see #446 - try and detect site url but allow for $CONF['site_url'] override to be used.

2024-09-19 19:22:14 +02:00 · 2021-02-07 20:35:58 +00:00 · 2021-02-07 20:35:58 +00:00 · d9813d4cf8
commit d9813d4cf8
parent aef69b53a9
5 changed files with 108 additions and 6 deletions
--- a/config.inc.php
+++ b/config.inc.php
@ -712,6 +712,10 @@ $CONF['xmlrpc_enabled'] = false;
 //More details in Password_Expiration.md
 $CONF['password_expiration'] = 'YES';

+// If defined, use this rather than trying to construct it from  $_SERVER parameters.
+// used in (at least) password-recover.php.
+$CONF['site_url'] = null;
+
 $CONF['version'] = '3.3.5';

 // If you want to keep most settings at default values and/or want to ensure
--- a/functions.inc.php
+++ b/functions.inc.php
@ -2317,4 +2317,46 @@ function getRemoteAddr() {
    return $REMOTE_ADDR;
 }

+
+/**
+ * @param array $server
+ * @return string URL to Postfixadmin - will always end in a '/'
+ */
+function getSiteUrl(array $server = []): string {
+    if (Config::has('site_url')) {
+        $url = Config::read_string('site_url');
+        if (!empty($url)) {
+            return $url;
+        }
+    }
+
+    if (empty($server)) {
+        $server = $_SERVER;
+    }
+
+    // ideally need to support installation unnder a random prefix
+    // - https://example.com/my-postfixadmin-3.1.2/index.php
+    // - https://example.com/my-postfixadmin-3.1.2/users/password-recover.php
+    // in either case, we want https://example.com/my-postfixadmin-3.1.2/
+
+    $uri = dirname($server['REQUEST_URI']);
+    if (preg_match('!/users/.*.php!', $uri)) {
+        $uri = dirname($uri);
+    }
+
+    // ensure it ends with a /
+    if (substr($uri, -1, 1) !== '/') {
+        $uri = $uri . '/';
+    }
+
+
+    $https = isset($server['HTTPS']) && $server['HTTPS'] == 'on' ? 'https' : 'http';
+
+    if (isset($server['REQUEST_SCHEME'])) {
+        $https = $server['REQUEST_SCHEME'];
+    }
+
+    return $https . '://' . $server['HTTP_HOST'] . $uri;
+}
+
 /* vim: set expandtab softtabstop=4 tabstop=4 shiftwidth=4: */
--- a/public/setup.php
+++ b/public/setup.php
@ -600,6 +600,8 @@ function do_software_environment_check() {
    }


+    $info[] = "Postfixadmin public url detected as " . getSiteUrl($_SERVER) . " use \$CONF['site_url'] to override";
+
    $info[] = "Postfixadmin installed at - " . realpath(__DIR__);

    $error_log_file = ini_get('error_log');
--- a/public/users/password-recover.php
+++ b/public/users/password-recover.php
@ -45,13 +45,13 @@ if ($context === 'admin' && !Config::read('forgotten_admin_password_reset') ||
 }

 function sendCodebyEmail($to, $username, $code) {
-    $https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
+    $url = getSiteUrl($_SERVER) . 'password-change.php?username=' . urlencode($username) . '&code=' . $code;

-    $_SERVER['REQUEST_SCHEME'] = isset($_SERVER['REQUEST_SCHEME']) ? $_SERVER['REQUEST_SCHEME'] : $https;
-
-    $url = $_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/password-change.php?username=' . urlencode($username) . '&code=' . $code;
-
-    return smtp_mail($to, Config::read('admin_email'), Config::Lang('pPassword_welcome'), Config::read('admin_smtp_password'), Config::lang_f('pPassword_recovery_email_body', $url));
+    return smtp_mail($to,
+        Config::read('admin_email'),
+        Config::Lang('pPassword_welcome'),
+        Config::read('admin_smtp_password'),
+        Config::lang_f('pPassword_recovery_email_body', $url));
 }

 function sendCodebySMS($to, $username, $code) {
--- a/tests/GetSiteUrlTest.php
+++ b/tests/GetSiteUrlTest.php
@ -0,0 +1,54 @@
+<?php
+
+class GetSiteUrlTest extends \PHPUnit\Framework\TestCase {
+    public function testControlViaConfig() {
+        $server = [];
+        $orig = Config::getInstance()->getAll();
+        $orig['site_url'] = 'https://example.com/postfixadmin-1.2.3.4/';
+        Config::getInstance()->setAll($orig);
+
+        $this->assertEquals('https://example.com/postfixadmin-1.2.3.4/', getSiteUrl($server));
+    }
+
+    public function testViaDiscovery() {
+        $server = [
+            'HTTP_HOST' => 'example.org',
+            'REQUEST_SCHEME' => 'https',
+            'REQUEST_URI' => '/postfixadmin-1.2.3.4/setup.php',
+        ];
+
+        $orig = Config::getInstance()->getAll();
+        unset($orig['site_url']);
+        Config::getInstance()->setAll($orig);
+
+        $this->assertEquals('https://example.org/postfixadmin-1.2.3.4/', getSiteUrl($server));
+    }
+
+    public function testViaDiscoveryNoPrefix() {
+        $server = [
+            'HTTP_HOST' => 'example.org',
+            'REQUEST_SCHEME' => 'https',
+            'REQUEST_URI' => '/setup.php',
+        ];
+
+        $orig = Config::getInstance()->getAll();
+        unset($orig['site_url']);
+        Config::getInstance()->setAll($orig);
+
+        $this->assertEquals('https://example.org/', getSiteUrl($server));
+    }
+
+    public function testViaDiscoveryhttp() {
+        $server = [
+            'HTTP_HOST' => 'example.org',
+            'REQUEST_SCHEME' => 'http',
+            'REQUEST_URI' => '/setup.php',
+        ];
+
+        $orig = Config::getInstance()->getAll();
+        unset($orig['site_url']);
+        Config::getInstance()->setAll($orig);
+
+        $this->assertEquals('http://example.org/', getSiteUrl($server));
+    }
+}