Fixes proposed after review

mreid-tt · mreid-tt · commit aa249684d57e · 2023-12-03T13:11:51.000-04:00
diff --git a/spk/ffsync/src/service-setup.sh b/spk/ffsync/src/service-setup.sh
@@ -60,13 +60,15 @@ service_postinst ()
 
 
     if [ "${SYNOPKG_PKG_STATUS}" = "INSTALL" ]; then
+        # Generate database password for database user
+        DBPASS=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9!#$%^&*()_+{}<>?=' | fold -w 10 | grep -E '[a-z]' | grep -E '[A-Z]' | grep -E '[0-9]' | grep -E '[!#$%^&*()_+{}<>?=]' | head -n 1)
     
         echo ${separator}
         echo "Set up the databases"
         # login as root sql user using whatever creds you set up for that
         # this sets up a user for sync storage and sets up the databases
         ${MYSQL} -u root -p"${wizard_mysql_password_root}" <<EOF
-CREATE USER "${DBUSER}"@"localhost" IDENTIFIED BY "${wizard_password_ffsync}";
+CREATE USER "${DBUSER}"@"localhost" IDENTIFIED BY "${DBPASS}";
 CREATE DATABASE syncstorage_rs;
 CREATE DATABASE tokenserver_rs;
 GRANT ALL PRIVILEGES on syncstorage_rs.* to ${DBUSER}@localhost;
@@ -77,23 +79,23 @@ EOF
         echo "Run database migrations"
 
         echo "Run migrations for syncstorage_rs"
-        ${DIESEL} --database-url "mysql://${DBUSER}:${wizard_password_ffsync}@${DBSERVER}/syncstorage_rs" \
+        ${DIESEL} --database-url "mysql://${DBUSER}:${DBPASS}@${DBSERVER}/syncstorage_rs" \
             migration --migration-dir ${SYNOPKG_PKGDEST}/syncstorage-mysql/migrations run
 
         echo "Run migrations for tokenserver_rs"
-        ${DIESEL} --database-url "mysql://${DBUSER}:${wizard_password_ffsync}@${DBSERVER}/tokenserver_rs" \
+        ${DIESEL} --database-url "mysql://${DBUSER}:${DBPASS}@${DBSERVER}/tokenserver_rs" \
             migration --migration-dir ${SYNOPKG_PKGDEST}/tokenserver-db/migrations run
 
         echo ${separator}
         echo "Add sync endpoint to database"
-        ${MYSQL} -u ${DBUSER} -p"${wizard_password_ffsync}" <<EOF
+        ${MYSQL} -u ${DBUSER} -p"${DBPASS}" <<EOF
 USE tokenserver_rs
 INSERT INTO services (id, service, pattern) VALUES
     (1, "sync-1.5", "{node}/1.5/{uid}");
 EOF
 
         echo "Add syncserver node"
-        ${MYSQL} -u ${DBUSER} -p"${wizard_password_ffsync}" <<EOF
+        ${MYSQL} -u ${DBUSER} -p"${DBPASS}" <<EOF
 USE tokenserver_rs
 INSERT INTO nodes (id, service, node, available, current_load, capacity, downed, backoff) VALUES
     (1, 1, "${wizard_ffsync_public_url}", 1, 0, 4, 0, 0);
@@ -105,14 +107,11 @@ EOF
         MASTER_SECRET="$(cat /dev/urandom | base64 | head -c64)"
         METRICS_HASH_SECRET="$(cat /dev/urandom | base64 | head -c64)"
 
-        # Escape vertical bars in the replacement values
-        WIZARD_PASSWORD=$(echo "${wizard_password_ffsync}" | sed 's/|/\\|/g')
-
         # Perform replacements using sed with | as the delimiter
         sed -e "s|{{MASTER_SECRET}}|${MASTER_SECRET}|g"             \
             -e "s|{{TCP_PORT}}|${SERVICE_PORT}|g"                   \
             -e "s|{{SQL_USER}}|${DBUSER}|g"                         \
-            -e "s|{{SQL_PASS}}|${WIZARD_PASSWORD}|g"                \
+            -e "s|{{SQL_PASS}}|${DBPASS}|g"                \
             -e "s|{{DB_SERVER}}|${DBSERVER}|g"                      \
             -e "s|{{METRICS_HASH_SECRET}}|${METRICS_HASH_SECRET}|g" \
             -i "${CFG_FILE}"
@@ -126,23 +125,35 @@ validate_preuninst ()
         echo "Incorrect MySQL root password"
         exit 1
     fi
-    # Check database export location
+    # Check if database export path is specified
     if [ "${SYNOPKG_PKG_STATUS}" = "UNINSTALL" ] && [ -n "${wizard_dbexport_path}" ]; then
-        if [ -f "${wizard_dbexport_path}" ] || [ -e "${wizard_dbexport_path}/${DBUSER}.sql" ]; then
-            echo "File ${wizard_dbexport_path}/${DBUSER}.sql already exists. Please remove or choose a different location"
+        if [ ! -d "${wizard_dbexport_path}" ]; then
+            # If the export path directory does not exist, create it
+            mkdir -p "${wizard_dbexport_path}" || {
+                # If mkdir fails, print an error message and exit
+                echo "Error: Unable to create directory ${wizard_dbexport_path}. Check permissions."
+                exit 1
+            }
+        elif [ ! -w "${wizard_dbexport_path}" ]; then
+            # If the export path directory is not writable, print an error message and exit
+            echo "Error: Unable to write to directory ${wizard_dbexport_path}. Check permissions."
             exit 1
         fi
+        if [ -e "$wizard_dbexport_path/syncstorage_rs.sql" ] || [ -e "$wizard_dbexport_path/tokenserver_rs.sql" ]; then
+            # If either syncstorage_rs.sql or tokenserver_rs.sql already exists, print an error message and exit
+            echo "File syncstorage_rs.sql or tokenserver_rs.sql already exists in ${wizard_dbexport_path}. Please remove or choose a different location"
+            exit 1
+        fi
+        # If everything is okay, perform database dumps
+        ${MYSQLDUMP} -u root -p"${wizard_mysql_password_root}" syncstorage_rs > "${wizard_dbexport_path}/syncstorage_rs.sql"
+        ${MYSQLDUMP} -u root -p"${wizard_mysql_password_root}" tokenserver_rs > "${wizard_dbexport_path}/tokenserver_rs.sql"
     fi
 }
 
 service_postuninst ()
 {
     # Export and remove database
     if [ "${SYNOPKG_PKG_STATUS}" = "UNINSTALL" ]; then
-        if [ -n "${wizard_dbexport_path}" ]; then
-            mkdir -p ${wizard_dbexport_path}
-            ${MYSQLDUMP} -u root -p"${wizard_mysql_password_root}" ${DBUSER} > ${wizard_dbexport_path}/${DBUSER}.sql
-        fi
         ${MYSQL} -u root -p"${wizard_mysql_password_root}" -e "DROP DATABASE syncstorage_rs; DROP DATABASE tokenserver_rs; DROP USER '${DBUSER}'@'localhost';"
     fi
 }
diff --git a/spk/ffsync/src/wizard/install_uifile.sh b/spk/ffsync/src/wizard/install_uifile.sh
@@ -16,30 +16,6 @@ page_append ()
     fi
 }
 
-getRootPasswordValidator()
-{
-    validator=$(/bin/cat<<EOF
-{
-    var password = arguments[0];
-    return -1 !== password.search("(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[^A-Za-z0-9])(?=.{10,})") && ! password.includes("root");
-}
-EOF
-)
-    echo "$validator" | quote_json
-}
-
-getUserPasswordValidator()
-{
-    validator=$(/bin/cat<<EOF
-{
-    var password = arguments[0];
-    return -1 !== password.search("(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[^A-Za-z0-9])(?=.{10,})") && ! password.includes("ffsync");
-}
-EOF
-)
-    echo "$validator" | quote_json
-}
-
 PAGE_FFSYNC_SETUP=$(/bin/cat<<EOF
 {
     "step_title": "Firefox Sync Server 1.5 database configuration",
@@ -50,20 +26,8 @@ PAGE_FFSYNC_SETUP=$(/bin/cat<<EOF
         "subitems": [{
             "key": "wizard_mysql_password_root",
             "desc": "Root password",
-            "invalidText": "Password does not meet the current strength rules. The minimum password length is 10 characters and must include mixed case, numeric characters, and special characters; it must also exclude common passwords or using username as password.",
-            "validator": {
-                "fn": "$(getRootPasswordValidator)"
-            }
-        }]
-    }, {
-        "type": "password",
-        "desc": "A 'ffsync' user and database will be created. Please enter a password for the 'ffsync' user.",
-        "subitems": [{
-            "key": "wizard_password_ffsync",
-            "desc": "ffsync password",
-            "invalidText": "Password does not meet the current strength rules. The minimum password length is 10 characters and must include mixed case, numeric characters, and special characters; it must also exclude common passwords or using username as password.",
             "validator": {
-                "fn": "$(getUserPasswordValidator)"
+                "allowBlank": false
             }
         }]
     }]
@@ -75,6 +39,7 @@ PAGE_FFSYNC_SETUP=$(/bin/cat<<EOF
         "subitems": [{
             "key": "wizard_ffsync_public_url",
             "desc": "Public URL",
+            "emptyText": "http://hostname.domain:8132",
             "validator": {
                 "allowBlank": false
             }
diff --git a/spk/ffsync/src/wizard/uninstall_uifile.sh b/spk/ffsync/src/wizard/uninstall_uifile.sh
@@ -1,5 +1,15 @@
 #!/bin/bash
 
+# for backwards compatability
+if [ $SYNOPKG_DSM_VERSION_MAJOR -lt 7 ]; then
+	if [ -z ${SYNOPKG_PKGDEST_VOL} ]; then
+		SYNOPKG_PKGDEST_VOL="/volume1"
+	fi
+	if [ -z ${SYNOPKG_PKGNAME} ]; then
+		SYNOPKG_PKGNAME="ffsync"
+	fi
+fi
+
 quote_json ()
 {
 	sed -e 's|\\|\\\\|g' -e 's|\"|\\\"|g'
@@ -16,18 +26,6 @@ page_append ()
 	fi
 }
 
-getPasswordValidator()
-{
-	validator=$(/bin/cat<<EOF
-{
-	var password = arguments[0];
-	return -1 !== password.search("(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9])(?=.*[^A-Za-z0-9])(?=.{10,})") && ! password.includes("root");
-}
-EOF
-)
-	echo "$validator" | quote_json
-}
-
 PAGE_FFSYNC_REMOVE=$(/bin/cat<<EOF
 {
 	"step_title": "Remove Firefox Sync Server 1.5 database",
@@ -40,9 +38,8 @@ PAGE_FFSYNC_REMOVE=$(/bin/cat<<EOF
 		"subitems": [{
 			"key": "wizard_mysql_password_root",
 			"desc": "Root password",
-			"invalidText": "Password does not meet the current strength rules. The minimum password length is 10 characters and must include mixed case, numeric characters, and special characters; it must also exclude common passwords or using username as password.",
 			"validator": {
-				"fn": "$(getPasswordValidator)"
+				"allowBlank": false
 			}
 		}]
 	}, {
@@ -51,6 +48,7 @@ PAGE_FFSYNC_REMOVE=$(/bin/cat<<EOF
 		"subitems": [{
 			"key": "wizard_dbexport_path",
 			"desc": "Database export location",
+			"emptyText": "${SYNOPKG_PKGDEST_VOL}/${SYNOPKG_PKGNAME}/backup",
 			"validator": {
 				"allowBlank": true,
 				"regex": {
