[auth] Move pass file support to manager class; for both server/app

- Ensure pass file env var is skipped by application and later stripped
qgis · Oct 16, 2015 · 872d5b3 · 872d5b3
1 parent 545a90d
commit 872d5b3
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 42 deletions.
diff --git a/src/core/auth/qgsauthmanager.cpp b/src/core/auth/qgsauthmanager.cpp
@@ -18,6 +18,7 @@
 
 #include <QDir>
 #include <QEventLoop>
+#include <QFile>
 #include <QFileInfo>
 #include <QMutexLocker>
 #include <QObject>
@@ -200,6 +201,49 @@ bool QgsAuthManager::init( const QString& pluginPath )
       initSslCaches();
 #endif
 
+      // set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
+      const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
+      if ( getenv( passenv ) && masterPasswordHashInDb() )
+      {
+        QString passpath( getenv( passenv ) );
+        // clear the env variable, so it can not be accessed from plugins, etc.
+        // (note: stored QgsApplication::systemEnvVars() skips this env variable as well)
+#ifdef Q_OS_WIN
+        putenv( passenv );
+#else
+        unsetenv( passenv );
+#endif
+        QString masterpass;
+        QFile passfile( passpath );
+        if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
+        {
+          QTextStream passin( &passfile );
+          while ( !passin.atEnd() )
+          {
+            masterpass = passin.readLine();
+            break;
+          }
+          passfile.close();
+        }
+        if ( !masterpass.isEmpty() )
+        {
+          if ( setMasterPassword( masterpass, true ) )
+          {
+            QgsDebugMsg( "Authentication master password set from QGIS_AUTH_PASSWORD_FILE" );
+          }
+          else
+          {
+            QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to set password using: " + passpath );
+            return false;
+          }
+        }
+        else
+        {
+          QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read password from: " + passpath );
+          return false;
+        }
+      }
+
       return true;
     }
   }

diff --git a/src/core/qgsapplication.cpp b/src/core/qgsapplication.cpp
@@ -196,14 +196,18 @@ void QgsApplication::init( QString customConfigPath )
 
   // store system environment variables passed to application, before they are adjusted
   QMap<QString, QString> systemEnvVarMap;
+  QString passfile( "QGIS_AUTH_PASSWORD_FILE" ); // QString, for comparison
   Q_FOREACH ( const QString &varStr, QProcess::systemEnvironment() )
   {
     int pos = varStr.indexOf( QLatin1Char( '=' ) );
     if ( pos == -1 )
       continue;
     QString varStrName = varStr.left( pos );
     QString varStrValue = varStr.mid( pos + 1 );
-    systemEnvVarMap.insert( varStrName, varStrValue );
+    if ( varStrName != passfile )
+    {
+      systemEnvVarMap.insert( varStrName, varStrValue );
+    }
   }
   ABISYM( mSystemEnvVars ) = systemEnvVarMap;
 

diff --git a/src/server/qgsserver.cpp b/src/server/qgsserver.cpp
@@ -41,13 +41,11 @@
 #include "qgseditorwidgetregistry.h"
 
 #include <QDomDocument>
-#include <QFile>
 #include <QNetworkDiskCache>
 #include <QImage>
 #include <QSettings>
 #include <QDateTime>
 #include <QScopedPointer>
-#include <QTextStream>
 // TODO: remove, it's only needed by a single debug message
 #include <fcgi_stdio.h>
 #include <stdlib.h>
@@ -360,46 +358,9 @@ bool QgsServer::init( int & argc, char ** argv )
 
   // Instantiate authentication system
   //   creates or uses qgis-auth.db in ~/.qgis2/ or directory defined by QGIS_AUTH_DB_DIR_PATH env variable
+  //   set the master password as first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
+  //   (QGIS_AUTH_PASSWORD_FILE variable removed from environment after accessing)
   QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
-  //   set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
-  const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
-  if ( getenv( passenv ) )
-  {
-    QString passpath( getenv( passenv ) );
-    // clear the env variable, so it can not be accessed from plugins, etc.
-#ifdef Q_OS_WIN
-    putenv( passenv );
-#else
-    unsetenv( passenv );
-#endif
-    QString masterpass;
-    QFile passfile( passpath );
-    if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
-    {
-      QTextStream passin( &passfile );
-      while ( !passin.atEnd() )
-      {
-        masterpass = passin.readLine();
-        break;
-      }
-      passfile.close();
-    }
-    if ( !masterpass.isEmpty() )
-    {
-      if ( QgsAuthManager::instance()->setMasterPassword( masterpass, true ) )
-      {
-        QgsDebugMsg( "Authentication master password set" );
-      }
-      else
-      {
-        QgsDebugMsg( "Setting authentication master password FAILED using file: " + passpath );
-      }
-    }
-    else
-    {
-      QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read file: " + passpath );
-    }
-  }
 
   QString defaultConfigFilePath;
   QFileInfo projectFileInfo = defaultProjectFile(); //try to find a .qgs file in the server directory