diff --git a/core/Command/Maintenance/Install.php b/core/Command/Maintenance/Install.php index 84fd832e016..48fcb335583 100644 --- a/core/Command/Maintenance/Install.php +++ b/core/Command/Maintenance/Install.php @@ -44,6 +44,7 @@ class Install extends Command { ->addOption('database-user', null, InputOption::VALUE_REQUIRED, 'Login to connect to the database') ->addOption('database-pass', null, InputOption::VALUE_OPTIONAL, 'Password of the database user', null) ->addOption('database-table-space', null, InputOption::VALUE_OPTIONAL, 'Table space of the database (oci only)', null) + ->addOption('disable-admin-user', null, InputOption::VALUE_NONE, 'Disable the creation of an admin user') ->addOption('admin-user', null, InputOption::VALUE_REQUIRED, 'Login of the admin account', 'admin') ->addOption('admin-pass', null, InputOption::VALUE_REQUIRED, 'Password of the admin account') ->addOption('admin-email', null, InputOption::VALUE_OPTIONAL, 'E-Mail of the admin account') @@ -120,6 +121,7 @@ class Install extends Command { if ($input->hasParameterOption('--database-pass')) { $dbPass = (string)$input->getOption('database-pass'); } + $disableAdminUser = (bool)$input->getOption('disable-admin-user'); $adminLogin = $input->getOption('admin-user'); $adminPassword = $input->getOption('admin-pass'); $adminEmail = $input->getOption('admin-email'); @@ -142,7 +144,7 @@ class Install extends Command { } } - if (is_null($adminPassword)) { + if (!$disableAdminUser && $adminPassword === null) { /** @var QuestionHelper $helper */ $helper = $this->getHelper('question'); $question = new Question('What is the password you like to use for the admin account <' . $adminLogin . '>?'); @@ -151,7 +153,7 @@ class Install extends Command { $adminPassword = $helper->ask($input, $output, $question); } - if ($adminEmail !== null && !filter_var($adminEmail, FILTER_VALIDATE_EMAIL)) { + if (!$disableAdminUser && $adminEmail !== null && !filter_var($adminEmail, FILTER_VALIDATE_EMAIL)) { throw new InvalidArgumentException('Invalid e-mail-address <' . $adminEmail . '> for <' . $adminLogin . '>.'); } @@ -161,6 +163,7 @@ class Install extends Command { 'dbpass' => $dbPass, 'dbname' => $dbName, 'dbhost' => $dbHost, + 'admindisable' => $disableAdminUser, 'adminlogin' => $adminLogin, 'adminpass' => $adminPassword, 'adminemail' => $adminEmail, diff --git a/lib/private/Setup.php b/lib/private/Setup.php index 959797fb962..c8b5060076a 100644 --- a/lib/private/Setup.php +++ b/lib/private/Setup.php @@ -304,11 +304,15 @@ class Setup { $error = []; $dbType = $options['dbtype']; - if (empty($options['adminlogin'])) { - $error[] = $l->t('Set an admin Login.'); - } - if (empty($options['adminpass'])) { - $error[] = $l->t('Set an admin password.'); + $disableAdminUser = (bool)($options['admindisable'] ?? false); + + if (!$disableAdminUser) { + if (empty($options['adminlogin'])) { + $error[] = $l->t('Set an admin Login.'); + } + if (empty($options['adminpass'])) { + $error[] = $l->t('Set an admin password.'); + } } if (empty($options['directory'])) { $options['directory'] = \OC::$SERVERROOT . '/data'; @@ -318,8 +322,6 @@ class Setup { $dbType = 'sqlite'; } - $username = htmlspecialchars_decode($options['adminlogin']); - $password = htmlspecialchars_decode($options['adminpass']); $dataDir = htmlspecialchars_decode($options['directory']); $class = self::$dbSetupClasses[$dbType]; @@ -375,7 +377,7 @@ class Setup { $this->outputDebug($output, 'Configuring database'); $dbSetup->initialize($options); try { - $dbSetup->setupDatabase($username); + $dbSetup->setupDatabase(); } catch (\OC\DatabaseSetupException $e) { $error[] = [ 'error' => $e->getMessage(), @@ -405,19 +407,22 @@ class Setup { return $error; } - $this->outputDebug($output, 'Create admin account'); - - // create the admin account and group $user = null; - try { - $user = Server::get(IUserManager::class)->createUser($username, $password); - if (!$user) { - $error[] = "Account <$username> could not be created."; + if (!$disableAdminUser) { + $username = htmlspecialchars_decode($options['adminlogin']); + $password = htmlspecialchars_decode($options['adminpass']); + $this->outputDebug($output, 'Create admin account'); + + try { + $user = Server::get(IUserManager::class)->createUser($username, $password); + if (!$user) { + $error[] = "Account <$username> could not be created."; + return $error; + } + } catch (Exception $exception) { + $error[] = $exception->getMessage(); return $error; } - } catch (Exception $exception) { - $error[] = $exception->getMessage(); - return $error; } $config = Server::get(IConfig::class); @@ -432,7 +437,7 @@ class Setup { } $group = Server::get(IGroupManager::class)->createGroup('admin'); - if ($group instanceof IGroup) { + if ($user !== null && $group instanceof IGroup) { $group->addUser($user); } @@ -464,26 +469,28 @@ class Setup { $bootstrapCoordinator = Server::get(\OC\AppFramework\Bootstrap\Coordinator::class); $bootstrapCoordinator->runInitialRegistration(); - // Create a session token for the newly created user - // The token provider requires a working db, so it's not injected on setup - /** @var \OC\User\Session $userSession */ - $userSession = Server::get(IUserSession::class); - $provider = Server::get(PublicKeyTokenProvider::class); - $userSession->setTokenProvider($provider); - $userSession->login($username, $password); - $user = $userSession->getUser(); - if (!$user) { - $error[] = 'No account found in session.'; - return $error; - } - $userSession->createSessionToken($request, $user->getUID(), $username, $password); + if (!$disableAdminUser) { + // Create a session token for the newly created user + // The token provider requires a working db, so it's not injected on setup + /** @var \OC\User\Session $userSession */ + $userSession = Server::get(IUserSession::class); + $provider = Server::get(PublicKeyTokenProvider::class); + $userSession->setTokenProvider($provider); + $userSession->login($username, $password); + $user = $userSession->getUser(); + if (!$user) { + $error[] = 'No account found in session.'; + return $error; + } + $userSession->createSessionToken($request, $user->getUID(), $username, $password); - $session = $userSession->getSession(); - $session->set('last-password-confirm', Server::get(ITimeFactory::class)->getTime()); + $session = $userSession->getSession(); + $session->set('last-password-confirm', Server::get(ITimeFactory::class)->getTime()); - // Set email for admin - if (!empty($options['adminemail'])) { - $user->setSystemEMailAddress($options['adminemail']); + // Set email for admin + if (!empty($options['adminemail'])) { + $user->setSystemEMailAddress($options['adminemail']); + } } return $error; diff --git a/lib/private/Setup/AbstractDatabase.php b/lib/private/Setup/AbstractDatabase.php index dbbb587206b..ec4ce040090 100644 --- a/lib/private/Setup/AbstractDatabase.php +++ b/lib/private/Setup/AbstractDatabase.php @@ -127,10 +127,7 @@ abstract class AbstractDatabase { return $connection; } - /** - * @param string $username - */ - abstract public function setupDatabase($username); + abstract public function setupDatabase(); public function runMigrations(?IOutput $output = null) { if (!is_dir(\OC::$SERVERROOT . '/core/Migrations')) { diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php index 6dd9855d851..1e2dda4c609 100644 --- a/lib/private/Setup/MySQL.php +++ b/lib/private/Setup/MySQL.php @@ -16,7 +16,7 @@ use OCP\Security\ISecureRandom; class MySQL extends AbstractDatabase { public $dbprettyname = 'MySQL/MariaDB'; - public function setupDatabase($username) { + public function setupDatabase() { //check if the database user has admin right $connection = $this->connect(['dbname' => null]); @@ -28,7 +28,7 @@ class MySQL extends AbstractDatabase { } if ($this->tryCreateDbUser) { - $this->createSpecificUser($username, new ConnectionAdapter($connection)); + $this->createSpecificUser('oc_admin', new ConnectionAdapter($connection)); } $this->config->setValues([ diff --git a/lib/private/Setup/OCI.php b/lib/private/Setup/OCI.php index 47e5e5436a5..61c7f968787 100644 --- a/lib/private/Setup/OCI.php +++ b/lib/private/Setup/OCI.php @@ -40,7 +40,7 @@ class OCI extends AbstractDatabase { return $errors; } - public function setupDatabase($username) { + public function setupDatabase() { try { $this->connect(); } catch (\Exception $e) { diff --git a/lib/private/Setup/PostgreSQL.php b/lib/private/Setup/PostgreSQL.php index b1cf031e876..9a686db2e54 100644 --- a/lib/private/Setup/PostgreSQL.php +++ b/lib/private/Setup/PostgreSQL.php @@ -16,10 +16,9 @@ class PostgreSQL extends AbstractDatabase { public $dbprettyname = 'PostgreSQL'; /** - * @param string $username * @throws \OC\DatabaseSetupException */ - public function setupDatabase($username) { + public function setupDatabase() { try { $connection = $this->connect([ 'dbname' => 'postgres' @@ -46,7 +45,7 @@ class PostgreSQL extends AbstractDatabase { //use the admin login data for the new database user //add prefix to the postgresql user name to prevent collisions - $this->dbUser = 'oc_' . strtolower($username); + $this->dbUser = 'oc_admin'; //create a new password so we don't need to store the admin config in the config file $this->dbPassword = \OC::$server->get(ISecureRandom::class)->generate(30, ISecureRandom::CHAR_ALPHANUMERIC); diff --git a/lib/private/Setup/Sqlite.php b/lib/private/Setup/Sqlite.php index 1b90ebd5a5e..b34b1e32ede 100644 --- a/lib/private/Setup/Sqlite.php +++ b/lib/private/Setup/Sqlite.php @@ -45,7 +45,7 @@ class Sqlite extends AbstractDatabase { } } - public function setupDatabase($username) { + public function setupDatabase() { $datadir = $this->config->getValue( 'datadirectory', \OC::$SERVERROOT . '/data'