From 0010a6cfa373232890d5ce2841f8f2a94f2a50d8 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 30 Dec 2021 14:57:49 +0100
Subject: [PATCH 1/2] disable login if Nextcloud is running

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/public/index.php                   |  8 ++++++--
 php/src/Docker/DockerActionManager.php |  9 +++++++++
 php/templates/login.twig               | 19 ++++++++++++-------
 3 files changed, 27 insertions(+), 9 deletions(-)

diff --git a/php/public/index.php b/php/public/index.php
index 29c467d4..a1a8c189 100644
--- a/php/public/index.php
+++ b/php/public/index.php
@@ -89,9 +89,13 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
         'last_backup_time' => $configurationManager->GetLastBackupTime(),
     ]);
 })->setName('profile');
-$app->get('/login', function ($request, $response, $args) {
+$app->get('/login', function ($request, $response, $args) use ($container) {
     $view = Twig::fromRequest($request);
-    return $view->render($response, 'login.twig');
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+    return $view->render($response, 'login.twig', [
+        'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
+    ]);
 });
 $app->get('/setup', function ($request, $response, $args) use ($container) {
     $view = Twig::fromRequest($request);
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index 9a424108..79702cd9 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -507,4 +507,13 @@ class DockerActionManager
             return -1;
         }
     }
+
+    public function isLoginAllowed() : bool {
+        $id = 'nextcloud-aio-apache';
+        $apacheContainer = $this->containerDefinitionFetcher->GetContainerById($id);
+        if ($this->GetContainerStartingState($apacheContainer) instanceof RunningState) {
+            return false;
+        }
+        return true;
+    }
 }
diff --git a/php/templates/login.twig b/php/templates/login.twig
index 06b875ea..f9f7564a 100644
--- a/php/templates/login.twig
+++ b/php/templates/login.twig
@@ -5,13 +5,18 @@
         <div class="login">
             <img src="/img/logo-blue.svg" style="margin-left: auto;margin-right: auto;display: block;">
             <h1>Nextcloud AIO Login</h1>
-            <p>Log in using your Nextcloud AIO password. If you don't have it, you can also use the automatic login from your Nextcloud.</p>
-            <form method="POST" action="/api/auth/login">
-                <input type="text" name="password" placeholder="Password" />
-                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                <input type="submit" class="button" value="Login" />
-            </form>
+            {% if is_login_allowed == true %}
+                <p>Log in using your Nextcloud AIO password.</p>
+                <form method="POST" action="/api/auth/login">
+                    <input type="text" name="password" placeholder="Password" />
+                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                    <input type="submit" class="button" value="Login" />
+                </form>
+            {% else %}
+                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
+                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
+            {% endif %}
         </div>
     </div>
 {% endblock %}

From f6fc87354d399f1ebe0953bea8b1e4cbf3563f5d Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 14 Jan 2022 11:39:39 +0100
Subject: [PATCH 2/2] block the login in the controller as well

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 php/src/Controller/LoginController.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/php/src/Controller/LoginController.php b/php/src/Controller/LoginController.php
index c917115c..aaab2952 100644
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -12,12 +12,17 @@ use Psr\Http\Message\ServerRequestInterface as Request;
 class LoginController
 {
     private AuthManager $authManager;
+    private DockerActionManager $dockerActionManager;
 
-    public function __construct(AuthManager $authManager) {
+    public function __construct(AuthManager $authManager, DockerActionManager $dockerActionManager) {
         $this->authManager = $authManager;
+        $this->dockerActionManager = $dockerActionManager;
     }
 
     public function TryLogin(Request $request, Response $response, $args) : Response {
+        if (!$this->dockerActionManager->isLoginAllowed()) {
+            return $response->withHeader('Location', '/')->withStatus(302);
+        }
         $password = $request->getParsedBody()['password'];
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);