From 0a38aa7456ccb2875aac5dc20a6f15d3956bb93a Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 3 May 2023 00:37:04 +0200
Subject: Automatic trusted_sources during install (#5358)

* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357

* Fix install for http_auth

* Update lib/lib_rss.php

Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>

* Fill null exception e-mail

* Revert some syntax

* Minor parentheses
---
 app/install.php | 51 +++++++++++++++++++++++----------------------------
 1 file changed, 23 insertions(+), 28 deletions(-)

(limited to 'app/install.php')

diff --git a/app/install.php b/app/install.php
index 599fd9863..cb49b8de7 100644
--- a/app/install.php
+++ b/app/install.php
@@ -18,16 +18,8 @@ if (STEP === 2 && isset($_POST['type'])) {
 	Minz_Session::_param('bd_type', $_POST['type']);
 }
 
-/**
- * @param mixed $default
- * @return mixed
- */
-function param(string $key, $default = false) {
-	if (isset($_POST[$key])) {
-		return $_POST[$key];
-	} else {
-		return $default;
-	}
+function param(string $key, string $default = ''): string {
+	return isset($_POST[$key]) && is_string($_POST[$key]) ? trim($_POST[$key]) : $default;
 }
 
 // gestion internationalisation
@@ -146,9 +138,6 @@ function saveStep2(): void {
 		if (Minz_Session::param('title') != '') {
 			$config_array['title'] = Minz_Session::param('title');
 		}
-		if (Minz_Session::param('auth_type') != '') {
-			$config_array['auth_type'] = Minz_Session::param('auth_type');
-		}
 
 		$customConfigPath = DATA_PATH . '/config.custom.php';
 		if (file_exists($customConfigPath)) {
@@ -196,27 +185,33 @@ function saveStep2(): void {
 }
 
 function saveStep3(): bool {
+	FreshRSS_Context::initSystem();
+	Minz_Translate::init(Minz_Session::param('language'));
+
 	if (!empty($_POST)) {
-		$system_default_config = FreshRSS_SystemConfiguration::get('default_system');
-		Minz_Session::_params([
-				'title' => $system_default_config->title,
-				'auth_type' => param('auth_type', 'form'),
-			]);
-		if (FreshRSS_user_Controller::checkUsername(param('default_user', ''))) {
-			Minz_Session::_param('default_user', param('default_user', ''));
+		if (param('auth_type', 'form') != '') {
+			FreshRSS_Context::$system_conf->auth_type = param('auth_type', 'form');
+			Minz_Session::_param('auth_type', FreshRSS_Context::$system_conf->auth_type);
+		} else {
+			return false;
 		}
 
-		if (Minz_Session::param('auth_type') == '' || Minz_Session::param('default_user') == '') {
+		$password_plain = param('passwordPlain', '');
+		if (FreshRSS_Context::$system_conf->auth_type === 'form' && $password_plain == '') {
 			return false;
 		}
 
-		$password_plain = param('passwordPlain', false);
-		if (Minz_Session::param('auth_type') === 'form' && $password_plain == '') {
+		if (FreshRSS_user_Controller::checkUsername(param('default_user', ''))) {
+			FreshRSS_Context::$system_conf->default_user = param('default_user', '');
+			Minz_Session::_param('default_user', FreshRSS_Context::$system_conf->default_user);
+		} else {
 			return false;
 		}
 
-		FreshRSS_Context::initSystem();
-		Minz_Translate::init(Minz_Session::param('language'));
+		if (FreshRSS_Context::$system_conf->auth_type === 'http_auth' && !empty($_SERVER['REMOTE_ADDR']) && is_string($_SERVER['REMOTE_ADDR'])) {
+			// Trust by default the remote IP address (e.g. proxy) used during install to provide remote user name
+			FreshRSS_Context::$system_conf->trusted_sources = [ $_SERVER['REMOTE_ADDR'] ];
+		}
 
 		// Create default user files but first, we delete previous data to
 		// avoid access right problems.
@@ -242,7 +237,6 @@ function saveStep3(): bool {
 			return false;
 		}
 
-		FreshRSS_Context::$system_conf->default_user = Minz_Session::param('default_user');
 		FreshRSS_Context::$system_conf->save();
 
 		header('Location: index.php?step=4');
@@ -591,7 +585,7 @@ function printStep3(): void {
 			<div class="group-controls">
 				<input type="text" id="default_user" name="default_user" autocomplete="username" required="required" size="16"
 					pattern="<?= FreshRSS_user_Controller::USERNAME_PATTERN ?>" value="<?= isset($_SESSION['default_user']) ? $_SESSION['default_user'] : '' ?>"
-					placeholder="<?= httpAuthUser() == '' ? 'alice' : httpAuthUser() ?>" tabindex="1" />
+					placeholder="<?= httpAuthUser(false) == '' ? 'alice' : httpAuthUser(false) ?>" tabindex="1" />
 				<p class="help"><?= _i('help') ?> <?= _t('install.default_user.max_char') ?></p>
 			</div>
 		</div>
@@ -603,7 +597,8 @@ function printStep3(): void {
 					<option value="form"<?= $auth_type === 'form' || (no_auth($auth_type) && cryptAvailable()) ? ' selected="selected"' : '',
 						cryptAvailable() ? '' : ' disabled="disabled"' ?>><?= _t('install.auth.form') ?></option>
 					<option value="http_auth"<?= $auth_type === 'http_auth' ? ' selected="selected"' : '',
-						httpAuthUser() == '' ? ' disabled="disabled"' : '' ?>><?= _t('install.auth.http') ?>(REMOTE_USER = '<?= httpAuthUser() ?>')</option>
+						httpAuthUser(false) == '' ? ' disabled="disabled"' : '' ?>>
+							<?= _t('install.auth.http') ?> (REMOTE_USER = '<?= httpAuthUser(false) ?>')</option>
 					<option value="none"<?= $auth_type === 'none' || (no_auth($auth_type) && !cryptAvailable()) ? ' selected="selected"' : ''
 						?>><?= _t('install.auth.none') ?></option>
 				</select>
-- 
cgit v1.2.3