fixes for user permissions (#892)

2024-03-09 14:03:46 +00:00 · 2024-03-09 14:03:46 +00:00 · 121af0501a
commit 121af0501a
parent 82c4e9cf41
12 changed files with 163 additions and 152 deletions
--- a/1
+++ b/1
@ -33,6 +33,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        curl \
        openjdk17-jre \
        su-exec \
        shadow \
 # Doc conversion
        libreoffice@testing \
 # OCR MY PDF (unpaper for descew and other advanced featues)
--- a/2
+++ b/2
@ -29,8 +29,10 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        tini \
        bash \
        curl \
        gcc \
        openjdk17-jre \
        su-exec \
        shadow \
 # Doc conversion
   libreoffice@testing \
 # python and pip
--- a/1
+++ b/1
@ -30,6 +30,7 @@ RUN mkdir /configs /logs /customFiles && \
        bash \
        curl \
        su-exec \
        shadow \
        openjdk17-jre && \
    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
--- a/build.gradle
+++ b/build.gradle
@ -12,7 +12,7 @@ plugins {
 import com.github.jk1.license.render.*
 group = 'stirling.software'
-version = '0.22.0'
+version = '0.22.1'
 sourceCompatibility = '17'
 repositories {
--- a/exampleYmlFiles/docker-compose-latest-security.yml
+++ b/exampleYmlFiles/docker-compose-latest-security.yml
@ -21,6 +21,9 @@ services:
    environment:
      DOCKER_ENABLE_SECURITY: "true"
      SECURITY_ENABLELOGIN: "true"
      PUID: 1002
      GGID: 1002
      UMASK: "022"
      SYSTEM_DEFAULTLOCALE: en-US
      UI_APPNAME: Stirling-PDF
      UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security
--- a/scripts/init-without-ocr.sh
+++ b/scripts/init-without-ocr.sh
@ -5,19 +5,18 @@ if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
    usermod -o -u "$PUID" stirlingpdfuser
 fi
-if [ ! -z "$PGID" ] && [ "$PGID" != "$(id -g stirlingpdfgroup)" ]; then
+if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
    groupmod -o -g "$PGID" stirlingpdfgroup
 fi
 umask "$UMASK"
 echo "Setting permissions and ownership for necessary directories..."
-chown -R stirlingpdfuser:stirlingpdfgroup /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
+chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
-chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
+chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
 if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
  apk add --no-cache calibre@testing
 fi
 /scripts/download-security-jar.sh
 # Run the main command
--- a/scripts/init.sh
+++ b/scripts/init.sh
@ -13,20 +13,20 @@ if [ -d /usr/share/tesseract-ocr/5/tessdata ]; then
        cp -r /usr/share/tesseract-ocr/5/tessdata/* /usr/share/tessdata || true;
 fi
 # Update the user and group IDs as per environment variables
 if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
    usermod -o -u "$PUID" stirlingpdfuser
 fi
-if [ ! -z "$PGID" ] && [ "$PGID" != "$(id -g stirlingpdfgroup)" ]; then
+
 if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
    groupmod -o -g "$PGID" stirlingpdfgroup
 fi
 umask "$UMASK"
 echo "Setting permissions and ownership for necessary directories..."
-chown -R stirlingpdfuser:stirlingpdfgroup /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
+chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
-chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
+chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
--- a/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
+++ b/src/main/java/stirling/software/SPDF/config/security/CustomAuthenticationFailureHandler.java
@ -60,6 +60,5 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
        return user.isPresent()
                && user.get().getAuthorities().stream()
                        .anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
    }
 }
--- a/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
+++ b/src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java
@ -66,10 +66,11 @@ public class SecurityConfiguration {
                    sessionManagement ->
                            sessionManagement
                                    .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
-                                    .maximumSessions(3)
+                                    .maximumSessions(10)
-                                    .maxSessionsPreventsLogin(true)
+                                    .maxSessionsPreventsLogin(false)
                                    .sessionRegistry(sessionRegistry())
                                    .expiredUrl("/login?logout=true"));
            http.formLogin(
                            formLogin ->
                                    formLogin
@ -92,8 +93,7 @@ public class SecurityConfiguration {
                                            .addLogoutHandler(
                                                    (request, response, authentication) -> {
                                                        HttpSession session =
-                                                                request.getSession(
+                                                                request.getSession(false);
                                                                        false); 
                                                        if (session != null) {
                                                            String sessionId = session.getId();
                                                            sessionRegistry()
--- a/src/main/java/stirling/software/SPDF/controller/api/UserController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/UserController.java
@ -56,8 +56,8 @@ public class UserController {
    @PostMapping("/change-username")
    public RedirectView changeUsername(
            Principal principal,
-            @RequestParam String currentPassword,
+            @RequestParam(name = "currentPassword") String currentPassword,
-            @RequestParam String newUsername,
+            @RequestParam(name = "newUsername") String newUsername,
            HttpServletRequest request,
            HttpServletResponse response,
            RedirectAttributes redirectAttributes) {
@ -95,8 +95,8 @@ public class UserController {
    @PostMapping("/change-password-on-login")
    public RedirectView changePasswordOnLogin(
            Principal principal,
-            @RequestParam String currentPassword,
+            @RequestParam(name = "currentPassword") String currentPassword,
-            @RequestParam String newPassword,
+            @RequestParam(name = "newPassword") String newPassword,
            HttpServletRequest request,
            HttpServletResponse response,
            RedirectAttributes redirectAttributes) {
@ -128,8 +128,8 @@ public class UserController {
    @PostMapping("/change-password")
    public RedirectView changePassword(
            Principal principal,
-            @RequestParam String currentPassword,
+            @RequestParam(name = "currentPassword") String currentPassword,
-            @RequestParam String newPassword,
+            @RequestParam(name = "newPassword") String newPassword,
            HttpServletRequest request,
            HttpServletResponse response,
            RedirectAttributes redirectAttributes) {
@ -180,9 +180,9 @@ public class UserController {
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @PostMapping("/admin/saveUser")
    public RedirectView saveUser(
-            @RequestParam String username,
+            @RequestParam(name = "username") String username,
-            @RequestParam String password,
+            @RequestParam(name = "password") String password,
-            @RequestParam String role,
+            @RequestParam(name = "role") String role,
            @RequestParam(name = "forceChange", required = false, defaultValue = "false")
                    boolean forceChange) {
@ -207,7 +207,8 @@ public class UserController {
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    @PostMapping("/admin/deleteUser/{username}")
-    public RedirectView deleteUser(@PathVariable String username, Authentication authentication) {
+    public RedirectView deleteUser(
            @PathVariable(name = "username") String username, Authentication authentication) {
        if (!userService.usernameExists(username)) {
            return new RedirectView("/addUsers?messageType=deleteUsernameExists");
--- a/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImageScansController.java
+++ b/src/main/java/stirling/software/SPDF/controller/api/misc/ExtractImageScansController.java
@ -142,7 +142,8 @@ public class ExtractImageScansController {
                                .runCommandWithOutputHandling(command);
                // Read the output photos in temp directory
-	            List<Path> tempOutputFiles = Files.list(tempDir).sorted().collect(Collectors.toList());
+                List<Path> tempOutputFiles =
                        Files.list(tempDir).sorted().collect(Collectors.toList());
                for (Path tempOutputFile : tempOutputFiles) {
                    byte[] imageBytes = Files.readAllBytes(tempOutputFile);
                    processedImageBytes.add(imageBytes);
@ -153,7 +154,8 @@ public class ExtractImageScansController {
            // Create zip file if multiple images
            if (processedImageBytes.size() > 1) {
-	            String outputZipFilename = fileName.replaceFirst("[.][^.]+$", "") + "_processed.zip";
+                String outputZipFilename =
                        fileName.replaceFirst("[.][^.]+$", "") + "_processed.zip";
                tempZipFile = Files.createTempFile("output_", ".zip");
                try (ZipOutputStream zipOut =
@ -189,7 +191,8 @@ public class ExtractImageScansController {
            }
        } finally {
            // Cleanup logic for all temporary files and directories
-            tempImageFiles.forEach(path -> {
+            tempImageFiles.forEach(
                    path -> {
                        try {
                            Files.deleteIfExists(path);
                        } catch (IOException e) {
@ -205,7 +208,8 @@ public class ExtractImageScansController {
                }
            }
-            tempDirs.forEach(dir -> {
+            tempDirs.forEach(
                    dir -> {
                        try {
                            FileUtils.deleteDirectory(dir.toFile());
                        } catch (IOException e) {
--- a/test.sh
+++ b/test.sh
@ -18,7 +18,8 @@ check_health() {
 		fi
 	done
 	echo -e "\n$service_name is healthy!"
-
+	echo "Printing logs for $service_name:"
    docker logs "$service_name"
    return 0
 }