diff --git a/scripts/setup/phpmyadmin_install.sh b/scripts/setup/phpmyadmin_install.sh index 1d80d1f..4182561 100644 --- a/scripts/setup/phpmyadmin_install.sh +++ b/scripts/setup/phpmyadmin_install.sh @@ -353,8 +353,7 @@ function da_mysql_phpmyadmin_only_db(): string session_name($sessionName); session_id($sessionId); session_start(); - $auth = $_SESSION['DA_MYSQL_PHPMYADMIN_AUTH'] ?? []; - $db = is_array($auth) ? (string)($auth['db'] ?? '') : ''; + $db = (string)($_SESSION['DA_MYSQL_PHPMYADMIN_RESTRICT_DB'] ?? ''); session_write_close(); return $db; @@ -515,6 +514,7 @@ session_set_cookie_params([ ]); session_start(); $_SESSION['DA_MYSQL_PHPMYADMIN_AUTH'] = $ticket['auth']; +$_SESSION['DA_MYSQL_PHPMYADMIN_RESTRICT_DB'] = (string)($ticket['restrict_db'] ?? ''); session_write_close(); header('Cache-Control: no-store, no-cache, must-revalidate'); diff --git a/tests/phpmyadmin_install_test.sh b/tests/phpmyadmin_install_test.sh index 1e2f849..d2e0e57 100644 --- a/tests/phpmyadmin_install_test.sh +++ b/tests/phpmyadmin_install_test.sh @@ -130,6 +130,7 @@ ONLY_DB="$(php -d session.save_path="$SESSION_DIR" -r ' session_id("onlydbtest"); session_start(); $_SESSION["DA_MYSQL_PHPMYADMIN_AUTH"] = ["user" => "x", "password" => "y", "db" => "demo_target_db"]; + $_SESSION["DA_MYSQL_PHPMYADMIN_RESTRICT_DB"] = "demo_target_db"; session_write_close(); $_COOKIE["DA_MYSQL_PHPMYADMIN"] = "onlydbtest"; @@ -140,6 +141,24 @@ ONLY_DB="$(php -d session.save_path="$SESSION_DIR" -r ' [ "$ONLY_DB" = "demo_target_db" ] \ || fail "config.inc.php only_db should be scoped to the SSO ticket's database, got: '$ONLY_DB'" +# When no specific database was requested (the top-nav PHPMYADMIN button), +# only_db must be empty so phpMyAdmin shows every granted database. +ALL_DB_ONLY_DB="$(php -d session.save_path="$SESSION_DIR" -r ' + session_name("DA_MYSQL_PHPMYADMIN"); + session_id("alldbtest"); + session_start(); + $_SESSION["DA_MYSQL_PHPMYADMIN_AUTH"] = ["user" => "x", "password" => "y", "db" => "demo_landing_db"]; + $_SESSION["DA_MYSQL_PHPMYADMIN_RESTRICT_DB"] = ""; + session_write_close(); + + $_COOKIE["DA_MYSQL_PHPMYADMIN"] = "alldbtest"; + $cfg = []; + include $argv[1]; + echo $cfg["Servers"][1]["only_db"] ?? "(unset)"; +' "$CONFIG_INC")" +[ "$ALL_DB_ONLY_DB" = "" ] \ + || fail "config.inc.php only_db must be empty for an all-databases login, got: '$ALL_DB_ONLY_DB'" + grep -Fq 'return [$username, $password];' "$SIGNON_SCRIPT" \ || fail "signon script should return username/password only" php -d display_errors=1 -r 'set_error_handler(static function($errno, $errstr) { fwrite(STDERR, $errstr . "\n"); exit(9); }); $cfg=[]; include $argv[1]; include $argv[2];' "$CONFIG_INC" "$SIGNON_SCRIPT" \