hestiacp/bin/v-add-sys-pma-sso

#!/bin/bash
# info: enables support for single sign on phpMyAdmin
# options: [mode]
#
# example: v-add-sys-pma-sso
#
# This function enables support for SSO to phpMyAdmin

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

MODE=$1

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

PMA_INSTALL="/usr/share/phpmyadmin"
PMA_CONFIG="/etc/phpmyadmin"


WWW_USER="www-data"
if [ -f /etc/redhat-release ]; then
    WWW_USER="apache"
fi

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

# Checking root permissions
if [ "x$(id -u)" != 'x0' ]; then
	echo "Error: Script can be run executed only by root"
	exit 10
fi

if [ -n "$PHPMYADMIN_KEY" ] && [ "$PHPMYADMIN_KEY" != "" ]; then
	echo "Error: SSO has been installed before to reenable it please run v-delete-sys-pma-sso first"
	exit 1
fi

if [ -f "/usr/share/phpmyadmin/hestia-sso.php" ]; then
	echo "Error: hestia-sso.php is already installed"
	exit 2
fi

if [ -f "/usr/local/hesta/web/api/index.php" ]; then
	echo "Error: API script not installed"
	exit 2
fi

if [ "API_SYSTEM" = "0" ]; then
	echo "Error: API is not enabled"
	exit 2
fi

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Generate the keys to secure everything
phpmyadminkey=$(generate_password)
apikey=$($BIN/v-add-access-key 'admin' 'phpmyadmin-sso' 'phpMyAdmin' 'plain')

# copy config dir to /usr/share/phpmyadmin/
cp -f $HESTIA_COMMON_DIR/phpmyadmin/hestia-sso.php $PMA_INSTALL/hestia-sso.php
chmod 640 $PMA_INSTALL/hestia-sso.php
chown root:$WWW_USER $PMA_INSTALL/hestia-sso.php

sed -i "s/%PHPMYADMIN_KEY%/$phpmyadminkey/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_KEY%/$apikey/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_HOST_NAME%/$(hostname)/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_HESTIA_PORT%/$BACKEND_PORT/g" $PMA_INSTALL/hestia-sso.php

# Check if config already contains the keys
touch $PMA_CONFIG/hestia-sso.inc.php
chmod 640 $PMA_CONFIG/hestia-sso.inc.php
chown root:$WWW_USER $PMA_CONFIG/hestia-sso.inc.php

echo "<?php
if(isset(\$_GET['hestia_token']) || isset(\$_COOKIE['SignonSession'])){
\$cfg['Servers'][\$i]['auth_type'] = 'signon';
\$cfg['Servers'][\$i]['SignonSession'] = 'SignonSession';
\$cfg['Servers'][\$i]['SignonURL'] = 'hestia-sso.php';
\$cfg['Servers'][\$i]['LogoutURL'] = 'hestia-sso.php?logout=1';
}
?>" >> $PMA_CONFIG/hestia-sso.inc.php

file=$(cat $PMA_CONFIG/config.inc.php)
if ! [[ "$file" =~ hestia-sso.inc.php ]]; then
	if [[ $file =~ "//Add Hestia SSO code here" ]]; then
		sed -i "s|//Add Hestia SSO code here|//Add Hestia SSO code here\n     include ('$PMA_CONFIG/hestia-sso.inc.php');|g" $PMA_CONFIG/config.inc.php
	else
		echo "include ('$PMA_CONFIG/hestia-sso.inc.php');" >> $PMA_CONFIG/config.inc.php
	fi
fi

$BIN/v-change-sys-config-value 'PHPMYADMIN_KEY' "$phpmyadminkey"

if [ -z "$(echo $API_ALLOWED_IP | grep 127.0.0.1)" ]; then
	$BIN/v-add-sys-api-ip "127.0.0.1"
fi

#----------------------------------------------------------#
#                       Logging                            #
#----------------------------------------------------------#

if [ "$MODE" != "quiet" ]; then
	echo "PMA Hestia-SSO plugin has been successfully installed"
fi
$BIN/v-log-action "system" "Info" "Plugins" "phpMyAdmin Single Sign-On has been enabled."
log_event "$OK" "$ARGUMENTS"
Initial 2 years ago			`#!/bin/bash`
			`# info: enables support for single sign on phpMyAdmin`
			`# options: [mode]`
			`#`
			`# example: v-add-sys-pma-sso`
			`#`
			`# This function enables support for SSO to phpMyAdmin`

			`#----------------------------------------------------------#`
			`# Variables & Functions #`
			`#----------------------------------------------------------#`

			`MODE=$1`

			`# Includes`
			`# shellcheck source=/etc/hestiacp/hestia.conf`
			`source /etc/hestiacp/hestia.conf`
			`# shellcheck source=/usr/local/hestia/func/main.sh`
			`source $HESTIA/func/main.sh`
			`# load config file`
			`source_conf "$HESTIA/conf/hestia.conf"`

			`PMA_INSTALL="/usr/share/phpmyadmin"`
			`PMA_CONFIG="/etc/phpmyadmin"`


			`WWW_USER="www-data"`
			`if [ -f /etc/redhat-release ]; then`
			`WWW_USER="apache"`
			`fi`

			`#----------------------------------------------------------#`
			`# Verifications #`
			`#----------------------------------------------------------#`

			`# Perform verification if read-only mode is enabled`
			`check_hestia_demo_mode`

			`# Checking root permissions`
			`if [ "x$(id -u)" != 'x0' ]; then`
			`echo "Error: Script can be run executed only by root"`
			`exit 10`
			`fi`

			`if [ -n "$PHPMYADMIN_KEY" ] && [ "$PHPMYADMIN_KEY" != "" ]; then`
			`echo "Error: SSO has been installed before to reenable it please run v-delete-sys-pma-sso first"`
			`exit 1`
			`fi`

			`if [ -f "/usr/share/phpmyadmin/hestia-sso.php" ]; then`
			`echo "Error: hestia-sso.php is already installed"`
			`exit 2`
			`fi`

			`if [ -f "/usr/local/hesta/web/api/index.php" ]; then`
			`echo "Error: API script not installed"`
			`exit 2`
			`fi`

			`if [ "API_SYSTEM" = "0" ]; then`
			`echo "Error: API is not enabled"`
			`exit 2`
			`fi`

			`#----------------------------------------------------------#`
			`# Action #`
			`#----------------------------------------------------------#`

			`# Generate the keys to secure everything`
			`phpmyadminkey=$(generate_password)`
			`apikey=$($BIN/v-add-access-key 'admin' 'phpmyadmin-sso' 'phpMyAdmin' 'plain')`

			`# copy config dir to /usr/share/phpmyadmin/`
			`cp -f $HESTIA_COMMON_DIR/phpmyadmin/hestia-sso.php $PMA_INSTALL/hestia-sso.php`
			`chmod 640 $PMA_INSTALL/hestia-sso.php`
			`chown root:$WWW_USER $PMA_INSTALL/hestia-sso.php`

			`sed -i "s/%PHPMYADMIN_KEY%/$phpmyadminkey/g" $PMA_INSTALL/hestia-sso.php`
			`sed -i "s/%API_KEY%/$apikey/g" $PMA_INSTALL/hestia-sso.php`
			`sed -i "s/%API_HOST_NAME%/$(hostname)/g" $PMA_INSTALL/hestia-sso.php`
			`sed -i "s/%API_HESTIA_PORT%/$BACKEND_PORT/g" $PMA_INSTALL/hestia-sso.php`

			`# Check if config already contains the keys`
			`touch $PMA_CONFIG/hestia-sso.inc.php`
			`chmod 640 $PMA_CONFIG/hestia-sso.inc.php`
			`chown root:$WWW_USER $PMA_CONFIG/hestia-sso.inc.php`

			`echo "<?php`
			`if(isset(\$_GET['hestia_token']) \|\| isset(\$_COOKIE['SignonSession'])){`
			`\$cfg['Servers'][\$i]['auth_type'] = 'signon';`
			`\$cfg['Servers'][\$i]['SignonSession'] = 'SignonSession';`
			`\$cfg['Servers'][\$i]['SignonURL'] = 'hestia-sso.php';`
			`\$cfg['Servers'][\$i]['LogoutURL'] = 'hestia-sso.php?logout=1';`
			`}`
			`?>" >> $PMA_CONFIG/hestia-sso.inc.php`

			`file=$(cat $PMA_CONFIG/config.inc.php)`
			`if ! [[ "$file" =~ hestia-sso.inc.php ]]; then`
			`if [[ $file =~ "//Add Hestia SSO code here" ]]; then`
			`sed -i "s\|//Add Hestia SSO code here\|//Add Hestia SSO code here\n include ('$PMA_CONFIG/hestia-sso.inc.php');\|g" $PMA_CONFIG/config.inc.php`
			`else`
			`echo "include ('$PMA_CONFIG/hestia-sso.inc.php');" >> $PMA_CONFIG/config.inc.php`
			`fi`
			`fi`

			`$BIN/v-change-sys-config-value 'PHPMYADMIN_KEY' "$phpmyadminkey"`

			`if [ -z "$(echo $API_ALLOWED_IP \| grep 127.0.0.1)" ]; then`
			`$BIN/v-add-sys-api-ip "127.0.0.1"`
			`fi`

			`#----------------------------------------------------------#`
			`# Logging #`
			`#----------------------------------------------------------#`

			`if [ "$MODE" != "quiet" ]; then`
			`echo "PMA Hestia-SSO plugin has been successfully installed"`
			`fi`
			`$BIN/v-log-action "system" "Info" "Plugins" "phpMyAdmin Single Sign-On has been enabled."`
			`log_event "$OK" "$ARGUMENTS"`