Fix first execution bugs and allow admin password to be changed

Changes:
- Allow admin password to be changed
- Fix updating email.php the first time the container starts

docker-compose.yml

@@ -52,10 +52,10 @@ services:
       # - "${CUSTOM_PATH}/:/custom/"
     environment:
       - "HOSTNAME=https://localhost"
-      - "REDIS_FQDN=redis"
       - "CRON_USER_ID=1"
       # standard settings
       - "ADMIN_EMAIL=${ADMIN_EMAIL}"
+      - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
       - "ADMIN_KEY=${ADMIN_KEY}"
       - "ADMIN_ORG=${ADMIN_ORG}"
       - "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
@@ -82,7 +82,6 @@ services:
       - "REDIS_BACKEND=redis"
     depends_on:
       - redis
-      - db
 
 volumes:
     mysql_data:

server/files/configure_misp.sh

@@ -93,7 +93,6 @@ init_user() {
     # Create the main user if it is not there already
     sudo -u www-data /var/www/MISP/app/Console/cake userInit -q
     sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.email" ${ADMIN_EMAIL}
-    echo 'UPDATE misp.users SET change_pw = 0 WHERE id = 1;' | ${MYSQLCMD}
     echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
     if [ ! -z "$ADMIN_ORG" ]; then
         echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
@@ -107,6 +106,20 @@ init_user() {
     fi
     ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
     echo "... admin user key set to '${ADMIN_KEY}'"
+
+    if [ ! -z "$ADMIN_PASSWORD" ]; then
+        echo "... setting admin password to '${ADMIN_PASSWORD}'"
+        PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r)
+        PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" 1
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" '/.*/'
+        sudo -u www-data /var/www/MISP/app/Console/cake user change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD}
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" ${PASSWORD_POLICY}
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" ${PASSWORD_LENGTH}
+    else
+        echo "... leaving admin password as-is"
+    fi
+    echo 'UPDATE misp.users SET change_pw = 0 WHERE id = 1;' | ${MYSQLCMD}
 }
 
 apply_critical_fixes() {

server/files/entrypoint_nginx.sh

@@ -67,7 +67,8 @@ init_misp_data_files(){
     sed -i "s/'database' => 'misp'/'database' => '$MYSQL_DATABASE'/" $MISP_APP_CONFIG_PATH/database.php
 
     echo "... initializing email.php settings"
-    sudo -u www-data tee /var/www/MISP/app/Config/email.php > /dev/null <<EOT
+    chmod +w $MISP_APP_CONFIG_PATH/email.php
+    tee $MISP_APP_CONFIG_PATH/email.php > /dev/null <<EOT
 <?php
 class EmailConfig {
     public \$default = array(
@@ -116,6 +117,7 @@ class EmailConfig {
     );
 }
 EOT
+    chmod -w $MISP_APP_CONFIG_PATH/email.php
 
     # Init files (shared with host)
     echo "... initializing app files"

template.env

@@ -10,8 +10,10 @@ PHP_VER=20190902
 ADMIN_EMAIL=
 # default to MISP's default (Org1)
 ADMIN_ORG=
-# default to an automatically generated one (password is 'admin')
+# default to an automatically generated one
 ADMIN_KEY=
+# default to MISP's default (admin)
+ADMIN_PASSWORD=
 # default to 'passphrase'
 GPG_PASSPHRASE=