.sh index c34d414f..376bdb21 100755 --- a/update.sh +++ b/update.sh @@ -270,6 +270,30 @@ EOF systemctl disable log2ram systemctl stop log2ram } + + # add new virtual host for initial password setup + cat > /etc/apache2/sites-available/ncp-activation.conf < + DocumentRoot /var/www/ncp-web/ + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + + + + + + Require host localhost + Require local + Require ip 192.168 + Require ip 172 + Require ip 10 + + + + +EOF } # end - only live updates exit 0 -- cgit v1.2.3