fix(mysql): use % during user creation if remote db host

closes #642
- use % rather than the db host if host isn't localhost

Author: acburdine

extensions/mysql/index.js

@@ -3,9 +3,12 @@
 const Promise = require('bluebird');
 const mysql = require('mysql');
 const omit = require('lodash/omit');
+const includes = require('lodash/includes');
 const cli = require('../../lib');
 const generator = require('generate-password');
 
+const localhostAliases = ['localhost', '127.0.0.1'];
+
 class MySQLExtension extends cli.Extension {
     setup(cmd, argv) {
         // Case 1: ghost install local OR ghost setup --local
@@ -84,6 +87,11 @@ class MySQLExtension extends cli.Extension {
             strict: true
         });
 
+        // This will be the "allowed connections from" host of the mysql user.
+        // If the db connection host is something _other_ than localhost (e.g. a remote db connection)
+        // we want the host to be `%` rather than the db host.
+        const host = !includes(localhostAliases, dbconfig.host) ? '%' : dbconfig.host;
+
         let username;
 
         // Ensure old passwords is set to 0
@@ -103,7 +111,7 @@ class MySQLExtension extends cli.Extension {
                 username = `ghost-${Math.floor(Math.random() * 1000)}`;
 
                 return this._query(
-                    `CREATE USER '${username}'@'${dbconfig.host}' ` +
+                    `CREATE USER '${username}'@'${host}' ` +
                     `IDENTIFIED WITH mysql_native_password AS '${result[0].password}';`
                 ).catch((error) => {
                     // User already exists, run this method again
@@ -121,6 +129,7 @@ class MySQLExtension extends cli.Extension {
             this.ui.logVerbose(`MySQL: successfully created new user ${username}`, 'green');
 
             ctx.mysql = {
+                host: host,
                 username: username,
                 password: randomPassword
             };
@@ -132,7 +141,7 @@ class MySQLExtension extends cli.Extension {
     }
 
     grantPermissions(ctx, dbconfig) {
-        return this._query(`GRANT ALL PRIVILEGES ON ${dbconfig.database}.* TO '${ctx.mysql.username}'@'${dbconfig.host}';`).then(() => {
+        return this._query(`GRANT ALL PRIVILEGES ON ${dbconfig.database}.* TO '${ctx.mysql.username}'@'${ctx.mysql.host}';`).then(() => {
             this.ui.logVerbose(`MySQL: Successfully granted privileges for user "${ctx.mysql.username}"`, 'green');
             return this._query('FLUSH PRIVILEGES;');
         }).then(() => {

extensions/mysql/test/extension-spec.js

@@ -204,6 +204,28 @@ describe('Unit: Mysql extension', function () {
             });
         });
 
+        it('uses % for user host if db host is not localhost or 127.0.0.1', function () {
+            const logStub = sinon.stub();
+            const instance = new MysqlExtension({logVerbose: logStub}, {}, {}, '/some/dir');
+            const queryStub = sinon.stub(instance, '_query').resolves();
+            queryStub.onSecondCall().resolves([{password: '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19'}]);
+            const ctx = {};
+
+            return instance.createUser(ctx, {host: '117.241.162.107'}).then(() => {
+                expect(queryStub.calledThrice).to.be.true;
+                expect(queryStub.args[0][0]).to.equal('SET old_passwords = 0;');
+                expect(queryStub.args[1][0]).to.match(/^SELECT PASSWORD\('[a-zA-Z0-9!@#$%^&*()+_\-=}{[\]|:;"/?.><,`~]*'\) AS password;$/);
+                expect(queryStub.args[2][0]).to.match(/^CREATE USER 'ghost-[0-9]{1,4}'@'%' IDENTIFIED WITH mysql_native_password AS '\*[0-9A-F]*';$/);
+                expect(logStub.calledThrice).to.be.true;
+                expect(logStub.args[0][0]).to.match(/disabled old_password/);
+                expect(logStub.args[1][0]).to.match(/created password hash/);
+                expect(logStub.args[2][0]).to.match(/successfully created new user/);
+                expect(ctx.mysql).to.exist;
+                expect(ctx.mysql.username).to.match(/^ghost-[0-9]{1,4}$/);
+                expect(ctx.mysql.password).to.match(/^[a-zA-Z0-9!@#$%^&*()+_\-=}{[\]|:;"/?.><,`~]*$/);
+            });
+        });
+
         it('retries creating user if username already exists', function () {
             const logStub = sinon.stub();
             const instance = new MysqlExtension({logVerbose: logStub}, {}, {}, '/some/dir');
@@ -288,9 +310,9 @@ describe('Unit: Mysql extension', function () {
             const instance = new MysqlExtension({logVerbose: logStub}, {}, {}, '/some/dir');
             const queryStub = sinon.stub(instance, '_query').resolves();
 
-            return instance.grantPermissions({mysql: {username: 'testuser'}}, {host: 'localhost', database: 'ghost'}).then(() => {
+            return instance.grantPermissions({mysql: {username: 'testuser', host: '%'}}, {host: 'localhost', database: 'ghost'}).then(() => {
                 expect(queryStub.calledTwice).to.be.true;
-                expect(queryStub.calledWithExactly('GRANT ALL PRIVILEGES ON ghost.* TO \'testuser\'@\'localhost\';')).to.be.true;
+                expect(queryStub.calledWithExactly('GRANT ALL PRIVILEGES ON ghost.* TO \'testuser\'@\'%\';')).to.be.true;
                 expect(queryStub.calledWithExactly('FLUSH PRIVILEGES;')).to.be.true;
                 expect(logStub.calledTwice).to.be.true;
                 expect(logStub.args[0][0]).to.match(/Successfully granted privileges/);