fixes for user permissions (#892)
This commit is contained in:
parent
82c4e9cf41
commit
121af0501a
12 changed files with 163 additions and 152 deletions
|
@ -33,6 +33,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
|
||||||
curl \
|
curl \
|
||||||
openjdk17-jre \
|
openjdk17-jre \
|
||||||
su-exec \
|
su-exec \
|
||||||
|
shadow \
|
||||||
# Doc conversion
|
# Doc conversion
|
||||||
libreoffice@testing \
|
libreoffice@testing \
|
||||||
# OCR MY PDF (unpaper for descew and other advanced featues)
|
# OCR MY PDF (unpaper for descew and other advanced featues)
|
||||||
|
|
|
@ -29,8 +29,10 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
|
||||||
tini \
|
tini \
|
||||||
bash \
|
bash \
|
||||||
curl \
|
curl \
|
||||||
|
gcc \
|
||||||
openjdk17-jre \
|
openjdk17-jre \
|
||||||
su-exec \
|
su-exec \
|
||||||
|
shadow \
|
||||||
# Doc conversion
|
# Doc conversion
|
||||||
libreoffice@testing \
|
libreoffice@testing \
|
||||||
# python and pip
|
# python and pip
|
||||||
|
|
|
@ -30,6 +30,7 @@ RUN mkdir /configs /logs /customFiles && \
|
||||||
bash \
|
bash \
|
||||||
curl \
|
curl \
|
||||||
su-exec \
|
su-exec \
|
||||||
|
shadow \
|
||||||
openjdk17-jre && \
|
openjdk17-jre && \
|
||||||
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
|
||||||
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
|
||||||
|
|
|
@ -12,7 +12,7 @@ plugins {
|
||||||
import com.github.jk1.license.render.*
|
import com.github.jk1.license.render.*
|
||||||
|
|
||||||
group = 'stirling.software'
|
group = 'stirling.software'
|
||||||
version = '0.22.0'
|
version = '0.22.1'
|
||||||
sourceCompatibility = '17'
|
sourceCompatibility = '17'
|
||||||
|
|
||||||
repositories {
|
repositories {
|
||||||
|
|
|
@ -21,6 +21,9 @@ services:
|
||||||
environment:
|
environment:
|
||||||
DOCKER_ENABLE_SECURITY: "true"
|
DOCKER_ENABLE_SECURITY: "true"
|
||||||
SECURITY_ENABLELOGIN: "true"
|
SECURITY_ENABLELOGIN: "true"
|
||||||
|
PUID: 1002
|
||||||
|
GGID: 1002
|
||||||
|
UMASK: "022"
|
||||||
SYSTEM_DEFAULTLOCALE: en-US
|
SYSTEM_DEFAULTLOCALE: en-US
|
||||||
UI_APPNAME: Stirling-PDF
|
UI_APPNAME: Stirling-PDF
|
||||||
UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security
|
UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security
|
||||||
|
|
|
@ -5,19 +5,18 @@ if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
|
||||||
usermod -o -u "$PUID" stirlingpdfuser
|
usermod -o -u "$PUID" stirlingpdfuser
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -z "$PGID" ] && [ "$PGID" != "$(id -g stirlingpdfgroup)" ]; then
|
if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
|
||||||
groupmod -o -g "$PGID" stirlingpdfgroup
|
groupmod -o -g "$PGID" stirlingpdfgroup
|
||||||
fi
|
fi
|
||||||
umask "$UMASK"
|
umask "$UMASK"
|
||||||
|
|
||||||
echo "Setting permissions and ownership for necessary directories..."
|
echo "Setting permissions and ownership for necessary directories..."
|
||||||
chown -R stirlingpdfuser:stirlingpdfgroup /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
|
chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
|
||||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
|
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
|
||||||
if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
|
if [[ "$INSTALL_BOOK_AND_ADVANCED_HTML_OPS" == "true" ]]; then
|
||||||
apk add --no-cache calibre@testing
|
apk add --no-cache calibre@testing
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
/scripts/download-security-jar.sh
|
/scripts/download-security-jar.sh
|
||||||
|
|
||||||
# Run the main command
|
# Run the main command
|
||||||
|
|
|
@ -13,20 +13,20 @@ if [ -d /usr/share/tesseract-ocr/5/tessdata ]; then
|
||||||
cp -r /usr/share/tesseract-ocr/5/tessdata/* /usr/share/tessdata || true;
|
cp -r /usr/share/tesseract-ocr/5/tessdata/* /usr/share/tessdata || true;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
# Update the user and group IDs as per environment variables
|
# Update the user and group IDs as per environment variables
|
||||||
if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
|
if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
|
||||||
usermod -o -u "$PUID" stirlingpdfuser
|
usermod -o -u "$PUID" stirlingpdfuser
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! -z "$PGID" ] && [ "$PGID" != "$(id -g stirlingpdfgroup)" ]; then
|
|
||||||
|
if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
|
||||||
groupmod -o -g "$PGID" stirlingpdfgroup
|
groupmod -o -g "$PGID" stirlingpdfgroup
|
||||||
fi
|
fi
|
||||||
umask "$UMASK"
|
umask "$UMASK"
|
||||||
|
|
||||||
echo "Setting permissions and ownership for necessary directories..."
|
echo "Setting permissions and ownership for necessary directories..."
|
||||||
chown -R stirlingpdfuser:stirlingpdfgroup /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
|
chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
|
||||||
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
|
chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -60,6 +60,5 @@ public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationF
|
||||||
return user.isPresent()
|
return user.isPresent()
|
||||||
&& user.get().getAuthorities().stream()
|
&& user.get().getAuthorities().stream()
|
||||||
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
|
.anyMatch(authority -> "ROLE_DEMO_USER".equals(authority.getAuthority()));
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,10 +66,11 @@ public class SecurityConfiguration {
|
||||||
sessionManagement ->
|
sessionManagement ->
|
||||||
sessionManagement
|
sessionManagement
|
||||||
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
|
||||||
.maximumSessions(3)
|
.maximumSessions(10)
|
||||||
.maxSessionsPreventsLogin(true)
|
.maxSessionsPreventsLogin(false)
|
||||||
.sessionRegistry(sessionRegistry())
|
.sessionRegistry(sessionRegistry())
|
||||||
.expiredUrl("/login?logout=true"));
|
.expiredUrl("/login?logout=true"));
|
||||||
|
|
||||||
http.formLogin(
|
http.formLogin(
|
||||||
formLogin ->
|
formLogin ->
|
||||||
formLogin
|
formLogin
|
||||||
|
@ -92,8 +93,7 @@ public class SecurityConfiguration {
|
||||||
.addLogoutHandler(
|
.addLogoutHandler(
|
||||||
(request, response, authentication) -> {
|
(request, response, authentication) -> {
|
||||||
HttpSession session =
|
HttpSession session =
|
||||||
request.getSession(
|
request.getSession(false);
|
||||||
false);
|
|
||||||
if (session != null) {
|
if (session != null) {
|
||||||
String sessionId = session.getId();
|
String sessionId = session.getId();
|
||||||
sessionRegistry()
|
sessionRegistry()
|
||||||
|
|
|
@ -56,8 +56,8 @@ public class UserController {
|
||||||
@PostMapping("/change-username")
|
@PostMapping("/change-username")
|
||||||
public RedirectView changeUsername(
|
public RedirectView changeUsername(
|
||||||
Principal principal,
|
Principal principal,
|
||||||
@RequestParam String currentPassword,
|
@RequestParam(name = "currentPassword") String currentPassword,
|
||||||
@RequestParam String newUsername,
|
@RequestParam(name = "newUsername") String newUsername,
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
HttpServletResponse response,
|
HttpServletResponse response,
|
||||||
RedirectAttributes redirectAttributes) {
|
RedirectAttributes redirectAttributes) {
|
||||||
|
@ -95,8 +95,8 @@ public class UserController {
|
||||||
@PostMapping("/change-password-on-login")
|
@PostMapping("/change-password-on-login")
|
||||||
public RedirectView changePasswordOnLogin(
|
public RedirectView changePasswordOnLogin(
|
||||||
Principal principal,
|
Principal principal,
|
||||||
@RequestParam String currentPassword,
|
@RequestParam(name = "currentPassword") String currentPassword,
|
||||||
@RequestParam String newPassword,
|
@RequestParam(name = "newPassword") String newPassword,
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
HttpServletResponse response,
|
HttpServletResponse response,
|
||||||
RedirectAttributes redirectAttributes) {
|
RedirectAttributes redirectAttributes) {
|
||||||
|
@ -128,8 +128,8 @@ public class UserController {
|
||||||
@PostMapping("/change-password")
|
@PostMapping("/change-password")
|
||||||
public RedirectView changePassword(
|
public RedirectView changePassword(
|
||||||
Principal principal,
|
Principal principal,
|
||||||
@RequestParam String currentPassword,
|
@RequestParam(name = "currentPassword") String currentPassword,
|
||||||
@RequestParam String newPassword,
|
@RequestParam(name = "newPassword") String newPassword,
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
HttpServletResponse response,
|
HttpServletResponse response,
|
||||||
RedirectAttributes redirectAttributes) {
|
RedirectAttributes redirectAttributes) {
|
||||||
|
@ -180,9 +180,9 @@ public class UserController {
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||||
@PostMapping("/admin/saveUser")
|
@PostMapping("/admin/saveUser")
|
||||||
public RedirectView saveUser(
|
public RedirectView saveUser(
|
||||||
@RequestParam String username,
|
@RequestParam(name = "username") String username,
|
||||||
@RequestParam String password,
|
@RequestParam(name = "password") String password,
|
||||||
@RequestParam String role,
|
@RequestParam(name = "role") String role,
|
||||||
@RequestParam(name = "forceChange", required = false, defaultValue = "false")
|
@RequestParam(name = "forceChange", required = false, defaultValue = "false")
|
||||||
boolean forceChange) {
|
boolean forceChange) {
|
||||||
|
|
||||||
|
@ -207,7 +207,8 @@ public class UserController {
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
||||||
@PostMapping("/admin/deleteUser/{username}")
|
@PostMapping("/admin/deleteUser/{username}")
|
||||||
public RedirectView deleteUser(@PathVariable String username, Authentication authentication) {
|
public RedirectView deleteUser(
|
||||||
|
@PathVariable(name = "username") String username, Authentication authentication) {
|
||||||
|
|
||||||
if (!userService.usernameExists(username)) {
|
if (!userService.usernameExists(username)) {
|
||||||
return new RedirectView("/addUsers?messageType=deleteUsernameExists");
|
return new RedirectView("/addUsers?messageType=deleteUsernameExists");
|
||||||
|
|
|
@ -142,7 +142,8 @@ public class ExtractImageScansController {
|
||||||
.runCommandWithOutputHandling(command);
|
.runCommandWithOutputHandling(command);
|
||||||
|
|
||||||
// Read the output photos in temp directory
|
// Read the output photos in temp directory
|
||||||
List<Path> tempOutputFiles = Files.list(tempDir).sorted().collect(Collectors.toList());
|
List<Path> tempOutputFiles =
|
||||||
|
Files.list(tempDir).sorted().collect(Collectors.toList());
|
||||||
for (Path tempOutputFile : tempOutputFiles) {
|
for (Path tempOutputFile : tempOutputFiles) {
|
||||||
byte[] imageBytes = Files.readAllBytes(tempOutputFile);
|
byte[] imageBytes = Files.readAllBytes(tempOutputFile);
|
||||||
processedImageBytes.add(imageBytes);
|
processedImageBytes.add(imageBytes);
|
||||||
|
@ -153,7 +154,8 @@ public class ExtractImageScansController {
|
||||||
|
|
||||||
// Create zip file if multiple images
|
// Create zip file if multiple images
|
||||||
if (processedImageBytes.size() > 1) {
|
if (processedImageBytes.size() > 1) {
|
||||||
String outputZipFilename = fileName.replaceFirst("[.][^.]+$", "") + "_processed.zip";
|
String outputZipFilename =
|
||||||
|
fileName.replaceFirst("[.][^.]+$", "") + "_processed.zip";
|
||||||
tempZipFile = Files.createTempFile("output_", ".zip");
|
tempZipFile = Files.createTempFile("output_", ".zip");
|
||||||
|
|
||||||
try (ZipOutputStream zipOut =
|
try (ZipOutputStream zipOut =
|
||||||
|
@ -189,7 +191,8 @@ public class ExtractImageScansController {
|
||||||
}
|
}
|
||||||
} finally {
|
} finally {
|
||||||
// Cleanup logic for all temporary files and directories
|
// Cleanup logic for all temporary files and directories
|
||||||
tempImageFiles.forEach(path -> {
|
tempImageFiles.forEach(
|
||||||
|
path -> {
|
||||||
try {
|
try {
|
||||||
Files.deleteIfExists(path);
|
Files.deleteIfExists(path);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
@ -205,7 +208,8 @@ public class ExtractImageScansController {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
tempDirs.forEach(dir -> {
|
tempDirs.forEach(
|
||||||
|
dir -> {
|
||||||
try {
|
try {
|
||||||
FileUtils.deleteDirectory(dir.toFile());
|
FileUtils.deleteDirectory(dir.toFile());
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|
3
test.sh
3
test.sh
|
@ -18,7 +18,8 @@ check_health() {
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
echo -e "\n$service_name is healthy!"
|
echo -e "\n$service_name is healthy!"
|
||||||
|
echo "Printing logs for $service_name:"
|
||||||
|
docker logs "$service_name"
|
||||||
return 0
|
return 0
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue