joomla/Component-Builder
40
26
Fork 12
Code Issues 79 Pull Requests 2 Projects 4 Wiki Activity

Adapted the server implementation to more reusable object, added more permission control. Resolved gh-230 by adding the full shtp integration

Browse Source
This commit is contained in:
Llewellyn van der Merwe
2018-02-19 14:52:08 +02:00
parent e857614608
commit 17195cd059
9 changed files with 444 additions and 164 deletions
Download Patch File Download Diff File Expand all files Collapse all files

232
site/helpers/componentbuilder.php
View File

@@ -1020,39 +1020,76 @@ abstract class ComponentbuilderHelper
}
/**
* the SFTP object
* the SFTP objects
**/
protected static $sftp = array();
/**
* the FTP objects
**/
protected static $ftp = array();
/**
* get the server object
*
* @param int $serverID The server local id to use
* @param int $protocol The server protocol to use
* @param string $permission The permission validation area
*
* @return object on success server object
**/
public static function getServer($serverID, $protocol, $permission = 'core.export')
{
// return the server object
switch ($protocol)
{
case 1: // FTP
return self::getFtp($serverID, $permission);
break;
case 2: // SFTP
return self::getSftp($serverID, $permission);
break;
}
return false;
}
/**
* get the sftp object
*
* @param int $serverID The server local id to use
* @param int $serverID The server local id to use
* @param string $permission The permission validation area
*
* @return object on success with sftp power
**/
public static function getSftp($serverID)
public static function getSftp($serverID, $permission = 'core.export')
{
// check if it was already set
if (!self::checkObject(self::$sftp[$serverID]))
// check if we have a server with that id
if ($server = self::getServerDetails($serverID, 2, $permission))
{
// check if we have a server with that id
if ($server = self::getServerDetails($serverID, 2))
// check if it was already set
if (!isset(self::$sftp[$server->cache]) || !self::checkObject(self::$sftp[$server->cache]))
{
// make sure we have the composer classes loaded
self::composerAutoload();
// make sure we have the phpseclib classes
if (!class_exists('\phpseclib\Net\SFTP'))
{
// class not in place so send out error
JFactory::getApplication()->enqueueMessage(JText::_('COM_COMPONENTBUILDER_THE_BPHPSECLIBNETSFTPB_LIBRARYCLASS_IS_NOT_AVAILABLE_THIS_LIBRARYCLASS_SHOULD_HAVE_BEEN_ADDED_TO_YOUR_ADMINHELPERSVENDOR_FOLDER_OF_JCB_PLEASE_CONTACT_YOUR_SYSTEM_ADMINISTRATOR_FOR_MORE_INFO'), 'Error');
return false;
}
// insure the port is set
$server->port = (isset($server->port) && is_int($server->port) && $server->port > 0) ? $server->port : 22;
// open the connection
self::$sftp[$serverID] = new phpseclib\Net\SFTP($server->host, $server->port);
self::$sftp[$server->cache] = new phpseclib\Net\SFTP($server->host, $server->port);
// now login based on authentication type
switch($server->authentication)
{
case 1: // password
// now login
if (!self::$sftp[$serverID]->login($server->username, $server->password))
if (!self::$sftp[$server->cache]->login($server->username, $server->password))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_AND_PASSWORD_ARE_CORRECT', $server->name), 'Error');
unset(self::$sftp[$server->cache]);
return false;
}
break;
@@ -1067,12 +1104,14 @@ abstract class ComponentbuilderHelper
if (!$rsa->loadKey(self::getFileContents($server->private, null)))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_PRIVATE_KEY_FILE_COULD_NOT_BE_LOADEDFOUND_FOR_BSB_SERVER', $server->name), 'Error');
unset(self::$sftp[$server->cache]);
return false;
}
// now login
if (!self::$sftp[$serverID]->login($server->username, $rsa))
if (!self::$sftp[$server->cache]->login($server->username, $rsa))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_AND_PRIVATE_KEY_FILE_ARE_CORRECT', $server->name), 'Error');
unset(self::$sftp[$server->cache]);
return false;
}
break;
@@ -1087,54 +1126,166 @@ abstract class ComponentbuilderHelper
if (!$rsa->loadKey(self::getFileContents($server->private, null)))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_PRIVATE_KEY_FILE_COULD_NOT_BE_LOADEDFOUND_FOR_BSB_SERVER', $server->name), 'Error');
unset(self::$sftp[$server->cache]);
return false;
}
// now login
if (!self::$sftp[$serverID]->login($server->username, $server->password, $rsa))
if (!self::$sftp[$server->cache]->login($server->username, $server->password, $rsa))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_PASSWORD_AND_PRIVATE_KEY_FILE_ARE_CORRECT', $server->name), 'Error');
unset(self::$sftp[$server->cache]);
return false;
}
break;
}
// set some defaults
self::$sftp[$serverID]->remote_server_name = $server->name;
self::$sftp[$serverID]->remote_server_path = (self::checkString($server->path) && $server->path !== '/') ? $server->path : '';
}
else
// only continue if object is set
if (isset(self::$sftp[$server->cache]) && self::checkObject(self::$sftp[$server->cache]))
{
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_SERVER_DETAILS_FOR_BSB_COULD_NOT_BE_RETRIEVED', $serverID), 'Error');
return false;
// set the unique buckets
if (!isset(self::$sftp[$server->cache]->remote_server_name))
{
self::$sftp[$server->cache]->remote_server_name = array();
self::$sftp[$server->cache]->remote_server_path = array();
}
// always set the name and remote server path
self::$sftp[$server->cache]->remote_server_name[$serverID] = $server->name;
self::$sftp[$server->cache]->remote_server_path[$serverID] = (self::checkString($server->path) && $server->path !== '/') ? $server->path : '';
// return the sftp object
return self::$sftp[$server->cache];
}
}
// return the sftp object
return self::$sftp[$serverID];
return false;
}
/**
* get the JClientFtp object
*
* @param int $serverID The server local id to use
* @param string $permission The permission validation area
*
* @return object on success with ftp power
**/
public static function getFtp($serverID, $permission)
{
// check if we have a server with that id
if ($server = self::getServerDetails($serverID, 1, $permission))
{
// check if we already have the server instance
if (isset(self::$ftp[$server->cache]) && self::$ftp[$server->cache] instanceof JClientFtp)
{
// always set the name and remote server path
self::$ftp[$server->cache]->remote_server_name[$serverID] = $server->name;
// if still connected we are ready to go
if (self::$ftp[$server->cache]->isConnected())
{
// return the FTP instance
return self::$ftp[$server->cache];
}
// check if we can reinitialise the server
if (self::$ftp[$server->cache]->reinit())
{
// return the FTP instance
return self::$ftp[$server->cache];
}
}
// make sure we have a string and it is not default or empty
if (self::checkString($server->signature))
{
// turn into variables
parse_str($server->signature); // because of this I am using strange variable naming to avoid any collisions.
// set options
if (isset($options) && self::checkArray($options))
{
foreach ($options as $o__p0t1on => $vAln3)
{
if ('timeout' === $o__p0t1on)
{
$options[$o__p0t1on] = (int) $vAln3;
}
if ('type' === $o__p0t1on)
{
$options[$o__p0t1on] = (string) $vAln3;
}
}
}
else
{
$options = array();
}
// get ftp object
if (isset($host) && $host != 'HOSTNAME' && isset($port) && $port != 'PORT_INT' && isset($username) && $username != 'user@name.com' && isset($password) && $password != 'password')
{
// load for reuse
self::$ftp[$server->cache] = JClientFtp::getInstance($host, $port, $options, $username, $password);
}
else
{
// load error to indicate signature was in error
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_FTP_SIGNATURE_FOR_BSB_WAS_NOT_WELL_FORMED_PLEASE_CHECK_YOUR_SIGNATURE_DETAILS', $server->name), 'Error');
return false;
}
// check if we are connected
if (self::$ftp[$server->cache] instanceof JClientFtp && self::$ftp[$server->cache]->isConnected())
{
// set the unique buckets
if (!isset(self::$ftp[$server->cache]->remote_server_name))
{
self::$ftp[$server->cache]->remote_server_name = array();
}
// always set the name and remote server path
self::$ftp[$server->cache]->remote_server_name[$serverID] = $server->name;
// return the FTP instance
return self::$ftp[$server->cache];
}
// reset since we have no connection
unset(self::$ftp[$server->cache]);
}
// load error to indicate signature was in error
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_FTP_CONNECTION_FOR_BSB_COULD_NOT_BE_MADE_PLEASE_CHECK_YOUR_SIGNATURE_DETAILS', $server->name), 'Error');
}
return false;
}
/**
* get the server details
*
* @param int $serverID The server local id to use
* @param int $protocol The server protocol to use
* @param int $serverID The server local id to use
* @param int $protocol The server protocol to use
* @param string $permission The permission validation area
*
* @return array on success with sftp server details
* @return object on success with server details
**/
protected static function getServerDetails($serverID, $protocol = 2)
public static function getServerDetails($serverID, $protocol = 2, $permission = 'core.export')
{
if (is_int($serverID) && is_int($serverID))
// check if this user has permission to access items
if (!JFactory::getUser()->authorise($permission, 'com_componentbuilder'))
{
// set message to inform the user that permission was denied
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_YOU_DO_NOT_HAVE_PERMISSION_TO_ACCESS_THE_SERVER_DETAILS_BS_DENIEDB_PLEASE_CONTACT_YOUR_SYSTEM_ADMINISTRATOR_FOR_MORE_INFO', self::safeString($permission, 'w')), 'Error');
return false;
}
// now insure we have correct values
if (is_int($serverID) && is_int($protocol))
{
// Get a db connection
$db = JFactory::getDbo();
// start the query
$query = $db->getQuery(true);
// select based to protocal
// select based to protocol
if (2 == $protocol)
{
// SFTP
$query->select($db->quoteName(array('name','authentication','username','host','password','path','port','private','secret')));
// cache builder
$cache = array('authentication','username','host','password','port','private','secret');
}
else
{
// FTP
$query->select($db->quoteName(array('name','signature')));
// cache builder
$cache = array('signature');
}
$query->from($db->quoteName('#__componentbuilder_server'));
$query->where($db->quoteName('id') . ' = ' . (int) $serverID);
@@ -1148,21 +1299,42 @@ abstract class ComponentbuilderHelper
$basickey = self::getCryptKey('basic');
// Get the encryption object.
$basic = new FOFEncryptAes($basickey, 128);
// start cache keys
$keys = array();
// unlock the needed fields
foreach($server as $name => $value)
foreach($server as $name => &$value)
{
if ($name !== 'name' && !empty($server->{$name}) && $basickey && !is_numeric($server->{$name}) && $server->{$name} === base64_encode(base64_decode($server->{$name}, true)))
// unlock the needed fields
if ($name !== 'name' && !empty($value) && $basickey && !is_numeric($value) && $value === base64_encode(base64_decode($value, true)))
{
// basic decrypt of data
$server->{$name} = rtrim($basic->decryptString($server->{$name}), "\0");
$value = rtrim($basic->decryptString($value), "\0");
}
// build cache (keys) for lower connection latency
if (in_array($name, $cache))
{
$keys[] = $value;
}
}
// check if cache keys were found
if (self::checkArray($keys))
{
// now set cache
$server->cache = md5(implode('', $keys));
}
else
{
// default is ID
$server->cache = $serverID;
}
// return the server details
return $server;
}
}
JFactory::getApplication()->enqueueMessage(JText::sprintf('COM_COMPONENTBUILDER_THE_SERVER_DETAILS_FOR_BID_SB_COULD_NOT_BE_RETRIEVED', $serverID), 'Error');
return false;
}
}
public static function jsonToString($value, $sperator = ", ", $table = null)
{

6
site/language/en-GB/en-GB.com_componentbuilder.ini
View File

@@ -37,18 +37,22 @@ COM_COMPONENTBUILDER_SINCE_THE_OWNER_DETAILS_ARE_DISPLAYED_DURING_BIMPORT_PROCES
COM_COMPONENTBUILDER_SINCE_THE_OWNER_DETAILS_ARE_DISPLAYED_DURING_IMPORT_PROCESS_BEFORE_ADDING_THE_KEY_THIS_WAY_IF_THE_USERDEV_DOES_NOT_HAVE_THE_KEY_THEY_CAN_SEE_WHERE_TO_GET_IT="Since the owner details are displayed during import process before adding the key, this way if the user/dev does not have the key they can see where to get it."
COM_COMPONENTBUILDER_THAT_MEANS_ANYONE_WHO_HAS_THIS_PACKAGE_CAN_INSTALL_IT_INTO_JCB_TO_ADD_AN_EXPORT_KEY_SIMPLY_OPEN_THE_COMPONENT_GO_TO_THE_TAB_CALLED_BSETTINGSB_BOTTOM_RIGHT_THERE_IS_A_FIELD_CALLED_BEXPORT_KEYB="That means anyone who has this package can install it into JCB. To add an export key simply open the component, go to the tab called <b>settings</b>, bottom right there is a field called <b>Export Key</b>."
COM_COMPONENTBUILDER_THAT_MEANS_ANYONE_WHO_HAS_THIS_PACKAGE_CAN_INSTALL_IT_INTO_JCB_TO_ADD_AN_EXPORT_KEY_SIMPLY_OPEN_THE_COMPONENT_GO_TO_THE_TAB_CALLED_SETTINGS_BOTTOM_RIGHT_THERE_IS_A_FIELD_CALLED_EXPORT_KEY="That means anyone who has this package can install it into JCB. To add an export key simply open the component, go to the tab called settings, bottom right there is a field called Export Key."
COM_COMPONENTBUILDER_THE_BPHPSECLIBNETSFTPB_LIBRARYCLASS_IS_NOT_AVAILABLE_THIS_LIBRARYCLASS_SHOULD_HAVE_BEEN_ADDED_TO_YOUR_ADMINHELPERSVENDOR_FOLDER_OF_JCB_PLEASE_CONTACT_YOUR_SYSTEM_ADMINISTRATOR_FOR_MORE_INFO="The <b>phpseclib\NET\SFTP</b> library\class is not available! This library\class should have been added to your admin/helpers/vendor folder of JCB. Please contact your system administrator for more info"
COM_COMPONENTBUILDER_THE_FTP_CONNECTION_FOR_BSB_COULD_NOT_BE_MADE_PLEASE_CHECK_YOUR_SIGNATURE_DETAILS="The FTP connection for <b>%s</b> could not be made. Please check your signature details!"
COM_COMPONENTBUILDER_THE_FTP_SIGNATURE_FOR_BSB_WAS_NOT_WELL_FORMED_PLEASE_CHECK_YOUR_SIGNATURE_DETAILS="The FTP signature for <b>%s</b> was not well formed, please check your signature details!"
COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_AND_PASSWORD_ARE_CORRECT="The login to <b>%s</b> has failed, please check that your username and password are correct!"
COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_AND_PRIVATE_KEY_FILE_ARE_CORRECT="The login to <b>%s</b> has failed, please check that your username and private key file are correct!"
COM_COMPONENTBUILDER_THE_LOGIN_TO_BSB_HAS_FAILED_PLEASE_CHECK_THAT_YOUR_USERNAME_PASSWORD_AND_PRIVATE_KEY_FILE_ARE_CORRECT="The login to <b>%s</b> has failed, please check that your username, password and private key file are correct!"
COM_COMPONENTBUILDER_THE_PACKAGE_KEY_IS_CODESCODE="The package key is: <code>%s</code>"
COM_COMPONENTBUILDER_THE_PACKAGE_KEY_IS_S="The package key is: %s"
COM_COMPONENTBUILDER_THE_PRIVATE_KEY_FILE_COULD_NOT_BE_LOADEDFOUND_FOR_BSB_SERVER="The private key file could not be loaded/found for <b>%s</b> server!"
COM_COMPONENTBUILDER_THE_SERVER_DETAILS_FOR_BSB_COULD_NOT_BE_RETRIEVED="The server details for <b>(%s)</b> could not be retrieved!"
COM_COMPONENTBUILDER_THE_SERVER_DETAILS_FOR_BID_SB_COULD_NOT_BE_RETRIEVED="The server details for <b>(ID: %s)</b> could not be retrieved!"
COM_COMPONENTBUILDER_THIS_PACKAGE_HAS_NO_KEY="This package has no key."
COM_COMPONENTBUILDER_TO_CHANGE_THE_PACKAGE_OWNER_DEFAULTS_OPEN_THE_BJCB_GLOBAL_OPTIONSB_GO_TO_THE_BCOMPANYB_TAB_AND_ADD_THE_CORRECT_COMPANY_DETAILS_THERE="To change the package owner defaults. Open the <b>JCB Global Options</b>, go to the <b>Company</b> tab and add the correct company details there."
COM_COMPONENTBUILDER_TO_CHANGE_THE_PACKAGE_OWNER_DEFAULTS_OPEN_THE_JCB_GLOBAL_OPTIONS_GO_TO_THE_COMPANY_TAB_AND_ADD_THE_CORRECT_COMPANY_DETAILS_THERE="To change the package owner defaults. Open the JCB Global Options, go to the Company tab and add the correct company details there."
COM_COMPONENTBUILDER_WEBSITE_S="Website: %s"
COM_COMPONENTBUILDER_YOUR_DATA_IS_ENCRYPTED_WITH_A_AES_ONE_HUNDRED_AND_TWENTY_EIGHT_BIT_ENCRYPTION_USING_THE_ABOVE_THIRTY_TWO_CHARACTER_KEY_WITHOUT_THIS_KEY_IT_WILL_TAKE_THE_CURRENT_TECHNOLOGY_WITH_A_BRUTE_FORCE_ATTACK_METHOD_MORE_THEN_A_HREFHTTPRANDOMIZECOMHOWLONGTOHACKPASS_TARGET_BLANK_TITLEHOW_LONG_TO_HACK_PASSSEVEN_HUNDRED_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZERO_ZEROA_YEARS_TO_CRACK_THEORETICALLY_UNLESS_THEY_HAVE_THIS_KEY_ABOVE_SO_DO_KEEP_IT_SAFE="Your data is encrypted with a AES 128 bit encryption using the above 32 character key. Without this key it will take the current technology with a brute force attack method more then <a href="http://random-ize.com/how-long-to-hack-pass/" target="_blank" title="How long to hack pass">700 000 000 000 000 000 000 000 000 000 000</a> years to crack theoretically. Unless they have this key above, so do keep it safe."
COM_COMPONENTBUILDER_YOU_DO_NOT_HAVE_PERMISSION_TO_ACCESS_THE_SERVER_DETAILS_BS_DENIEDB_PLEASE_CONTACT_YOUR_SYSTEM_ADMINISTRATOR_FOR_MORE_INFO="You do not have permission to access the server details (<b>%s - denied</b>), please contact your system administrator for more info."
COM_COMPONENTBUILDER_YOU_SHOULD_ADD_THE_CORRECT_OWNER_DETAILS="You should add the correct owner details."
COM_CONTENT_FIELD_MODIFIED_DESC="The last date this item was modified."
JGLOBAL_FIELD_ID_DESC="Record number in the database."