vendor/contao/installation-bundle/src/Controller/InstallationController.php line 50

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. /*
  6.  * This file is part of Contao.
  7.  *
  8.  * (c) Leo Feyer
  9.  *
  10.  * @license LGPL-3.0-or-later
  11.  */
  13. namespace Contao\InstallationBundle\Controller;
  15. use Contao\Environment;
  16. use Contao\InstallationBundle\Config\ParameterDumper;
  17. use Contao\InstallationBundle\Database\ConnectionFactory;
  18. use Contao\InstallationBundle\Event\ContaoInstallationEvents;
  19. use Contao\InstallationBundle\Event\InitializeApplicationEvent;
  20. use Contao\Validator;
  21. use Doctrine\DBAL\Exception;
  22. use Symfony\Component\DependencyInjection\ContainerAwareInterface;
  23. use Symfony\Component\DependencyInjection\ContainerAwareTrait;
  24. use Symfony\Component\Filesystem\Filesystem;
  25. use Symfony\Component\Filesystem\Path;
  26. use Symfony\Component\Finder\Finder;
  27. use Symfony\Component\Finder\SplFileInfo;
  28. use Symfony\Component\HttpFoundation\RedirectResponse;
  29. use Symfony\Component\HttpFoundation\Response;
  30. use Symfony\Component\Routing\Annotation\Route;
  32. /**
  33.  * @Route("%contao.backend.route_prefix%", defaults={"_scope" = "backend", "_token_check" = true})
  34.  *
  35.  * @internal
  36.  */
  37. class InstallationController implements ContainerAwareInterface
  38. {
  39.     use ContainerAwareTrait;
  41.     private array $context = [
  42.         'has_admin' => false,
  43.         'hide_admin' => false,
  44.         'sql_message' => '',
  45.     ];
  47.     /**
  48.      * @Route("/install", name="contao_install")
  49.      */
  50.     public function installAction(): Response
  51.     {
  52.         if (null !== ($response $this->initializeApplication())) {
  53.             return $response;
  54.         }
  56.         if ($this->container->has('contao.framework')) {
  57.             $this->container->get('contao.framework')->initialize();
  58.         }
  60.         $installTool $this->container->get('contao_installation.install_tool');
  62.         if ($installTool->isLocked()) {
  63.             return $this->render('locked.html.twig');
  64.         }
  66.         if (!$installTool->canWriteFiles()) {
  67.             return $this->render('not_writable.html.twig');
  68.         }
  70.         if ($installTool->shouldAcceptLicense()) {
  71.             return $this->acceptLicense();
  72.         }
  74.         if ('' === $installTool->getConfig('installPassword')) {
  75.             return $this->setPassword();
  76.         }
  78.         if (!$this->container->get('contao_installation.install_tool_user')->isAuthenticated()) {
  79.             return $this->login();
  80.         }
  82.         if (!$installTool->canConnectToDatabase($this->getContainerParameter('database_name'))) {
  83.             return $this->setUpDatabaseConnection();
  84.         }
  86.         $this->warmUpSymfonyCache();
  88.         if ($installTool->hasOldDatabase()) {
  89.             return $this->render('old_database.html.twig');
  90.         }
  92.         if ($installTool->hasConfigurationError($this->context)) {
  93.             return $this->render('configuration_error.html.twig');
  94.         }
  96.         $this->runDatabaseUpdates();
  98.         $installTool->checkStrictMode($this->context);
  100.         if (null !== ($response $this->adjustDatabaseTables())) {
  101.             return $response;
  102.         }
  104.         if (null !== ($response $this->importExampleWebsite())) {
  105.             return $response;
  106.         }
  108.         if (null !== ($response $this->createAdminUser())) {
  109.             return $response;
  110.         }
  112.         return $this->render('main.html.twig'$this->context);
  113.     }
  115.     private function initializeApplication(): ?Response
  116.     {
  117.         $event = new InitializeApplicationEvent();
  119.         $this->container->get('event_dispatcher')->dispatch($eventContaoInstallationEvents::INITIALIZE_APPLICATION);
  121.         if ($event->hasOutput()) {
  122.             return $this->render('initialize.html.twig', [
  123.                 'output' => $event->getOutput(),
  124.             ]);
  125.         }
  127.         return null;
  128.     }
  130.     /**
  131.      * Renders a form to accept the license.
  132.      *
  133.      * @return Response|RedirectResponse
  134.      */
  135.     private function acceptLicense(): Response
  136.     {
  137.         $request $this->container->get('request_stack')->getCurrentRequest();
  139.         if (null === $request) {
  140.             throw new \RuntimeException('The request stack did not contain a request');
  141.         }
  143.         if ('tl_license' !== $request->request->get('FORM_SUBMIT')) {
  144.             return $this->render('license.html.twig');
  145.         }
  147.         $this->container->get('contao_installation.install_tool')->persistConfig('licenseAccepted'true);
  149.         return $this->getRedirectResponse();
  150.     }
  152.     /**
  153.      * Renders a form to set the install tool password.
  154.      *
  155.      * @return Response|RedirectResponse
  156.      */
  157.     private function setPassword(): Response
  158.     {
  159.         $request $this->container->get('request_stack')->getCurrentRequest();
  161.         if (null === $request) {
  162.             throw new \RuntimeException('The request stack did not contain a request');
  163.         }
  165.         if ('tl_password' !== $request->request->get('FORM_SUBMIT')) {
  166.             return $this->render('password.html.twig');
  167.         }
  169.         $password $request->request->get('password');
  170.         $installTool $this->container->get('contao_installation.install_tool');
  171.         $minlength $installTool->getConfig('minPasswordLength');
  173.         // The password is too short
  174.         if (mb_strlen($password) < $minlength) {
  175.             return $this->render('password.html.twig', [
  176.                 'error' => sprintf($this->trans('password_too_short'), $minlength),
  177.             ]);
  178.         }
  180.         $installTool->persistConfig('installPassword'password_hash($passwordPASSWORD_DEFAULT));
  181.         $this->container->get('contao_installation.install_tool_user')->setAuthenticated(true);
  183.         return $this->getRedirectResponse();
  184.     }
  186.     /**
  187.      * Renders a form to log in.
  188.      *
  189.      * @return Response|RedirectResponse
  190.      */
  191.     private function login(): Response
  192.     {
  193.         $request $this->container->get('request_stack')->getCurrentRequest();
  195.         if (null === $request) {
  196.             throw new \RuntimeException('The request stack did not contain a request');
  197.         }
  199.         if ('tl_login' !== $request->request->get('FORM_SUBMIT')) {
  200.             return $this->render('login.html.twig');
  201.         }
  203.         $installTool $this->container->get('contao_installation.install_tool');
  205.         $verified password_verify(
  206.             $request->request->get('password'),
  207.             $installTool->getConfig('installPassword')
  208.         );
  210.         if (!$verified) {
  211.             $installTool->increaseLoginCount();
  213.             return $this->render('login.html.twig', [
  214.                 'error' => $this->trans('invalid_password'),
  215.             ]);
  216.         }
  218.         $installTool->resetLoginCount();
  219.         $this->container->get('contao_installation.install_tool_user')->setAuthenticated(true);
  221.         return $this->getRedirectResponse();
  222.     }
  224.     /**
  225.      * The method preserves the container directory inside the cache folder,
  226.      * because Symfony will throw a "compile error" exception if it is deleted
  227.      * in the middle of a request.
  228.      */
  229.     private function purgeSymfonyCache(): void
  230.     {
  231.         $filesystem = new Filesystem();
  232.         $cacheDir $this->getContainerParameter('kernel.cache_dir');
  233.         $ref = new \ReflectionObject($this->container);
  234.         $containerDir basename(Path::getDirectory($ref->getFileName()));
  236.         /** @var array<SplFileInfo> $finder */
  237.         $finder Finder::create()
  238.             ->depth(0)
  239.             ->exclude($containerDir)
  240.             ->in($cacheDir)
  241.         ;
  243.         foreach ($finder as $file) {
  244.             $filesystem->remove($file->getPathname());
  245.         }
  247.         if (\function_exists('opcache_reset')) {
  248.             opcache_reset();
  249.         }
  251.         if (\function_exists('apc_clear_cache') && !\ini_get('apc.stat')) {
  252.             apc_clear_cache();
  253.         }
  254.     }
  256.     /**
  257.      * The method runs the optional cache warmers, because the cache will only
  258.      * have the non-optional stuff at this time.
  259.      */
  260.     private function warmUpSymfonyCache(): void
  261.     {
  262.         $cacheDir $this->getContainerParameter('kernel.cache_dir');
  264.         if (file_exists(Path::join($cacheDir'contao/config/config.php'))) {
  265.             return;
  266.         }
  268.         $warmer $this->container->get('cache_warmer');
  270.         if (!$this->getContainerParameter('kernel.debug')) {
  271.             $warmer->enableOptionalWarmers();
  272.         }
  274.         $warmer->warmUp($cacheDir);
  276.         if (\function_exists('opcache_reset')) {
  277.             opcache_reset();
  278.         }
  280.         if (\function_exists('apc_clear_cache') && !\ini_get('apc.stat')) {
  281.             apc_clear_cache();
  282.         }
  283.     }
  285.     /**
  286.      * Renders a form to set up the database connection.
  287.      *
  288.      * @return Response|RedirectResponse
  289.      */
  290.     private function setUpDatabaseConnection(): Response
  291.     {
  292.         $request $this->container->get('request_stack')->getCurrentRequest();
  294.         if (null === $request) {
  295.             throw new \RuntimeException('The request stack did not contain a request');
  296.         }
  298.         // Only warn the user if the connection fails and the env component is used
  299.         if (false !== getenv('DATABASE_URL')) {
  300.             return $this->render('misconfigured_database_url.html.twig');
  301.         }
  303.         if ('tl_database_login' !== $request->request->get('FORM_SUBMIT')) {
  304.             return $this->render('database.html.twig');
  305.         }
  307.         $parameters = [
  308.             'parameters' => [
  309.                 'database_host' => $request->request->get('dbHost'),
  310.                 'database_port' => $request->request->get('dbPort'),
  311.                 'database_user' => $request->request->get('dbUser'),
  312.                 'database_password' => $request->request->get('dbPassword') ?: null,
  313.                 'database_name' => $request->request->get('dbName'),
  314.             ],
  315.         ];
  317.         if (false !== strpos($parameters['parameters']['database_name'], '.')) {
  318.             return $this->render('database.html.twig'array_merge(
  319.                 $parameters,
  320.                 ['database_error' => $this->trans('database_dot_in_dbname')]
  321.             ));
  322.         }
  324.         $connection ConnectionFactory::create($parameters);
  326.         $installTool $this->container->get('contao_installation.install_tool');
  327.         $installTool->setConnection($connection);
  329.         if (!$installTool->canConnectToDatabase($parameters['parameters']['database_name'])) {
  330.             return $this->render('database.html.twig'array_merge(
  331.                 $parameters,
  332.                 ['database_error' => $this->trans('database_could_not_connect')]
  333.             ));
  334.         }
  336.         $databaseVersion null;
  338.         try {
  339.             $databaseVersion $connection->getWrappedConnection()->getServerVersion();
  340.         } catch (\Throwable $exception) {
  341.             // Ignore server version detection errors
  342.         }
  344.         if ($databaseVersion) {
  345.             $parameters['parameters']['database_version'] = $databaseVersion;
  346.         }
  348.         $dumper = new ParameterDumper($this->getContainerParameter('kernel.project_dir'));
  349.         $dumper->setParameters($parameters);
  350.         $dumper->dump();
  352.         $this->purgeSymfonyCache();
  354.         return $this->getRedirectResponse();
  355.     }
  357.     private function runDatabaseUpdates(): void
  358.     {
  359.         $this->context['sql_message'] = implode(
  360.             '<br>',
  361.             array_map('htmlspecialchars'$this->container->get('contao_installation.install_tool')->runMigrations())
  362.         );
  363.     }
  365.     /**
  366.      * Renders a form to adjust the database tables.
  367.      */
  368.     private function adjustDatabaseTables(): ?RedirectResponse
  369.     {
  370.         $this->container->get('contao_installation.install_tool')->handleRunOnce();
  372.         $installer $this->container->get('contao_installation.database.installer');
  374.         $this->context['sql_form'] = $installer->getCommands();
  376.         $request $this->container->get('request_stack')->getCurrentRequest();
  378.         if (null === $request) {
  379.             throw new \RuntimeException('The request stack did not contain a request');
  380.         }
  382.         if ('tl_database_update' !== $request->request->get('FORM_SUBMIT')) {
  383.             return null;
  384.         }
  386.         $sql $request->request->get('sql');
  388.         if (!empty($sql) && \is_array($sql)) {
  389.             foreach ($sql as $hash) {
  390.                 $installer->execCommand($hash);
  391.             }
  392.         }
  394.         return $this->getRedirectResponse();
  395.     }
  397.     /**
  398.      * Renders a form to import the example website.
  399.      */
  400.     private function importExampleWebsite(): ?RedirectResponse
  401.     {
  402.         $installTool $this->container->get('contao_installation.install_tool');
  403.         $templates $installTool->getTemplates();
  405.         $this->context['templates'] = $templates;
  407.         if ($installTool->getConfig('exampleWebsite')) {
  408.             $this->context['import_date'] = date('Y-m-d H:i'$installTool->getConfig('exampleWebsite'));
  409.         }
  411.         $request $this->container->get('request_stack')->getCurrentRequest();
  413.         if (null === $request) {
  414.             throw new \RuntimeException('The request stack did not contain a request');
  415.         }
  417.         if ('tl_template_import' !== $request->request->get('FORM_SUBMIT')) {
  418.             return null;
  419.         }
  421.         $template $request->request->get('template');
  423.         if ('' === $template || !\in_array($template$templatestrue)) {
  424.             $this->context['import_error'] = $this->trans('import_empty_source');
  426.             return null;
  427.         }
  429.         try {
  430.             $installTool->importTemplate($template'1' === $request->request->get('preserve'));
  431.         } catch (Exception $e) {
  432.             $installTool->persistConfig('exampleWebsite'null);
  433.             $installTool->logException($e);
  435.             for ($rootException $enull !== $rootException->getPrevious(); $rootException $rootException->getPrevious()) {
  436.             }
  438.             $this->context['import_error'] = $this->trans('import_exception')."\n".$rootException->getMessage();
  440.             return null;
  441.         }
  443.         $installTool->persistConfig('exampleWebsite'time());
  445.         return $this->getRedirectResponse();
  446.     }
  448.     private function createAdminUser(): ?RedirectResponse
  449.     {
  450.         $installTool $this->container->get('contao_installation.install_tool');
  452.         if (!$installTool->hasTable('tl_user')) {
  453.             $this->context['hide_admin'] = true;
  455.             return null;
  456.         }
  458.         if ($installTool->hasAdminUser()) {
  459.             $this->context['has_admin'] = true;
  461.             return null;
  462.         }
  464.         $request $this->container->get('request_stack')->getCurrentRequest();
  466.         if (null === $request) {
  467.             throw new \RuntimeException('The request stack did not contain a request');
  468.         }
  470.         if ('tl_admin' !== $request->request->get('FORM_SUBMIT')) {
  471.             return null;
  472.         }
  474.         $username $request->request->get('username');
  475.         $name $request->request->get('name');
  476.         $email $request->request->get('email');
  477.         $password $request->request->get('password');
  479.         $this->context['admin_username_value'] = $username;
  480.         $this->context['admin_name_value'] = $name;
  481.         $this->context['admin_email_value'] = $email;
  482.         $this->context['admin_password_value'] = $password;
  484.         // All fields are mandatory
  485.         if ('' === $username || '' === $name || '' === $email || '' === $password) {
  486.             $this->context['admin_error'] = $this->trans('admin_error');
  488.             return null;
  489.         }
  491.         // Do not allow special characters in usernames
  492.         if (!Validator::isExtendedAlphanumeric($username)) {
  493.             $this->context['admin_username_error'] = $this->trans('admin_error_extnd');
  495.             return null;
  496.         }
  498.         // The username must not contain whitespace characters (see #4006)
  499.         if (false !== strpos($username' ')) {
  500.             $this->context['admin_username_error'] = $this->trans('admin_error_no_space');
  502.             return null;
  503.         }
  505.         // Validate the e-mail address (see #6003)
  506.         if (!Validator::isEmail($email)) {
  507.             $this->context['admin_email_error'] = $this->trans('admin_error_email');
  509.             return null;
  510.         }
  512.         $minlength $installTool->getConfig('minPasswordLength');
  514.         // The password is too short
  515.         if (mb_strlen($password) < $minlength) {
  516.             $this->context['admin_password_error'] = sprintf($this->trans('password_too_short'), $minlength);
  518.             return null;
  519.         }
  521.         // Password and username are the same
  522.         if ($password === $username) {
  523.             $this->context['admin_password_error'] = sprintf($this->trans('admin_error_password_user'), $minlength);
  525.             return null;
  526.         }
  528.         $installTool->persistConfig('adminEmail'$email);
  529.         $installTool->persistAdminUser($username$name$email$password$request->getLocale());
  531.         return $this->getRedirectResponse();
  532.     }
  534.     private function render(string $name, array $context = []): Response
  535.     {
  536.         return new Response(
  537.             $this->container->get('twig')->render(
  538.                 '@ContaoInstallation/'.$name,
  539.                 $this->addDefaultsToContext($context)
  540.             )
  541.         );
  542.     }
  544.     private function trans(string $key): string
  545.     {
  546.         return $this->container->get('translator')->trans($key, [], 'ContaoInstallationBundle');
  547.     }
  549.     /**
  550.      * Returns a redirect response to reload the page.
  551.      */
  552.     private function getRedirectResponse(): RedirectResponse
  553.     {
  554.         $request $this->container->get('request_stack')->getCurrentRequest();
  556.         if (null === $request) {
  557.             throw new \RuntimeException('The request stack did not contain a request');
  558.         }
  560.         return new RedirectResponse($request->getRequestUri());
  561.     }
  563.     /**
  564.      * Adds the default values to the context.
  565.      *
  566.      * @return array<string,string>
  567.      */
  568.     private function addDefaultsToContext(array $context): array
  569.     {
  570.         $context array_merge($this->context$context);
  572.         if (!isset($context['request_token'])) {
  573.             $context['request_token'] = $this->getRequestToken();
  574.         }
  576.         if (!isset($context['language'])) {
  577.             $context['language'] = $this->container->get('translator')->getLocale();
  578.         }
  580.         // Backwards compatibility
  581.         if (!isset($context['ua'])) {
  582.             $context['ua'] = $this->getUserAgentString();
  583.         }
  585.         if (!isset($context['path'])) {
  586.             $request $this->container->get('request_stack')->getCurrentRequest();
  588.             if (null === $request) {
  589.                 throw new \RuntimeException('The request stack did not contain a request');
  590.             }
  592.             $context['host'] = $request->getHost();
  593.             $context['path'] = $request->getBasePath();
  594.         }
  596.         return $context;
  597.     }
  599.     private function getRequestToken(): string
  600.     {
  601.         $tokenName $this->getContainerParameter('contao.csrf_token_name');
  603.         if (null === $tokenName) {
  604.             return '';
  605.         }
  607.         return $this->container->get('contao.csrf.token_manager')->getToken($tokenName)->getValue();
  608.     }
  610.     /**
  611.      * @return string|bool|null
  612.      */
  613.     private function getContainerParameter(string $name)
  614.     {
  615.         if ($this->container->hasParameter($name)) {
  616.             return $this->container->getParameter($name);
  617.         }
  619.         return null;
  620.     }
  622.     private function getUserAgentString(): string
  623.     {
  624.         if (!$this->container->has('contao.framework') || !$this->container->get('contao.framework')->isInitialized()) {
  625.             return '';
  626.         }
  628.         return Environment::get('agent')->class;
  629.     }
  630. }