Fix first execution bugs and allow admin password to be changed

Changes: - Allow admin password to be changed - Fix updating email.php the first time the container starts
2023-05-14 16:56:55 +01:00 · 2023-05-14 16:56:55 +01:00 · 366fb0e6b0
parent e548b22ffa
commit 366fb0e6b0
4 changed files with 21 additions and 5 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -52,10 +52,10 @@ services:
      # - "${CUSTOM_PATH}/:/custom/"
    environment:
      - "HOSTNAME=https://localhost"
-      - "REDIS_FQDN=redis"
      - "CRON_USER_ID=1"
      # standard settings
      - "ADMIN_EMAIL=${ADMIN_EMAIL}"
+      - "ADMIN_PASSWORD=${ADMIN_PASSWORD}"
      - "ADMIN_KEY=${ADMIN_KEY}"
      - "ADMIN_ORG=${ADMIN_ORG}"
      - "GPG_PASSPHRASE=${GPG_PASSPHRASE}"
@ -82,7 +82,6 @@ services:
      - "REDIS_BACKEND=redis"
    depends_on:
      - redis
-      - db

 volumes:
    mysql_data:
--- a/server/files/configure_misp.sh
+++ b/server/files/configure_misp.sh
@ -93,7 +93,6 @@ init_user() {
    # Create the main user if it is not there already
    sudo -u www-data /var/www/MISP/app/Console/cake userInit -q
    sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "MISP.email" ${ADMIN_EMAIL}
-    echo 'UPDATE misp.users SET change_pw = 0 WHERE id = 1;' | ${MYSQLCMD}
    echo "UPDATE misp.users SET email = \"${ADMIN_EMAIL}\" WHERE id = 1;" | ${MYSQLCMD}
    if [ ! -z "$ADMIN_ORG" ]; then
        echo "UPDATE misp.organisations SET name = \"${ADMIN_ORG}\" where id = 1;" | ${MYSQLCMD}
@ -107,6 +106,20 @@ init_user() {
    fi
    ADMIN_KEY=`${CHANGE_CMD[@]} | awk 'END {print $NF; exit}'`
    echo "... admin user key set to '${ADMIN_KEY}'"
+
+    if [ ! -z "$ADMIN_PASSWORD" ]; then
+        echo "... setting admin password to '${ADMIN_PASSWORD}'"
+        PASSWORD_POLICY=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_complexity" | jq ".value" -r)
+        PASSWORD_LENGTH=$(sudo -u www-data /var/www/MISP/app/Console/cake Admin getSetting "Security.password_policy_length" | jq ".value")
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" 1
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" '/.*/'
+        sudo -u www-data /var/www/MISP/app/Console/cake user change_pw ${ADMIN_EMAIL} ${ADMIN_PASSWORD}
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_complexity" ${PASSWORD_POLICY}
+        sudo -u www-data /var/www/MISP/app/Console/cake Admin setSetting "Security.password_policy_length" ${PASSWORD_LENGTH}
+    else
+        echo "... leaving admin password as-is"
+    fi
+    echo 'UPDATE misp.users SET change_pw = 0 WHERE id = 1;' | ${MYSQLCMD}
 }

 apply_critical_fixes() {
--- a/server/files/entrypoint_nginx.sh
+++ b/server/files/entrypoint_nginx.sh
@ -67,7 +67,8 @@ init_misp_data_files(){
    sed -i "s/'database' => 'misp'/'database' => '$MYSQL_DATABASE'/" $MISP_APP_CONFIG_PATH/database.php

    echo "... initializing email.php settings"
-    sudo -u www-data tee /var/www/MISP/app/Config/email.php > /dev/null <<EOT
+    chmod +w $MISP_APP_CONFIG_PATH/email.php
+    tee $MISP_APP_CONFIG_PATH/email.php > /dev/null <<EOT
 <?php
 class EmailConfig {
    public \$default = array(
@ -116,6 +117,7 @@ class EmailConfig {
    );
 }
 EOT
+    chmod -w $MISP_APP_CONFIG_PATH/email.php

    # Init files (shared with host)
    echo "... initializing app files"
--- a/template.env
+++ b/template.env
@ -10,8 +10,10 @@ PHP_VER=20190902
 ADMIN_EMAIL=
 # default to MISP's default (Org1)
 ADMIN_ORG=
-# default to an automatically generated one (password is 'admin')
+# default to an automatically generated one
 ADMIN_KEY=
+# default to MISP's default (admin)
+ADMIN_PASSWORD=
 # default to 'passphrase'
 GPG_PASSPHRASE=