fixes for user #889 and #332

Author: Frooodle

Dockerfile

@@ -33,6 +33,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
         curl \
         openjdk17-jre \
         su-exec \
+        shadow \
 # Doc conversion
         libreoffice@testing \
 # OCR MY PDF (unpaper for descew and other advanced featues)
@@ -52,8 +53,8 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
     chmod +x /scripts/init.sh && \
 # User permissions
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
-    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto  /configs /customFiles /pipeline && \
-    chown stirlingpdfuser:stirlingpdfgroup /app.jar
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar    
 
 EXPOSE 8080
 

Dockerfile-lite

@@ -31,6 +31,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
         curl \
         openjdk17-jre \
         su-exec \
+        shadow \
 # Doc conversion
    libreoffice@testing \
 # python and pip

Dockerfile-ultra-lite

@@ -30,6 +30,7 @@ RUN mkdir /configs /logs /customFiles && \
         bash \
         curl \
         su-exec \
+        shadow \
         openjdk17-jre && \
     echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
     echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \

build.gradle

@@ -12,7 +12,7 @@ plugins {
 import com.github.jk1.license.render.*
 
 group = 'stirling.software'
-version = '0.22.0'
+version = '0.22.1'
 sourceCompatibility = '17'
 
 repositories {

exampleYmlFiles/docker-compose-latest-security.yml

@@ -21,6 +21,9 @@ services:
     environment:
       DOCKER_ENABLE_SECURITY: "true"
       SECURITY_ENABLELOGIN: "true"
+      PUID: 1002
+      GGID: 1002
+      UMASK: "022"
       SYSTEM_DEFAULTLOCALE: en-US
       UI_APPNAME: Stirling-PDF
       UI_HOMEDESCRIPTION: Demo site for Stirling-PDF Latest with Security

scripts/init.sh

@@ -13,20 +13,19 @@ if [ -d /usr/share/tesseract-ocr/5/tessdata ]; then
         cp -r /usr/share/tesseract-ocr/5/tessdata/* /usr/share/tessdata || true;
 fi
 
-
 # Update the user and group IDs as per environment variables
 if [ ! -z "$PUID" ] && [ "$PUID" != "$(id -u stirlingpdfuser)" ]; then
     usermod -o -u "$PUID" stirlingpdfuser
 fi
 
-if [ ! -z "$PGID" ] && [ "$PGID" != "$(id -g stirlingpdfgroup)" ]; then
+if [ ! -z "$PGID" ] && [ "$PGID" != "$(getent group stirlingpdfgroup | cut -d: -f3)" ]; then
     groupmod -o -g "$PGID" stirlingpdfgroup
 fi
 umask "$UMASK"
 
 echo "Setting permissions and ownership for necessary directories..."
-chown -R stirlingpdfuser:stirlingpdfgroup /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
-chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles
+chown -R stirlingpdfuser:stirlingpdfgroup $HOME /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
+chmod -R 755 /logs /scripts /usr/share/fonts/opentype/noto /usr/share/tessdata /configs /customFiles /pipeline /app.jar
 
 
 

src/main/java/stirling/software/SPDF/config/security/SecurityConfiguration.java

@@ -66,10 +66,11 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                     sessionManagement ->
                             sessionManagement
                                     .sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
-                                    .maximumSessions(3)
+                                    .maximumSessions(1)
                                     .maxSessionsPreventsLogin(true)
                                     .sessionRegistry(sessionRegistry())
                                     .expiredUrl("/login?logout=true"));
+
             http.formLogin(
                             formLogin ->
                                     formLogin
@@ -92,8 +93,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                                             .addLogoutHandler(
                                                     (request, response, authentication) -> {
                                                         HttpSession session =
-                                                                request.getSession(
-                                                                        false); 
+                                                                request.getSession(false);
                                                         if (session != null) {
                                                             String sessionId = session.getId();
                                                             sessionRegistry()

src/main/java/stirling/software/SPDF/controller/api/UserController.java

@@ -56,8 +56,8 @@ public String register(@ModelAttribute UsernameAndPass requestModel, Model model
     @PostMapping("/change-username")
     public RedirectView changeUsername(
             Principal principal,
-            @RequestParam String currentPassword,
-            @RequestParam String newUsername,
+            @RequestParam(name = "currentPassword") String currentPassword,
+            @RequestParam(name = "newUsername") String newUsername,
             HttpServletRequest request,
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
@@ -95,8 +95,8 @@ public RedirectView changeUsername(
     @PostMapping("/change-password-on-login")
     public RedirectView changePasswordOnLogin(
             Principal principal,
-            @RequestParam String currentPassword,
-            @RequestParam String newPassword,
+            @RequestParam(name = "currentPassword") String currentPassword,
+            @RequestParam(name = "newPassword") String newPassword,
             HttpServletRequest request,
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
@@ -128,8 +128,8 @@ public RedirectView changePasswordOnLogin(
     @PostMapping("/change-password")
     public RedirectView changePassword(
             Principal principal,
-            @RequestParam String currentPassword,
-            @RequestParam String newPassword,
+            @RequestParam(name = "currentPassword") String currentPassword,
+            @RequestParam(name = "newPassword") String newPassword,
             HttpServletRequest request,
             HttpServletResponse response,
             RedirectAttributes redirectAttributes) {
@@ -180,9 +180,9 @@ public String updateUserSettings(HttpServletRequest request, Principal principal
     @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping("/admin/saveUser")
     public RedirectView saveUser(
-            @RequestParam String username,
-            @RequestParam String password,
-            @RequestParam String role,
+            @RequestParam(name = "username") String username,
+            @RequestParam(name = "password") String password,
+            @RequestParam(name = "role") String role,
             @RequestParam(name = "forceChange", required = false, defaultValue = "false")
                     boolean forceChange) {
 
@@ -207,7 +207,8 @@ public RedirectView saveUser(
 
     @PreAuthorize("hasRole('ROLE_ADMIN')")
     @PostMapping("/admin/deleteUser/{username}")
-    public RedirectView deleteUser(@PathVariable String username, Authentication authentication) {
+    public RedirectView deleteUser(
+            @PathVariable(name = "username") String username, Authentication authentication) {
 
         if (!userService.usernameExists(username)) {
             return new RedirectView("/addUsers?messageType=deleteUsernameExists");

test.sh

@@ -18,7 +18,8 @@ check_health() {
 		fi
 	done
 	echo -e "\n$service_name is healthy!"
-
+	echo "Printing logs for $service_name:"
+    docker logs "$service_name"
     return 0
 }