Merge pull request hestiacp#2220 from jaapmarcus/fix/2139-http-auth

Fix hestiacp#1239 basic auth not working

Author: ScIT-Raphael

bin/v-add-web-domain-httpauth

@@ -30,10 +30,7 @@ source $HESTIA/func/domain.sh
 source_conf "$HESTIA/conf/hestia.conf"
 
 # Defining htpasswd file
-htaccess="$HOMEDIR/$user/conf/web/$domain/htaccess"
 htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd"
-shtaccess="$htaccess"
-shtpasswd="$htpasswd"
 docroot="$HOMEDIR/$user/web/$domain/public_html"
 
 # Perform verification if read-only mode is enabled
@@ -63,41 +60,47 @@ fi
 #                       Action                             #
 #----------------------------------------------------------#
 
+
 # Adding htaccess password protection
-if [ ! -e "$htaccess" ]; then
-    if [ "$WEB_SYSTEM" != 'nginx' ]; then
-        echo "<Directory $docroot>" > $htaccess
-        echo "    AuthUserFile $htpasswd" >> $htaccess
-        echo "    AuthName \"$domain access\"" >> $htaccess
-        echo "    AuthType Basic" >> $htaccess
-        echo "    Require valid-user" >> $htaccess
-        echo "</Directory>" >> $htaccess
+    if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
+        htaccess="$HOMEDIR/$user/conf/web/$domain/nginx.conf_htaccess"
+        shtaccess="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_htaccess"
+        if [ ! -f "$htaccess" ]; then
+            echo "auth_basic  \"$domain password access\";" > $htaccess
+            echo "auth_basic_user_file    $htpasswd;" >> $htaccess
+            ln -s $htaccess $shtaccess
+            restart_required='yes'
+        fi
     else
-        echo "auth_basic  \"$domain password access\";" > $htaccess
-        echo "auth_basic_user_file    $htpasswd;" >> $htaccess
+        htaccess="$HOMEDIR/$user/conf/web/$domain/apache2.conf_htaccess"
+        shtaccess="$HOMEDIR/$user/conf/web/$domain/apache2.ssl.conf_htaccess"
+        if [ ! -f "$htaccess" ]; then
+            echo "<Directory $docroot>" > $htaccess
+            echo "    AuthUserFile $htpasswd" >> $htaccess
+            echo "    AuthName \"$domain access\"" >> $htaccess
+            echo "    AuthType Basic" >> $htaccess
+            echo "    Require valid-user" >> $htaccess
+            echo "</Directory>" >> $htaccess
+            ln -s $htaccess $shtaccess
+            restart_required='yes'
+        fi
     fi
-    restart_required='yes'
-fi
+
 
 # Adding httpasswd user
 auth_hash=$($BIN/v-generate-password-hash htpasswd htpasswd $password)
 touch $htpasswd
-chmod 640 $htpasswd $htaccess
+chmod 644 $htpasswd $htaccess
 chgrp $user $htpasswd $htaccess
 sed -i "/^$auth_user:/d" $htpasswd
 echo "$auth_user:$auth_hash" >> $htpasswd
 
-# Symbolic link for secure web templates
-if [ ! -L "$shtpasswd" ]; then
-    ln -s $htpasswd $shtpasswd 
-fi
-if [ ! -L "$shtaccess" ]; then
-    ln -s $htaccess $shtaccess
-fi
-
 # Restarting web server
 if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then
     $BIN/v-restart-web
+    if [ -n "$PROXY_SYSTEM" ]; then
+        $BIN/v-restart-proxy
+    fi
 fi
 
 #----------------------------------------------------------#

bin/v-delete-web-domain-httpauth

@@ -28,10 +28,6 @@ source $HESTIA/func/domain.sh
 # load config file
 source_conf "$HESTIA/conf/hestia.conf"
 
-# Defining htpasswd file
-htaccess="$HOMEDIR/$user/conf/web/$domain/htaccess"
-htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd"
-
 #----------------------------------------------------------#
 #                    Verifications                         #
 #----------------------------------------------------------#
@@ -57,18 +53,29 @@ check_hestia_demo_mode
 #                       Action                             #
 #----------------------------------------------------------#
 
+htpasswd="$HOMEDIR/$user/conf/web/$domain/htpasswd"
 # Deleting auth user
 sed -i "/^$auth_user:/d" $htpasswd
 
 # Deleting password protection
 if [ "$(echo "$AUTH_USER" |tr : '\n' |wc -l)" -le 1 ]; then
-    rm -f $htaccess $htpasswd $shtaccess $shtpasswd
+    if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
+    htaccess="$HOMEDIR/$user/conf/web/$domain/nginx.conf_htaccess"
+    shtaccess="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_htaccess"
+    else
+    htaccess="$HOMEDIR/$user/conf/web/$domain/apache2.conf_htaccess"
+    shtaccess="$HOMEDIR/$user/conf/web/$domain/apache2.ssl.conf_htaccess"
+    fi
+    rm -f $htaccess $htpasswd $shtaccess
     restart_required='yes'
 fi
 
 # Restarting web server
 if [ "$restart" != 'no' ] && [ "$restart_required" = 'yes' ]; then
     $BIN/v-restart-web
+    if [ -n "$PROXY_SYSTEM" ]; then
+        $BIN/v-restart-proxy
+    fi
 fi
 
 

func/rebuild.sh

@@ -413,21 +413,32 @@ rebuild_web_domain_conf() {
         sed -i "/^$auth_user:/d" $htpasswd
         echo "$auth_user:$auth_hash" >> $htpasswd
 
-        # Checking web server include
-        if [ ! -e "$htaccess" ]; then
-            if [ "$WEB_SYSTEM" != 'nginx' ]; then
+        # Adding htaccess password protection
+        if [ "$WEB_SYSTEM" = "nginx" ] || [ "$PROXY_SYSTEM" = "nginx" ]; then
+            htaccess="$HOMEDIR/$user/conf/web/$domain/nginx.conf_htaccess"
+            shtaccess="$HOMEDIR/$user/conf/web/$domain/nginx.ssl.conf_htaccess"
+            if [ ! -f "$htaccess" ]; then
+                echo "auth_basic  \"$domain password access\";" > $htaccess
+                echo "auth_basic_user_file    $htpasswd;" >> $htaccess
+                ln -s $htaccess $shtaccess
+                restart_required='yes'
+            fi
+        else
+            htaccess="$HOMEDIR/$user/conf/web/$domain/apache2.conf_htaccess"
+            shtaccess="$HOMEDIR/$user/conf/web/$domain/apache2.ssl.conf_htaccess"
+            if [ ! -f "$htaccess" ]; then
                 echo "<Directory $docroot>" > $htaccess
                 echo "    AuthUserFile $htpasswd" >> $htaccess
                 echo "    AuthName \"$domain access\"" >> $htaccess
                 echo "    AuthType Basic" >> $htaccess
                 echo "    Require valid-user" >> $htaccess
                 echo "</Directory>" >> $htaccess
-            else
-                echo "auth_basic  \"$domain password access\";" > $htaccess
-                echo "auth_basic_user_file    $htpasswd;" >> $htaccess
+                ln -s $htaccess $shtaccess
+                restart_required='yes'
             fi
-            chmod 640 $htpasswd $htaccess >/dev/null 2>&1
         fi
+        chmod 644 $htpasswd $htaccess
+        chgrp $user $htpasswd $htaccess
     done
 
     # Set folder permissions