Skip to content

Commit

Permalink
3.1.2
Browse files Browse the repository at this point in the history 
FInalizing removal of tp.config.php file
Potential fix for #4317
  • Loading branch information
@nilsteampassnet
nilsteampassnet committed Sep 22, 2024
1 parent 4b2938e commit e808c29
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 10 deletions.
2 changes: 1 addition & 1 deletion includes/config/include.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

define('TP_VERSION', '3.1.2');
define("UPGRADE_MIN_DATE", "1724862801");
define('TP_VERSION_MINOR', '92');
define('TP_VERSION_MINOR', '93');
define('TP_TOOL_NAME', 'Teampass');
define('TP_ONE_DAY_SECONDS', 86400);
define('TP_ONE_WEEK_SECONDS', 604800);
Expand Down
2 changes: 1 addition & 1 deletion includes/tables_integrity.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
},
{
"table_name": "background_tasks_logs",
"structure_hash": "0a2acfbbec853162208bd454c631125b473c7da6d477b79eae465fdde97bece9"
"structure_hash": "70822c07c41f81f0bd62854cc32b2925089015fcc1073c54cc15fd25547bc099"
},
{
"table_name": "cache",
Expand Down
10 changes: 5 additions & 5 deletions install/install.queries.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -714,7 +714,7 @@ function encryptFollowingDefuse($message, $ascii_key)
"INSERT INTO `" . $var['tbl_prefix'] . "misc`
(`type`, `intitule`, `valeur`, `created_at`) VALUES
('" . $elem[0] . "', '" . $elem[1] . "', '" .
str_replace("'", '', $elem[2]) . "', '" . time() . "');"
str_replace("'", '', $elem[2]) . "', '" . $elem[1] . "');"
); // or die(mysqli_error($dbTmp))
}
}
Expand Down Expand Up @@ -836,7 +836,7 @@ function encryptFollowingDefuse($message, $ascii_key)
if ($tmp === 0) {
$mysqli_result = mysqli_query(
$dbTmp,
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `admin`, `gestionnaire`, `personal_folder`, `groupes_visibles`, `email`, `encrypted_psk`, `last_pw_change`, `name`, `lastname`, `can_create_root_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`) VALUES ('1', 'admin', '" . $hashedPassword . "', '1', '0', '0', '0', '" . $var['admin_email'] . "', '', '" . time() . "', 'Change me', 'Change me', '1', 'none', 'none', '1', '1')"
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `admin`, `gestionnaire`, `personal_folder`, `groupes_visibles`, `email`, `encrypted_psk`, `last_pw_change`, `name`, `lastname`, `can_create_root_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`, `created_at`) VALUES ('1', 'admin', '" . $hashedPassword . "', '1', '0', '0', '0', '" . $var['admin_email'] . "', '', '" . time() . "', 'Change me', 'Change me', '1', 'none', 'none', '1', '1', '" . time() . "')"
);
} else {
$mysqli_result = mysqli_query($dbTmp, 'UPDATE `' . $var['tbl_prefix'] . "users` SET `pw` = '" . $hashedPassword . "' WHERE login = 'admin' AND id = '1'");
Expand All @@ -847,7 +847,7 @@ function encryptFollowingDefuse($message, $ascii_key)
if ($tmp === 0) {
$mysqli_result = mysqli_query(
$dbTmp,
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `is_ready_for_usage`, `otp_provided`) VALUES ('" . API_USER_ID . "', 'API', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '0', '1')"
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `is_ready_for_usage`, `otp_provided`, `created_at`) VALUES ('" . API_USER_ID . "', 'API', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '0', '1', '" . time() . "')"
);
}

Expand All @@ -856,7 +856,7 @@ function encryptFollowingDefuse($message, $ascii_key)
if ($tmp === 0) {
$mysqli_result = mysqli_query(
$dbTmp,
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `is_ready_for_usage`, `otp_provided`) VALUES ('" . OTV_USER_ID . "', 'OTV', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '0', '1')"
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `is_ready_for_usage`, `otp_provided`, `created_at`) VALUES ('" . OTV_USER_ID . "', 'OTV', '', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '0', '1', '" . time() . "')"
);
}
} elseif ($task === 'tags') {
Expand Down Expand Up @@ -1487,7 +1487,7 @@ function encryptFollowingDefuse($message, $ascii_key)

$mysqli_result = mysqli_query(
$dbTmp,
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`) VALUES ('" . TP_USER_ID . "', 'TP', '".$encrypted_pwd."', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '".$userKeys['public_key']."', '".$userKeys['private_key']."', '1', '1')"
"INSERT INTO `" . $var['tbl_prefix'] . "users` (`id`, `login`, `pw`, `groupes_visibles`, `derniers`, `key_tempo`, `last_pw_change`, `last_pw`, `admin`, `fonction_id`, `groupes_interdits`, `last_connexion`, `gestionnaire`, `email`, `favourites`, `latest_items`, `personal_folder`, `public_key`, `private_key`, `is_ready_for_usage`, `otp_provided`, `created_at`) VALUES ('" . TP_USER_ID . "', 'TP', '".$encrypted_pwd."', '', '', '', '', '', '1', '', '', '', '0', '', '', '', '0', '".$userKeys['public_key']."', '".$userKeys['private_key']."', '1', '1', '" . time() . "')"
);
}

Expand Down
2 changes: 1 addition & 1 deletion sources/identify.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2355,7 +2355,7 @@ function shouldUserAuthWithOauth2(
// Security issue without this return if an user auth_type == oauth2 and
// oauth2 disabled : we can login as a valid user by using hashUserId(username)
// as password in the login the form.
if ((int) $SETTINGS['oauth2_enabled'] !== 1) {
if ((int) $SETTINGS['oauth2_enabled'] !== 1 && (string) $userInfo['auth_type'] === 'oauth2') {
return [
'error' => true,
'message' => 'user_not_allowed_to_auth_to_teampass_app',
Expand Down
4 changes: 2 additions & 2 deletions vendor/teampassclasses/configmanager/src/ConfigManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -93,7 +93,7 @@ public function loadSettingsFromDB(): array
{
// Do we have a settings file?
$settingsFile = __DIR__ . '/../../../../includes/config/settings.php';
if (!file_exists($settingsFile)) {
if (!file_exists($settingsFile) || empty(DB_HOST) === true) {
return [];
}

Expand Down Expand Up @@ -123,7 +123,7 @@ public function getLastModificationTimestamp(): string|null
{
// Do we have a settings file?
$settingsFile = __DIR__ . '/../../../../includes/config/settings.php';
if (!file_exists($settingsFile)) {
if (!file_exists($settingsFile) || empty(DB_HOST) === true) {
return "";
}

Expand Down

0 comments on commit e808c29

Please sign in to comment.