hestiacp/bin/v-add-sys-pma-sso

#!/bin/bash
# info: enables support for single sign on phpMyAdmin
# options: [mode]
#
# example: v-add-sys-pma-sso
#
# This function enables support for SSO to phpMyAdmin

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

MODE=$1

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

PMA_INSTALL="/usr/share/phpmyadmin"
PMA_CONFIG="/etc/phpmyadmin"


WWW_USER="www-data"
if [ -f /etc/redhat-release ]; then
    WWW_USER="apache"
fi

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

# Checking root permissions
if [ "x$(id -u)" != 'x0' ]; then
	echo "Error: Script can be run executed only by root"
	exit 10
fi

if [ -n "$PHPMYADMIN_KEY" ] && [ "$PHPMYADMIN_KEY" != "" ]; then
	echo "Error: SSO has been installed before to reenable it please run v-delete-sys-pma-sso first"
	exit 1
fi

if [ -f "/usr/share/phpmyadmin/hestia-sso.php" ]; then
	echo "Error: hestia-sso.php is already installed"
	exit 2
fi

if [ -f "/usr/local/hesta/web/api/index.php" ]; then
	echo "Error: API script not installed"
	exit 2
fi

if [ "API_SYSTEM" = "0" ]; then
	echo "Error: API is not enabled"
	exit 2
fi

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Generate the keys to secure everything
phpmyadminkey=$(generate_password)
apikey=$($BIN/v-add-access-key 'admin' 'phpmyadmin-sso' 'phpMyAdmin' 'plain')

# copy config dir to /usr/share/phpmyadmin/
cp -f $HESTIA_COMMON_DIR/phpmyadmin/hestia-sso.php $PMA_INSTALL/hestia-sso.php
chmod 640 $PMA_INSTALL/hestia-sso.php
chown root:$WWW_USER $PMA_INSTALL/hestia-sso.php

sed -i "s/%PHPMYADMIN_KEY%/$phpmyadminkey/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_KEY%/$apikey/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_HOST_NAME%/$(hostname)/g" $PMA_INSTALL/hestia-sso.php
sed -i "s/%API_HESTIA_PORT%/$BACKEND_PORT/g" $PMA_INSTALL/hestia-sso.php

# Check if config already contains the keys
touch $PMA_CONFIG/hestia-sso.inc.php
chmod 640 $PMA_CONFIG/hestia-sso.inc.php
chown root:$WWW_USER $PMA_CONFIG/hestia-sso.inc.php

echo "<?php
if(isset(\$_GET['hestia_token']) || isset(\$_COOKIE['SignonSession'])){
\$cfg['Servers'][\$i]['auth_type'] = 'signon';
\$cfg['Servers'][\$i]['SignonSession'] = 'SignonSession';
\$cfg['Servers'][\$i]['SignonURL'] = 'hestia-sso.php';
\$cfg['Servers'][\$i]['LogoutURL'] = 'hestia-sso.php?logout=1';
}
?>" >> $PMA_CONFIG/hestia-sso.inc.php

file=$(cat $PMA_CONFIG/config.inc.php)
if ! [[ "$file" =~ hestia-sso.inc.php ]]; then
	if [[ $file =~ "//Add Hestia SSO code here" ]]; then
		sed -i "s|//Add Hestia SSO code here|//Add Hestia SSO code here\n     include ('$PMA_CONFIG/hestia-sso.inc.php');|g" $PMA_CONFIG/config.inc.php
	else
		echo "include ('$PMA_CONFIG/hestia-sso.inc.php');" >> $PMA_CONFIG/config.inc.php
	fi
fi

$BIN/v-change-sys-config-value 'PHPMYADMIN_KEY' "$phpmyadminkey"

if [ -z "$(echo $API_ALLOWED_IP | grep 127.0.0.1)" ]; then
	$BIN/v-add-sys-api-ip "127.0.0.1"
fi

#----------------------------------------------------------#
#                       Logging                            #
#----------------------------------------------------------#

if [ "$MODE" != "quiet" ]; then
	echo "PMA Hestia-SSO plugin has been successfully installed"
fi
$BIN/v-log-action "system" "Info" "Plugins" "phpMyAdmin Single Sign-On has been enabled."
log_event "$OK" "$ARGUMENTS"