Fixes #4425: generate cookie validation keys in local config files.

066989f0 · Qiang Xue · 2a8ca600 · 066989f0 · 066989f0 · 066989f0
Commit 066989f0 authored Aug 01, 2014 by Qiang Xue
9 changed files
--- a/apps/advanced/backend/config/main.php
+++ b/apps/advanced/backend/config/main.php
@@ -13,10 +13,6 @@ return [
    'bootstrap' => ['log'],
    'modules' => [],
    'components' => [
-        'request' => [
-            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
-            'cookieValidationKey' => '',
-        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,

--- a/apps/advanced/composer.json
+++ b/apps/advanced/composer.json
@@ -32,8 +32,7 @@
    },
    "scripts": {
        "post-create-project-cmd": [
-            "yii\\composer\\Installer::setPermission",
-            "yii\\composer\\Installer::generateCookieValidationKey"
+            "yii\\composer\\Installer::setPermission"
        ]
    },
    "config": {
@@ -46,10 +45,6 @@

            "frontend/runtime",
            "frontend/web/assets"
-        ],
-        "config": [
-            "frontend/config/main.php",
-            "backend/config/main.php"
        ]
    }
 }
--- a/apps/advanced/environments/dev/backend/config/main-local.php
+++ b/apps/advanced/environments/dev/backend/config/main-local.php
 <?php

-$config = [];
+$config = [
+    'components' => [
+        'request' => [
+            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
+            'cookieValidationKey' => '',
+        ],
+    ],
+];

 if (!YII_ENV_TEST) {
    // configuration adjustments for 'dev' environment

--- a/apps/advanced/environments/dev/frontend/config/main-local.php
+++ b/apps/advanced/environments/dev/frontend/config/main-local.php
 <?php

-$config = [];
+$config = [
+    'components' => [
+        'request' => [
+            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
+            'cookieValidationKey' => '',
+        ],
+    ],
+];

 if (!YII_ENV_TEST) {
    // configuration adjustments for 'dev' environment

--- a/apps/advanced/environments/index.php
+++ b/apps/advanced/environments/index.php
@@ -9,9 +9,15 @@
 * return [
 *     'environment name' => [
 *         'path' => 'directory storing the local files',
- *         'writable' => [
+ *         'setWritable' => [
 *             // list of directories that should be set writable
 *         ],
+ *         'setExecutable' => [
+ *             // list of directories that should be set executable
+ *         ],
+ *         'setCookieValidationKey' => [
+ *             // list of config files that need to be inserted with automatically generated cookie validation keys
+ *         ],
 *     ],
 * ];
 * ```
@@ -19,26 +25,34 @@
 return [
    'Development' => [
        'path' => 'dev',
-        'writable' => [
+        'setWritable' => [
            'backend/runtime',
            'backend/web/assets',
            'frontend/runtime',
            'frontend/web/assets',
        ],
-        'executable' => [
+        'setExecutable' => [
            'yii',
        ],
+        'setCookieValidationKey' => [
+            'backend/config/main-local.php',
+            'frontend/config/main-local.php',
+        ],
    ],
    'Production' => [
        'path' => 'prod',
-        'writable' => [
+        'setWritable' => [
            'backend/runtime',
            'backend/web/assets',
            'frontend/runtime',
            'frontend/web/assets',
        ],
-        'executable' => [
+        'setExecutable' => [
            'yii',
        ],
+        'setCookieValidationKey' => [
+            'backend/config/main-local.php',
+            'frontend/config/main-local.php',
+        ],
    ],
 ];
--- a/apps/advanced/environments/prod/backend/config/main-local.php
+++ b/apps/advanced/environments/prod/backend/config/main-local.php
 <?php
 return [
+    'components' => [
+        'request' => [
+            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
+            'cookieValidationKey' => '',
+        ],
+    ],
 ];
--- a/apps/advanced/environments/prod/frontend/config/main-local.php
+++ b/apps/advanced/environments/prod/frontend/config/main-local.php
 <?php
 return [
+    'components' => [
+        'request' => [
+            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
+            'cookieValidationKey' => '',
+        ],
+    ],
 ];
--- a/apps/advanced/frontend/config/main.php
+++ b/apps/advanced/frontend/config/main.php
@@ -12,10 +12,6 @@ return [
    'bootstrap' => ['log'],
    'controllerNamespace' => 'frontend\controllers',
    'components' => [
-        'request' => [
-            // !!! insert a secret key in the following (if it is empty) - this is required by cookie validation
-            'cookieValidationKey' => '',
-        ],
        'user' => [
            'identityClass' => 'common\models\User',
            'enableAutoLogin' => true,

--- a/apps/advanced/init
+++ b/apps/advanced/init
@@ -14,6 +14,10 @@
 * @license http://www.yiiframework.com/license/
 */

+if (!extension_loaded('mcrypt')) {
+    die('The mcrypt PHP extension is required by Yii2.');
+}
+
 $params = getParams();
 $root = str_replace('\\', '/', __DIR__);
 $envs = require("$root/environments/index.php");
@@ -23,147 +27,169 @@ echo "Yii Application Initialization Tool v1.0\n\n";

 $envName = null;
 if (empty($params['env']) || $params['env'] === '1') {
-	echo "Which environment do you want the application to be initialized in?\n\n";
-	foreach ($envNames as $i => $name) {
-		echo "  [$i] $name\n";
-	}
-	echo "\n  Your choice [0-" . (count($envs) - 1) . ', or "q" to quit] ';
-	$answer = trim(fgets(STDIN));
-
-	if (!ctype_digit($answer) || !in_array($answer, range(0, count($envs) - 1))) {
-		echo "\n  Quit initialization.\n";
-		exit(0);
-	}
-
-	if (isset($envNames[$answer])) {
-		$envName = $envNames[$answer];
-	}
+    echo "Which environment do you want the application to be initialized in?\n\n";
+    foreach ($envNames as $i => $name) {
+        echo "  [$i] $name\n";
+    }
+    echo "\n  Your choice [0-" . (count($envs) - 1) . ', or "q" to quit] ';
+    $answer = trim(fgets(STDIN));
+
+    if (!ctype_digit($answer) || !in_array($answer, range(0, count($envs) - 1))) {
+        echo "\n  Quit initialization.\n";
+        exit(0);
+    }
+
+    if (isset($envNames[$answer])) {
+        $envName = $envNames[$answer];
+    }
 } else {
-	$envName = $params['env'];
+    $envName = $params['env'];
 }

 if (!in_array($envName, $envNames)) {
-	$envsList = implode(', ', $envNames);
-	echo "\n  $envName is not a valid environment. Try one of the following: $envsList. \n";
-	exit(2);
+    $envsList = implode(', ', $envNames);
+    echo "\n  $envName is not a valid environment. Try one of the following: $envsList. \n";
+    exit(2);
 }

 $env = $envs[$envName];

 if (empty($params['env'])) {
-	echo "\n  Initialize the application under '{$envNames[$answer]}' environment? [yes|no] ";
-	$answer = trim(fgets(STDIN));
-	if (strncasecmp($answer, 'y', 1)) {
-		echo "\n  Quit initialization.\n";
-		exit(0);
-	}
+    echo "\n  Initialize the application under '{$envNames[$answer]}' environment? [yes|no] ";
+    $answer = trim(fgets(STDIN));
+    if (strncasecmp($answer, 'y', 1)) {
+        echo "\n  Quit initialization.\n";
+        exit(0);
+    }
 }

 echo "\n  Start initialization ...\n\n";
 $files = getFileList("$root/environments/{$env['path']}");
 $all = false;
 foreach ($files as $file) {
-	if (!copyFile($root, "environments/{$env['path']}/$file", $file, $all, $params)) {
-		break;
-	}
-}
-
-if (isset($env['writable'])) {
-	foreach ($env['writable'] as $writable) {
-		echo "      chmod 0777 $writable\n";
-		@chmod("$root/$writable", 0777);
-	}
+    if (!copyFile($root, "environments/{$env['path']}/$file", $file, $all, $params)) {
+        break;
+    }
 }

-if (isset($env['executable'])) {
-	foreach ($env['executable'] as $executable) {
-		echo "      chmod 0755 $executable\n";
-		@chmod("$root/$executable", 0755);
-	}
+$callbacks = ['setCookieValidationKey', 'setWritable', 'setExecutable'];
+foreach ($callbacks as $callback) {
+    if (!empty($env[$callback])) {
+        $callback($root, $env[$callback]);
+    }
 }

 echo "\n  ... initialization completed.\n\n";

 function getFileList($root, $basePath = '')
 {
-	$files = [];
-	$handle = opendir($root);
-	while (($path = readdir($handle)) !== false) {
-		if ($path === '.svn' || $path === '.' || $path === '..') {
-			continue;
-		}
-		$fullPath = "$root/$path";
-		$relativePath = $basePath === '' ? $path : "$basePath/$path";
-		if (is_dir($fullPath)) {
-			$files = array_merge($files, getFileList($fullPath, $relativePath));
-		} else {
-			$files[] = $relativePath;
-		}
-	}
-	closedir($handle);
-	return $files;
+    $files = [];
+    $handle = opendir($root);
+    while (($path = readdir($handle)) !== false) {
+        if ($path === '.svn' || $path === '.' || $path === '..') {
+            continue;
+        }
+        $fullPath = "$root/$path";
+        $relativePath = $basePath === '' ? $path : "$basePath/$path";
+        if (is_dir($fullPath)) {
+            $files = array_merge($files, getFileList($fullPath, $relativePath));
+        } else {
+            $files[] = $relativePath;
+        }
+    }
+    closedir($handle);
+    return $files;
 }

 function copyFile($root, $source, $target, &$all, $params)
 {
-	if (!is_file($root . '/' . $source)) {
-		echo "       skip $target ($source not exist)\n";
-		return true;
-	}
-	if (is_file($root . '/' . $target)) {
-		if (file_get_contents($root . '/' . $source) === file_get_contents($root . '/' . $target)) {
-			echo "  unchanged $target\n";
-			return true;
-		}
-		if ($all) {
-			echo "  overwrite $target\n";
-		} else {
-			echo "      exist $target\n";
-			echo "            ...overwrite? [Yes|No|All|Quit] ";
-
-
-			$answer = !empty($params['overwrite']) ? $params['overwrite'] : trim(fgets(STDIN));
-			if (!strncasecmp($answer, 'q', 1)) {
-				return false;
-			} else {
-				if (!strncasecmp($answer, 'y', 1)) {
-					echo "  overwrite $target\n";
-				} else {
-					if (!strncasecmp($answer, 'a', 1)) {
-						echo "  overwrite $target\n";
-						$all = true;
-					} else {
-						echo "       skip $target\n";
-						return true;
-					}
-				}
-			}
-		}
-		file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
-		return true;
-	}
-	echo "   generate $target\n";
-	@mkdir(dirname($root . '/' . $target), 0777, true);
-	file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
-	return true;
+    if (!is_file($root . '/' . $source)) {
+        echo "       skip $target ($source not exist)\n";
+        return true;
+    }
+    if (is_file($root . '/' . $target)) {
+        if (file_get_contents($root . '/' . $source) === file_get_contents($root . '/' . $target)) {
+            echo "  unchanged $target\n";
+            return true;
+        }
+        if ($all) {
+            echo "  overwrite $target\n";
+        } else {
+            echo "      exist $target\n";
+            echo "            ...overwrite? [Yes|No|All|Quit] ";
+
+
+            $answer = !empty($params['overwrite']) ? $params['overwrite'] : trim(fgets(STDIN));
+            if (!strncasecmp($answer, 'q', 1)) {
+                return false;
+            } else {
+                if (!strncasecmp($answer, 'y', 1)) {
+                    echo "  overwrite $target\n";
+                } else {
+                    if (!strncasecmp($answer, 'a', 1)) {
+                        echo "  overwrite $target\n";
+                        $all = true;
+                    } else {
+                        echo "       skip $target\n";
+                        return true;
+                    }
+                }
+            }
+        }
+        file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
+        return true;
+    }
+    echo "   generate $target\n";
+    @mkdir(dirname($root . '/' . $target), 0777, true);
+    file_put_contents($root . '/' . $target, file_get_contents($root . '/' . $source));
+    return true;
 }

 function getParams()
 {
-	$rawParams = [];
-	if (isset($_SERVER['argv'])) {
-		$rawParams = $_SERVER['argv'];
-		array_shift($rawParams);
-	}
-
-	$params = [];
-	foreach ($rawParams as $param) {
-		if (preg_match('/^--(\w+)(=(.*))?$/', $param, $matches)) {
-			$name = $matches[1];
-			$params[$name] = isset($matches[3]) ? $matches[3] : true;
-		} else {
-			$params[] = $param;
-		}
-	}
-	return $params;
+    $rawParams = [];
+    if (isset($_SERVER['argv'])) {
+        $rawParams = $_SERVER['argv'];
+        array_shift($rawParams);
+    }
+
+    $params = [];
+    foreach ($rawParams as $param) {
+        if (preg_match('/^--(\w+)(=(.*))?$/', $param, $matches)) {
+            $name = $matches[1];
+            $params[$name] = isset($matches[3]) ? $matches[3] : true;
+        } else {
+            $params[] = $param;
+        }
+    }
+    return $params;
+}
+
+function setWritable($root, $paths)
+{
+    foreach ($paths as $writable) {
+        echo "      chmod 0777 $writable\n";
+        @chmod("$root/$writable", 0777);
+    }
+}
+
+function setExecutable($root, $paths)
+{
+    foreach ($paths as $executable) {
+        echo "      chmod 0755 $executable\n";
+        @chmod("$root/$executable", 0755);
+    }
+}
+
+function setCookieValidationKey($root, $paths)
+{
+    foreach ($paths as $file) {
+        echo "      generating cookie validation key $file\n";
+        $file = $root . '/' . $file;
+        $length = 32;
+        $bytes = mcrypt_create_iv($length, MCRYPT_DEV_URANDOM);
+        $key = strtr(substr(base64_encode($bytes), 0, $length), '+/=', '_-.');
+        $content = preg_replace('/(("|\')cookieValidationKey("|\')\s*=>\s*)(""|\'\')/', "\\1'$key'", file_get_contents($file));
+        file_put_contents($file, $content);
+    }
 }