YunoHost-Apps/aeneria_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/aeneria_ynh.git synced 2024-09-03 18:06:15 +02:00
Code Issues Activity Actions

Merge branch 'aeneria-v2' of https://github.com/YunoHost-Apps/aeneria_ynh into aeneria-v2

Browse source
This commit is contained in:
Éric Gaspar 2024-01-08 10:10:20 +01:00
commit 3f69864f60
10 changed files with 159 additions and 258 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -22,7 +22,7 @@ The idea of [æneria](https://aeneria.com) is to display energy consumption and
* Analyse energy consumption throw weather data
**Shipped version:** 2.0.0~ynh1
**Shipped version:** 2.0.3~ynh1
**Demo:** https://demo.aeneria.com

2
README_fr.md
View file

@ -21,7 +21,7 @@ L'idée de [æneria](https://aeneria.com) est d'afficher la consommation d'éner
* Mieux comprendre sa propre consommation d'énergie
* Analyser la consommation d'énergie et les données météorologiques
**Version incluse :** 2.0.0~ynh1
**Version incluse :** 2.0.3~ynh1
**Démo :** https://demo.aeneria.com

10
conf/.env
View file

@ -42,13 +42,13 @@ AENERIA_PROXY_FOR_GRDF=1
ENEDIS_CLIENT_ID=noneed
ENEDIS_CLIENT_SECRET=noneed
ENEDIS_REDIRECT_URI=noneed
ENEDIS_ENDPOINT_AUTH=https://mon-compte-particulier.enedis.fr
ENEDIS_ENDPOINT_TOKEN=https://gw.prd.api.enedis.fr
ENEDIS_ENDPOINT_DATA=https://gw.prd.api.enedis.fr
ENEDIS_ENDPOINT_AUTH=noneed
ENEDIS_ENDPOINT_TOKEN=noneed
ENEDIS_ENDPOINT_DATA=noneed
# Grdf adict
GRDF_CLIENT_ID=noneed
GRDF_CLIENT_SECRET=noneed
GRDF_REDIRECT_URI=noneed
GRDF_ENDPOINT_AUTH=https://sofit-sso-oidc.grdf.fr
GRDF_ENDPOINT_DATA=https://api.grdf.fr
GRDF_ENDPOINT_AUTH=noneed
GRDF_ENDPOINT_DATA=noneed

41
hooks/post_app_addaccess
View file

@ -1,41 +0,0 @@
#!/bin/bash
app=$1
# Run only if we are altering aeneria's permissions
[[ "$app" != "__APP__" ]] && exit 0
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source /etc/yunohost/apps/$app/scripts/_common.sh
# Retrieve arguments
usernames=$2
permission=$3
groups=$4
install_dir=$(ynh_app_setting_get "$app" install_dir)
phpversion=$(ynh_app_setting_get "$app" phpversion)
IFS=',' read -r -a user_list <<< "$usernames"
IFS=',' read -r -a group_list <<< "$groups"
for group in "${group_list[@]}"
do
group_array=$(yunohost user group list --output-as json --quiet | jq -r --arg group "$group" ".groups.$group.members | @csv" | tr -d \")
IFS=',' read -r -a group_array <<< "$group_array"
user_list+=("${group_array[@]}")
done
pushd $install_dir
for user in "${user_list[@]}"
do
mail=$(ynh_user_get_info --username="$user" --key=mail)
user_exists=$(ynh_exec_as $app php$phpversion bin/console aeneria:user:exist "$mail")
if [ $user_exists -eq 0 ]
then
user_pass=$(ynh_string_random)
ynh_exec_as $app php$phpversion bin/console aeneria:user:add "$mail" "$user_pass" -n
else
ynh_exec_as $app php$phpversion bin/console aeneria:user:activate "$mail"
fi
done
popd

32
hooks/post_app_removeaccess
View file

@ -1,32 +0,0 @@
#!/bin/bash
app=$1
# Run only if we are altering aeneria's permissions
[[ "$app" != "__APP__" ]] && exit 0
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source /etc/yunohost/apps/$app/scripts/_common.sh
# Retrieve arguments
usernames=$2
permission=$3
groups=$4
install_dir=$(ynh_app_setting_get "$app" install_dir)
phpversion=$(ynh_app_setting_get "$app" phpversion)
IFS=',' read -r -a user_list <<< "$usernames"
IFS=',' read -r -a group_list <<< "$groups"
for group in "${group_list[@]}"
do
group_array=$(yunohost user group list --output-as json --quiet | jq -r --arg group "$group" ".groups.$group.members | @csv" | tr -d \")
IFS=',' read -r -a group_array <<< "$group_array"
user_list+=("${group_array[@]}")
done
for user in "${user_list[@]}"
do
mail=$(ynh_user_get_info --username="$user" --key=mail)
cd "$install_dir" && ynh_exec_as $app php$phpversion bin/console aeneria:user:deactivate "$mail" -n
done

6
manifest.toml
View file

@ -5,7 +5,7 @@ name = "æneria"
description.en = "Dashboard to analyse your energy consumption data from Linky, Gazpar & weather"
description.fr = "Dashboard pour analyser vos données de consommation d'énergie Linky, Gazpar et météo"
version = "2.0.0~ynh1"
version = "2.0.3~ynh1"
maintainers = ["Simon Mellerin"]
@ -44,8 +44,8 @@ ram.runtime = "50M"
[resources]
[resources.sources.main]
url = "https://statics.aeneria.com/aeneria-app-2.0.0.tar.gz"
sha256 = "8a36dc2634178e6f087893aca6459ef7cbe7ad9e436c829a7f05f88a8a304571"
url = "https://statics.aeneria.com/aeneria-app-2.0.4.tar.gz"
sha256 = "f7d159bed0a76a05f38c58d8a66e73966580731c709eefb3b2be3cf213a53aae"
[resources.system_user]

8
scripts/install
View file

@ -76,14 +76,6 @@ ynh_add_config --template="aeneria.cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
#=================================================
# ADAPT HOOK FOR AENERIA INSTANCE
#=================================================
ynh_script_progression --message="Adapting hooks..." --weight=1
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#=================================================
# END OF SCRIPT
#=================================================

11
scripts/upgrade
View file

@ -58,6 +58,9 @@ then
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$tmpdir"
# Keep private dir
mv "$install_dir/private" "$tmpdir"
# Replace the old aeneria by the new one
ynh_secure_remove --file="$install_dir"
mv "$tmpdir" "$install_dir"
@ -117,14 +120,6 @@ pushd $install_dir
ynh_exec_as $app php$phpversion bin/console aeneria:generate-key -n
popd
#=================================================
# ADAPT HOOK FOR AENERIA INSTANCE
#=================================================
ynh_script_progression --message="Adapting hooks..." --weight=1
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_addaccess"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_app_removeaccess"
#=================================================
# END OF SCRIPT
#=================================================

159
sources/patches/app-00-ldap-auth.patch
View file

@ -1,159 +0,0 @@
commit 19648694faaf973e7b4b0de1dbe49710e14a8ce7
Author: Simon Mellerin <simon.mellerin@makina-corpus.com>
Date: Fri Dec 22 17:22:41 2023 +0100
Yunohost ldap
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 6c4457f1..ea1f3dc9 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -11,6 +11,8 @@ security:
entity:
class: App\Entity\User
property: username
+ user_provider_yunohost:
+ id: yunohost.provider.ldap
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -23,6 +25,10 @@ security:
login_path: security.login
check_path: security.login
enable_csrf: true
+ http_basic_ldap:
+ provider: user_provider_yunohost
+ service: yunohost.ldap
+ dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
logout:
path: security.logout
target: security.login
diff --git a/config/services.yaml b/config/services.yaml
index 4410bfc5..71b9ba86 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -105,3 +105,16 @@ services:
Aeneria\GrdfAdictApi\Client\GrdfAdictClientInterface:
alias: Aeneria\GrdfAdictApi\Client\GrdfAdictClient
+
+ yunohost.provider.ldap:
+ class: App\Security\YunohostLdapUserProvider
+ arguments: ["@yunohost.ldap", "ou=users,dc=yunohost,dc=org"]
+
+ yunohost.ldap:
+ class: Symfony\Component\Ldap\Ldap
+ arguments: ['@yunohost.ldap.adapter']
+
+ yunohost.ldap.adapter:
+ class: Symfony\Component\Ldap\Adapter\ExtLdap\Adapter
+ arguments:
+ - host: "localhost"
diff --git a/src/Security/YunohostLdapUserProvider.php b/src/Security/YunohostLdapUserProvider.php
new file mode 100644
index 00000000..09ad20c6
--- /dev/null
+++ b/src/Security/YunohostLdapUserProvider.php
@@ -0,0 +1,102 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security;
+
+use App\Entity\User;
+use App\Repository\UserRepository;
+use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Ldap\Exception\ConnectionException;
+use Symfony\Component\Ldap\LdapInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
+use Symfony\Component\Security\Core\Exception\UnsupportedUserException;
+use Symfony\Component\Security\Core\Exception\UserNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\User\UserProviderInterface;
+
+/**
+ * Adapted from LdapUserProvider.
+ *
+ */
+class YunohostLdapUserProvider implements UserProviderInterface
+{
+ private string $defaultSearch = '(uid={username})';
+
+ public function __construct(
+ private LdapInterface $ldap,
+ private string $baseDn,
+ private UserRepository $userRepository,
+ private ?string $searchDn = null,
+ private ?string $searchPassword = null,
+ ) {}
+
+ /**
+ * {@inheritdoc}
+ */
+ public function loadUserByUsername(string $username)
+ {
+ trigger_deprecation('symfony/security-core', '5.3', 'Method "%s()" is deprecated, use loadUserByIdentifier() instead.', __METHOD__);
+
+ return $this->loadUserByIdentifier($username);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function loadUserByIdentifier(string $identifier): UserInterface
+ {
+ try {
+ $this->ldap->bind($this->searchDn, $this->searchPassword);
+ $username = $this->ldap->escape($identifier, '', LdapInterface::ESCAPE_FILTER);
+ $query = str_replace('{username}', $identifier, $this->defaultSearch);
+ $search = $this->ldap->query($this->baseDn, $query);
+ } catch (ConnectionException $e) {
+ throw new UserNotFoundException(sprintf('User "%s" not found.', $identifier), 0, $e);
+ }
+
+ $entries = $search->execute();
+ $count = \count($entries);
+
+ if ($count > 1) {
+ throw new UserNotFoundException('More than one user found.');
+ }
+
+ $entry = $entries[0];
+
+ $identifier = $this->getAttributeValue($entry, 'mail');
+
+ return $this->userRepository->findOneBy(['username' => $identifier]);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function refreshUser(UserInterface $user)
+ {
+ if (!$user instanceof User) {
+ throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', \get_class($user)));
+ }
+
+ return $this->userRepository->findOneBy(['username' => $user->getUsername()]);
+ }
+
+ /**
+ * {@inheritdoc}
+ */
+ public function supportsClass(string $class)
+ {
+ return User::class === $class;
+ }
+
+ private function getAttributeValue(Entry $entry, string $attribute)
+ {
+ if (!$entry->hasAttribute($attribute)) {
+ throw new InvalidArgumentException(sprintf('Missing attribute "%s" for user "%s".', $attribute, $entry->getDn()));
+ }
+
+ $values = $entry->getAttribute($attribute);
+
+ return $values[0];
+ }
+}

146
sources/patches/main-00-ldap-auth.patch Normal file
View file

@ -0,0 +1,146 @@
commit 7a3e622666fa16ab124158cffec73d9a3e6748bf
Author: Simon Mellerin <simon.mellerin@makina-corpus.com>
Date: Sun Jan 7 16:25:06 2024 +0100
YNH LDAP
diff --git a/config/packages/security.yaml b/config/packages/security.yaml
index 6c4457f1..e716ba39 100644
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@@ -11,6 +11,11 @@ security:
entity:
class: App\Entity\User
property: username
+ ldap_user_provider:
+ id: ynh.ldap.user.provider
+ all_users:
+ chain:
+ providers: ['ldap_user_provider', 'app_user_provider']
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -22,7 +27,12 @@ security:
form_login:
login_path: security.login
check_path: security.login
+ provider: app_user_provider
enable_csrf: true
+ http_basic_ldap:
+ provider: ldap_user_provider
+ service: ynh.ldap
+ dn_string: 'uid={username},ou=users,dc=yunohost,dc=org'
logout:
path: security.logout
target: security.login
diff --git a/config/services.yaml b/config/services.yaml
index 3e770913..83fbec0d 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -104,3 +104,21 @@ services:
Aeneria\GrdfAdictApi\Client\GrdfAdictClientInterface:
alias: Aeneria\GrdfAdictApi\Client\GrdfAdictClient
+
+ ynh.ldap.user.provider:
+ class: App\Security\YnhLdapUserProvider
+ arguments:
+ $ldap: '@ynh.ldap'
+ $baseDn: "dc=yunohost,dc=org"
+ # $searchDn: 'uid={username},ou=users,dc=yunohost,dc=org'
+ $uidKey: "uid"
+
+ ynh.ldap:
+ class: Symfony\Component\Ldap\Ldap
+ arguments: ['@ynh.ldap.adapter']
+ tags: ['ldap']
+
+ ynh.ldap.adapter:
+ class: Symfony\Component\Ldap\Adapter\ExtLdap\Adapter
+ arguments:
+ - host: "localhost"
diff --git a/src/Security/YnhLdapUserProvider.php b/src/Security/YnhLdapUserProvider.php
new file mode 100755
index 00000000..eb8b1149
--- /dev/null
+++ b/src/Security/YnhLdapUserProvider.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace App\Security;
+
+use App\Entity\User;
+use App\Repository\UserRepository;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Ldap\Entry;
+use Symfony\Component\Ldap\LdapInterface;
+use Symfony\Component\Ldap\Security\LdapUserProvider as SecurityLdapUserProvider;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class YnhLdapUserProvider extends SecurityLdapUserProvider
+{
+ public function __construct(
+ private EntityManagerInterface $entityManager,
+ private UserRepository $userRepository,
+ LdapInterface $ldap,
+ string $baseDn,
+ string $searchDn = null,
+ string $searchPassword = null,
+ array $defaultRoles = [],
+ string $uidKey = null,
+ string $filter = null,
+ string $passwordAttribute = null,
+ array $extraFields = [])
+ {
+ parent::__construct(
+ $ldap,
+ $baseDn,
+ $searchDn,
+ $searchPassword,
+ $defaultRoles,
+ $uidKey,
+ $filter,
+ $passwordAttribute,
+ $extraFields,
+ );
+ }
+ /**
+ * {@inheritdoc}
+ */
+ public function supportsClass(string $class)
+ {
+ return LdapUser::class === $class;
+ }
+
+ /**
+ * Loads a user from an LDAP entry.
+ *
+ * @return UserInterface
+ */
+ protected function loadUser(string $identifier, Entry $entry)
+ {
+ $email = $entry->getAttribute('mail');
+
+ // Dans le cadre de la connexion LDAP Yunohost,
+ // on cherche l'utilisateur par son mail.
+ //
+ $user = $this->userRepository->findOneBy(['username' => $email]);
+
+ // Si l'utilisateur n'existe pas encore, on le crée.
+ if (!$user) {
+ $user = (new User())
+ ->setUsername(\reset($email))
+ ->setPassword(\random_bytes(32))
+ ->setActive(true)
+ ->setUpdatedAt(new \DateTimeImmutable())
+ ;
+
+ $this->entityManager->persist($user);
+ $this->entityManager->flush();
+ }
+
+ return $user->setUsername(\reset($email))
+ ->setUserIdentifier($identifier)
+ ;
+ }
+}