Skip to content

Commit

Permalink
[FEATURE] Blind the Solr Cell crendetials in TYPO3 configuration tools
Browse files Browse the repository at this point in the history
This change hides/blinds the Apache Solr username and password.
It is the follow up of #212, which introduces the username and password for Apache Solr connection.
It prevents the users from
accidental release of secrets and credentials via TYPO3 backend configuration Tools like:
* Extension Settings module
* Configuration module


Relates: #212
  • Loading branch information
dkd-kaehm committed Oct 19, 2023
1 parent 1a2a8ec commit 6618965
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 0 deletions.
67 changes: 67 additions & 0 deletions Classes/Lowlevel/EventListener/BlindedSecrets.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
<?php

declare(strict_types=1);

/*
* This file is part of the TYPO3 CMS project.
*
* It is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License, either version 2
* of the License, or any later version.
*
* For the full copyright and license information, please read the
* LICENSE.txt file that was distributed with this source code.
*
* The TYPO3 project - inspiring people to share!
*/

namespace ApacheSolrForTypo3\Tika\Lowlevel\EventListener;

use TYPO3\CMS\Lowlevel\Event\ModifyBlindedConfigurationOptionsEvent;

use function str_contains;

class BlindedSecrets
{
public function __invoke(ModifyBlindedConfigurationOptionsEvent $event): void
{
$options = $event->getBlindedConfigurationOptions();

if ($event->getProviderIdentifier() === 'confVars') {
if (!empty($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrUsername'])
&& !str_contains($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrUsername'], '%env(')
) {
$options['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrUsername'] = '***';
}
if (!empty($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrPassword'])
&& !str_contains($GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrPassword'], '%env(')
) {
$options['TYPO3_CONF_VARS']['EXTENSIONS']['tika']['solrPassword'] = '***';
}
}

$event->setBlindedConfigurationOptions($options);
}

/**
* Renders a single secret/credentials input field in BE -> Settings -> Extension Configuration -> tika
* dependent on configured/saved value.
* * \<input ... type="password"> for simple string, which masks the password in browser
* * \<input ... type="text"> for values %env(SOME_SOLR_CREDENTIAL)%, which prints the value as is
*
* @noinspection PhpUnused
*/
public function hideInExtConf(array $params): string
{
$currentConfigValue = $GLOBALS['TYPO3_CONF_VARS']['EXTENSIONS']['tika'][$params['fieldName']] ?? '';
$inputType = 'password';
if (empty($currentConfigValue)
|| str_contains($currentConfigValue, '%env(')
) {
$inputType = 'text';
}

return /* @lang HTML */
"<input class='form-control' id='em-tika-{$params['fieldName']}' type='$inputType' name='{$params['fieldName']}' value='$currentConfigValue'>";
}
}
6 changes: 6 additions & 0 deletions Configuration/Services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,3 +12,9 @@ services:
public: true
autowire: true
tags: ['backend.controller']

ApacheSolrForTypo3\Tika\Lowlevel\EventListener\BlindedSecrets:
tags:
- name: event.listener
identifier: 'tika/blind-secrets-for-tika'
event: 'TYPO3\CMS\Lowlevel\Event\ModifyBlindedConfigurationOptionsEvent'
1 change: 1 addition & 0 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
"phpstan/phpstan": "^1.10",
"phpstan/phpstan-phpunit": "^1.3",
"phpunit/phpunit": "^9.5",
"typo3/cms-lowlevel": "*",
"typo3/coding-standards": "~0.7.1",
"typo3/testing-framework": "^7.0.2"
},
Expand Down

0 comments on commit 6618965

Please sign in to comment.