From d275c930356fd4203c0cf9e2850c8e92f3d0c2b9 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 12 Aug 2022 09:43:38 +0200 Subject: [PATCH 1/2] Recover installation when creating the user failed Signed-off-by: Joas Schilling --- lib/private/Setup/MySQL.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php index e878ed4d9aa8d..7788e3e006ca6 100644 --- a/lib/private/Setup/MySQL.php +++ b/lib/private/Setup/MySQL.php @@ -129,6 +129,7 @@ private function createDBUser($connection) { 'exception' => $ex, 'app' => 'mysql.setup', ]); + throw $ex; } } @@ -137,6 +138,9 @@ private function createDBUser($connection) { * @param IDBConnection $connection */ private function createSpecificUser($username, $connection): void { + $rootUser = $this->dbUser; + $rootPassword = $this->dbPassword; + try { //user already specified in config $oldUser = $this->config->getValue('dbuser', false); @@ -179,6 +183,9 @@ private function createSpecificUser($username, $connection): void { 'exception' => $ex, 'app' => 'mysql.setup', ]); + // Restore the original credentials + $this->dbUser = $rootUser; + $this->dbPassword = $rootPassword; } $this->config->setValues([ From 33d7a9624cd0c0760f5980f605d6d34cee6218f5 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 12 Aug 2022 10:03:19 +0200 Subject: [PATCH 2/2] Create more secure passwords by default Signed-off-by: Joas Schilling --- lib/private/Setup/MySQL.php | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/lib/private/Setup/MySQL.php b/lib/private/Setup/MySQL.php index 7788e3e006ca6..e3004c269bc35 100644 --- a/lib/private/Setup/MySQL.php +++ b/lib/private/Setup/MySQL.php @@ -141,6 +141,16 @@ private function createSpecificUser($username, $connection): void { $rootUser = $this->dbUser; $rootPassword = $this->dbPassword; + //create a random password so we don't need to store the admin password in the config file + $saveSymbols = str_replace(['\"', '\\', '\'', '`'], '', ISecureRandom::CHAR_SYMBOLS); + $password = $this->random->generate(22, ISecureRandom::CHAR_ALPHANUMERIC . $saveSymbols) + . $this->random->generate(2, ISecureRandom::CHAR_UPPER) + . $this->random->generate(2, ISecureRandom::CHAR_LOWER) + . $this->random->generate(2, ISecureRandom::CHAR_DIGITS) + . $this->random->generate(2, $saveSymbols) + ; + $this->dbPassword = str_shuffle($password); + try { //user already specified in config $oldUser = $this->config->getValue('dbuser', false); @@ -163,10 +173,6 @@ private function createSpecificUser($username, $connection): void { if (count($data) === 0) { //use the admin login data for the new database user $this->dbUser = $adminUser; - - //create a random password so we don't need to store the admin password in the config file - $this->dbPassword = $this->random->generate(30, ISecureRandom::CHAR_ALPHANUMERIC); - $this->createDBUser($connection); break;