Fix issue with v-change-sys-api + error reporting hestia pma-sso (hestiacp#2105)

jaapmarcus · ScIT-Raphael · web-flow · commit 8e3cab76ec91 · 2021-09-03T10:49:23.000+02:00
* Fix an bug where $RELEASE_BRANCH is not hosted at hestia github

Download of api will fail and api will not work. No error is provided

* Disable autoreload except taskmonitor

* Improve phpmyadmin-sso by including debuggin information

* Update change log / refresh hestia-sso.php

Co-authored-by: Raphael Schneeberger &lt;rs@scit.ch&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,8 @@ All notable changes to this project will be documented in this file.
 ### Bugfixes
 - Improve the hostname check to prevent invalid hostnames or the use of an ip address (RFC1178).
 - Add small wait for /usr/bin/iptables-restore [Forum](https://forum.hestiacp.com/t/clean-install-arm64-does-not-start-after-reboot-v-start-service-iptables/4395/7)
+- Fix bug in v-change-sys-api. When using  v-change-sys-api remove and then  v-change-sys-api enable + custom release branch the resetting of api failed + no "error" output was producted
+- Improve error reporting pma-sso function
 - Fixed 2104 v-change-web-domain-name unable to start webserver
 
 ## [1.4.12] - Service release 
diff --git a/bin/v-change-sys-api b/bin/v-change-sys-api
@@ -37,13 +37,15 @@ check_hestia_demo_mode
 if [ "$status" = "enable" ]; then
     if [ ! -f "$HESTIA/web/api/index.php" ]; then
         wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/$RELEASE_BRANCH/web/api/index.php -O $HESTIA/web/api/index.php
-        check_api_download=$(cat $HESTIA/web/api/index.php)
-        if [ -z "$HESTIA/web/api/index.php" ]; then
-            # Throw error message to user
-            echo "ERROR: API installation failed."
-            # Remove empty file created by wget output
-            rm -f "$HESTIA/web/api/index.php"
-            exit 1
+        if [ ! -s $HESTIA/web/api/index.php ]; then
+            wget -q https://raw.githubusercontent.com/hestiacp/hestiacp/release/web/api/index.php -O $HESTIA/web/api/index.php    
+            if [ ! -s $HESTIA/web/api/index.php ]; then
+                # Throw error message to user
+                echo "ERROR: API installation failed."
+                # Remove empty file created by wget output
+                rm -f "$HESTIA/web/api/index.php"
+                exit 1
+            fi
         fi
     else
         sed -i 's|die("Error: Disabled");|//die("Error: Disabled");|g' $HESTIA/web/api/index.php
diff --git a/install/deb/phpmyadmin/hestia-sso.php b/install/deb/phpmyadmin/hestia-sso.php
@@ -1,24 +1,28 @@
 <?php
+
 /* Hestia way to enable support for SSO to PHPmyAdmin */
 /* To install please run v-add-sys-pma-sso */
 
 /* Following keys will get replaced when calling v-add-sys-pma-sso */
-define('PHPMYADMIN_KEY','%PHPMYADMIN_KEY%');
-define('API_HOST_NAME','%API_HOST_NAME%');
-define('API_HESTIA_PORT','%API_HESTIA_PORT%');
+define('PHPMYADMIN_KEY', '%PHPMYADMIN_KEY%');
+define('API_HOST_NAME', '%API_HOST_NAME%');
+define('API_HESTIA_PORT', '%API_HESTIA_PORT%');
 define('API_KEY', '%API_KEY%');
 
 
-class Hestia_API {
+class Hestia_API
+{
     private $api_url;
-    function __construct(){
+    public function __construct()
+    {
         $this -> hostname = 'https://' . API_HOST_NAME . ':' . API_HESTIA_PORT .'/api/';
         $this -> key = API_KEY;
-        $this -> pma_key = PHPMYADMIN_KEY;   
+        $this -> pma_key = PHPMYADMIN_KEY;
     }
-    
+
     /* Creates curl request */
-    function request($postvars){
+    public function request($postvars)
+    {
         $postdata = http_build_query($postvars);
         $curl = curl_init();
         curl_setopt($curl, CURLOPT_URL, $this -> hostname);
@@ -30,9 +34,10 @@ function request($postvars){
         $answer = curl_exec($curl);
         return $answer;
     }
-    
+
     /* Creates an new temp user in mysql */
-    function create_temp_user ($database, $user, $host){
+    public function create_temp_user($database, $user, $host)
+    {
         $post_request = array(
         'hash' => $this -> key,
         'returncode' => 'no',
@@ -44,16 +49,17 @@ function create_temp_user ($database, $user, $host){
         );
         $request = $this -> request($post_request);
         $json = json_decode($request);
-        if(json_last_error() == JSON_ERROR_NONE){
+        if (json_last_error() == JSON_ERROR_NONE) {
             return $json;
-        }else{
+        } else {
+            trigger_error('Unable to connect over API please check api connection', E_USER_WARNING);
             return false;
         }
-        
     }
-    
+
     /* Delete an new temp user in mysql */
-    function delete_temp_user ($database, $user, $dbuser, $host){
+    public function delete_temp_user($database, $user, $dbuser, $host)
+    {
         $post_request = array(
         'hash' => $this -> key,
         'returncode' => 'yes',
@@ -65,48 +71,49 @@ function delete_temp_user ($database, $user, $dbuser, $host){
         'arg5' => $host
         );
         $request = $this -> request($post_request);
-        if(is_numeric($request) && $request == 0){
+        if (is_numeric($request) && $request == 0) {
             return true;
-        }else{
+        } else {
             return false;
         }
     }
 
-    function get_user_ip(){
+    public function get_user_ip()
+    {
         // Saving user IPs to the session for preventing session hijacking
-        $user_combined_ip = array(); 
-        if($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']){
+        $user_combined_ip = array();
+        if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
             $user_combined_ip[] = $_SERVER['REMOTE_ADDR'];
         }
-        if(isset($_SERVER['HTTP_CLIENT_IP'])){
+        if (isset($_SERVER['HTTP_CLIENT_IP'])) {
             $user_combined_ip .=  '|'. $_SERVER['HTTP_CLIENT_IP'];
         }
-        if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
-            if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']){
+        if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+            if ($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED_FOR']) {
                 $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED_FOR'];
             }
         }
-        if(isset($_SERVER['HTTP_FORWARDED_FOR'])){
-            if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']){
+        if (isset($_SERVER['HTTP_FORWARDED_FOR'])) {
+            if ($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED_FOR']) {
                 $user_combined_ip[] = $_SERVER['HTTP_FORWARDED_FOR'];
             }
         }
-        if(isset($_SERVER['HTTP_X_FORWARDED'])){
-            if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']){
-               $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
+        if (isset($_SERVER['HTTP_X_FORWARDED'])) {
+            if ($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_X_FORWARDED']) {
+                $user_combined_ip[] = $_SERVER['HTTP_X_FORWARDED'];
             }
-        }        
-        if(isset($_SERVER['HTTP_FORWARDED'])){
-            if($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']){
+        }
+        if (isset($_SERVER['HTTP_FORWARDED'])) {
+            if ($_SERVER['REMOTE_ADDR'] != $_SERVER['HTTP_FORWARDED']) {
                 $user_combined_ip[] =  '|'. $_SERVER['HTTP_FORWARDED'];
             }
         }
-        if(isset($_SERVER['HTTP_CF_CONNECTING_IP'])){
-            if(!empty($_SERVER['HTTP_CF_CONNECTING_IP'])){
-              $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
+        if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+            if (!empty($_SERVER['HTTP_CF_CONNECTING_IP'])) {
+                $user_combined_ip[] = $_SERVER['HTTP_CF_CONNECTING_IP'];
             }
         }
-        return implode($user_combined_ip,'|');
+        return implode($user_combined_ip, '|');
     }
 }
 
@@ -117,7 +124,8 @@ function get_user_ip(){
 session_name($session_name);
 @session_start();
 
-function session_invalid(){
+function session_invalid()
+{
     global $session_name;
     //delete all current sessions
     session_destroy();
@@ -126,52 +134,58 @@ function session_invalid(){
     die();
 }
     $api = new Hestia_API();
-    if(!empty($_GET)){
-        if(isset($_GET['logout'])){
-            $api -> delete_temp_user($_SESSION['HESTIA_sso_database'], $_SESSION['HESTIA_sso_user'],  $_SESSION['PMA_single_signon_user'], $_SESSION['HESTIA_sso_host']);
+    if (!empty($_GET)) {
+        if (isset($_GET['logout'])) {
+            $api -> delete_temp_user($_SESSION['HESTIA_sso_database'], $_SESSION['HESTIA_sso_user'], $_SESSION['PMA_single_signon_user'], $_SESSION['HESTIA_sso_host']);
             //remove sessin
             session_invalid();
             header("Location: " . dirname($_SERVER['PHP_SELF']) . "/index.php");
             die();
-        }else{ 
-            if(isset($_GET['user']) && isset($_GET['hestia_token'])){
+        } else {
+            if (isset($_GET['user']) && isset($_GET['hestia_token'])) {
                 $database = $_GET['database'];
                 $user = $_GET['user'];
                 $host = 'localhost';
                 $token = $_GET['hestia_token'];
                 $time = $_GET['exp'];
-                if($time + 60 > time()){
+
+                if ($time + 60 > time()) {
                     //note: Possible issues with cloudflare due to ip obfuscation
                     $ip = $api -> get_user_ip();
-                    if(!password_verify($database.$user.$ip.$time.PHPMYADMIN_KEY,$token)){
+                    if (!password_verify($database.$user.$ip.$time.PHPMYADMIN_KEY, $token)) {
+                        trigger_error('Access denied: There is a security token mismatch '. $time, E_USER_WARNING);
+                        session_invalid();
+                        die();
                         session_invalid();
-                    }else{
+                    } else {
                         $id = session_id();
-                        //create a new temp user 
-                        $data = $api -> create_temp_user($database,$user, $host);
-                        $_SESSION['PMA_single_signon_user'] = $data -> login -> user;
-                        $_SESSION['PMA_single_signon_password'] = $data -> login -> password ; 
-                        $_SESSION['PMA_single_signon_host'] = $host;
-                        //save database / username to be used for sending logout notification. 
-                        $_SESSION['HESTIA_sso_user'] = $user;
-                        $_SESSION['HESTIA_sso_database'] = $database;
-                        $_SESSION['HESTIA_sso_host'] = $host;
-                        
-                        @session_write_close();
-                        setcookie($session_name, $id , 0, "/");
-                        header("Location: " . dirname($_SERVER['PHP_SELF']) . "/index.php");
+                        //create a new temp user
+                        $data = $api -> create_temp_user($database, $user, $host);
+                        if ($data) {
+                            $_SESSION['PMA_single_signon_user'] = $data -> login -> user;
+                            $_SESSION['PMA_single_signon_password'] = $data -> login -> password ;
+                            $_SESSION['PMA_single_signon_host'] = $host;
+                            //save database / username to be used for sending logout notification.
+                            $_SESSION['HESTIA_sso_user'] = $user;
+                            $_SESSION['HESTIA_sso_database'] = $database;
+                            $_SESSION['HESTIA_sso_host'] = $host;
+
+                            @session_write_close();
+                            setcookie($session_name, $id, 0, "/");
+                            header("Location: " . dirname($_SERVER['PHP_SELF']) . "/index.php");
+                        } else {
+                            session_invalid();
+                        }
                         die();
                     }
-                }else{
+                } else {
+                    trigger_error('Link has been expired: System time: '. time() .' / Time provided in link: '. $time, E_USER_WARNING);
                     session_invalid();
-                    header("Location: " . dirname($_SERVER['PHP_SELF']) . "/index.php");
                     die();
                 }
             }
         }
-    }else{
+    } else {
         session_invalid();
-        header("Location: " . dirname($_SERVER['PHP_SELF']) . "/index.php");
         die();
     }
-?>
diff --git a/install/upgrade/versions/1.4.13.sh b/install/upgrade/versions/1.4.13.sh
@@ -28,4 +28,11 @@ fi
 # Empty $HESTIA/ssl/mail/ due to bug in #2066 
 if [ -e "$HESTIA/ssl/mail/" ]; then
     rm -fr $HESTIA/ssl/mail/*
+fi
+
+# Reset PMA SSO
+if [ "$PHPMYADMIN_KEY" != "" ]; then
+    echo "[ * ] Refressh hestia-sso for PMA..."
+    $BIN/v-delete-sys-pma-sso 
+    $BIN/v-add-sys-pma-sso 
 fi
diff --git a/web/js/events.js b/web/js/events.js
@@ -215,7 +215,9 @@ var reloadFunction = '';
 
 $(document).ready(startTime);
 function startTime(){
-  reloadFunction = setInterval(updateInterval, 100);
+    if ($(".spinner")[0]){
+    reloadFunction = setInterval(updateInterval, 100);
+  }
 }
 
 function updateInterval(){

Original file line number	Diff line number	Diff line change
`@@ -215,7 +215,9 @@ var reloadFunction = '';`
`215`	`215`
`216`	`216`	`$(document).ready(startTime);`
`217`	`217`	`function startTime(){`
`218`		`- reloadFunction = setInterval(updateInterval, 100);`
	`218`	`+ if ($(".spinner")[0]){`
	`219`	`+ reloadFunction = setInterval(updateInterval, 100);`
	`220`	`+ }`
`219`	`221`	`}`
`220`	`222`
`221`	`223`	`function updateInterval(){`