From 7b43f635e29cd38648e81dbc8044fb325e766850 Mon Sep 17 00:00:00 2001 From: Nicolas Quiniou-Briand Date: Tue, 28 Apr 2020 06:57:35 +0200 Subject: [PATCH 1/7] Add accounts to access demo --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3aa6d9f..4817dda 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,8 @@ sabre/dav, that includes an administration interface for easy management. ## Demo * [YunoHost demo](https://demo.yunohost.org/baikal/admin/) + * Accounts: + * `demo/demo` then `admin/demo` ## Configuration From 7f7ab5da0a6280fb13e8b22c35db1d2524a6b076 Mon Sep 17 00:00:00 2001 From: nicofrand Date: Thu, 30 Apr 2020 17:30:33 +0200 Subject: [PATCH 2/7] Fix path when app is used on root (sub)domain (fix #33) --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index d428307..62b7247 100644 --- a/scripts/install +++ b/scripts/install @@ -131,7 +131,7 @@ ynh_store_file_checksum --file="$bk_conf" bk_conf="${final_path}/Specific/config.system.php" cp ../conf/config.system.php "$bk_conf" -ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" +ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" diff --git a/scripts/upgrade b/scripts/upgrade index c598971..b9495d9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -168,7 +168,7 @@ then cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf" + ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) From 5a739f9b6df3c538f40ca58845a4e3e237233183 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 10:40:49 +0200 Subject: [PATCH 3/7] Specify the php version --- scripts/_common.sh | 4 +++- scripts/upgrade | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index dfc713b..6eef4b8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,9 @@ #================================================= # dependencies used by the app -pkg_dependencies="php-xml php-mbstring php-mysql" +YNH_PHP_VERSION="7.3" + +pkg_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-mysql" #================================================= # EXPERIMENTAL HELPERS diff --git a/scripts/upgrade b/scripts/upgrade index b9495d9..a4dcc05 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,6 +94,7 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # UPGRADE DEPENDENCIES @@ -129,7 +130,7 @@ then ynh_script_progression --message="Upgrading baikal..." # Run Baikal upgrade - php "${final_path}/bin/upgrade.sh" + php"${phpversion}" "${final_path}/bin/upgrade.sh" # Cleanup old baikal-admin sessions # since we may have changed owner of the session file From bb30f9d7e4569bc88e400e6c4690fcedf3f1cb02 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 15:44:17 +0200 Subject: [PATCH 4/7] Upgrade to 0.7.1 --- README.md | 2 +- conf/app.src | 4 +- conf/baikal.yaml | 29 ++++++++ conf/config.php | 62 ---------------- conf/config.system.php | 72 ------------------- manifest.json | 2 +- scripts/backup | 3 +- scripts/change_url | 6 +- scripts/install | 16 ++--- scripts/restore | 8 ++- scripts/upgrade | 54 +++++++------- .../Baikal/Core/LDAPUserBindAuth.php | 18 +++-- sources/extra_files/app/bin/upgrade.sh | 20 +++--- sources/patches/app-add-ldap-auth.patch | 72 +++++++------------ 14 files changed, 122 insertions(+), 246 deletions(-) create mode 100644 conf/baikal.yaml delete mode 100644 conf/config.php delete mode 100644 conf/config.system.php diff --git a/README.md b/README.md index 4817dda..ed6fd97 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on sabre/dav, that includes an administration interface for easy management. -**Shipped version:** 0.6.1 +**Shipped version:** 0.7.1 ## Screenshots diff --git a/conf/app.src b/conf/app.src index dc0f4b6..7eb737e 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.1/baikal-0.6.1.zip -SOURCE_SUM=b3a553591a84f4262a6333cf79a1624e5d424d52c4071c77934b7191f714d757 +SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.7.1/baikal-0.7.1.zip +SOURCE_SUM=dade7d8dd740ed66f6d87368a6ceff845938ba57d7f45063f8b9cea6278c1c0a SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/conf/baikal.yaml b/conf/baikal.yaml new file mode 100644 index 0000000..47135ed --- /dev/null +++ b/conf/baikal.yaml @@ -0,0 +1,29 @@ +system: + configured_version: '0.7.1' + timezone: '__TIMEZONE__' + card_enabled: true + cal_enabled: true + invite_from: 'noreply@localhost' + dav_auth_type: 'LDAP-UserBind' + admin_passwordhash: __PASSWORDHASH__ + auth_realm: BaikalDAV + base_uri: '__PATH__' +# Auth Backend LDAP-UserBind; LDAP URI + dav_ldap_uri: 'ldap://127.0.0.1/' +# Auth Backend LDAP-UserBind; Template for userbind +# %n => username +# %u => user part of username when it is an email +# %u => domain part of username when it is an email + dav_ldap_dn_template: 'uid=%n,ou=users,dc=yunohost,dc=org' +# Auth Backend LDAP-UserBind; attribute for displayname + dav_ldap_displayname_attr: 'cn' +# Auth Backend LDAP-UserBind; attribute for email + dav_ldap_email_attr: 'mail' +database: + encryption_key: '__DESKEY__' + sqlite_file: "absolute/path/to/Specific/db/db.sqlite" + mysql: true + mysql_host: 'localhost' + mysql_dbname: '__DBNAME__' + mysql_username: '__DBUSER__' + mysql_password: '__DBPASS__' diff --git a/conf/config.php b/conf/config.php deleted file mode 100644 index 06495d5..0000000 --- a/conf/config.php +++ /dev/null @@ -1,62 +0,0 @@ - -# All rights reserved -# -# http://baikal-server.com -# -# This script is part of the Baïkal Server project. The Baïkal -# Server project is free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# The GNU General Public License can be found at -# http://www.gnu.org/copyleft/gpl.html. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# This copyright notice MUST APPEAR in all copies of the script! -# -############################################################################## - -############################################################################## -# Required configuration -# You *have* to review these settings for Baïkal to run properly -# - -# Timezone of your users, if unsure, check http://en.wikipedia.org/wiki/List_of_tz_database_time_zones -define("PROJECT_TIMEZONE", '__TIMEZONE__'); - -# CardDAV ON/OFF switch; default TRUE -define("BAIKAL_CARD_ENABLED", TRUE); - -# CalDAV ON/OFF switch; default TRUE -define("BAIKAL_CAL_ENABLED", TRUE); - -# WebDAV authentication type; default Digest -define("BAIKAL_DAV_AUTH_TYPE", 'LDAP-UserBind'); - -# Auth Backend LDAP-UserBind; LDAP URI -define("BAIKAL_DAV_LDAP_URI", 'ldap://127.0.0.1/'); - -# Auth Backend LDAP-UserBind; Template for userbind -# %n => username -# %u => user part of username when it is an email -# %u => domain part of username when it is an email -define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'uid=%n,ou=users,dc=yunohost,dc=org'); - -# Auth Backend LDAP-UserBind; attribute for displayname -define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); - -# Auth Backend LDAP-UserBind; attribute for email -define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); - -# Baïkal Web admin password hash; Set via Baïkal Web Admin -define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__'); \ No newline at end of file diff --git a/conf/config.system.php b/conf/config.system.php deleted file mode 100644 index b1ca4bb..0000000 --- a/conf/config.system.php +++ /dev/null @@ -1,72 +0,0 @@ - -# All rights reserved -# -# http://baikal-server.com -# -# This script is part of the Baïkal Server project. The Baïkal -# Server project is free software; you can redistribute it -# and/or modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# The GNU General Public License can be found at -# http://www.gnu.org/copyleft/gpl.html. -# -# This script is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# This copyright notice MUST APPEAR in all copies of the script! -# -############################################################################## - -############################################################################## -# System configuration -# Should not be changed, unless YNWYD -# -# RULES -# 0. All folder pathes *must* be suffixed by "/" -# 1. All URIs *must* be suffixed by "/" if pointing to a folder -# - -# If you change this value, you'll have to re-generate passwords for all your users -define("BAIKAL_AUTH_REALM", 'BaikalDAV'); - -# Should begin and end with a "/" -define("BAIKAL_CARD_BASEURI", "__PATH__/card.php/"); - -# Should begin and end with a "/" -define("BAIKAL_CAL_BASEURI", "__PATH__/cal.php/"); - -# Should begin and end with a "/" -define("BAIKAL_DAV_BASEURI", "__PATH__/dav.php/"); - -# Define path to Baïkal Database SQLite file -define("PROJECT_SQLITE_FILE", PROJECT_PATH_SPECIFIC . "db/db.sqlite"); - -# MySQL > Use MySQL instead of SQLite ? -define("PROJECT_DB_MYSQL", TRUE); - -# MySQL > Host, including ':portnumber' if port is not the default one (3306) -define("PROJECT_DB_MYSQL_HOST", 'localhost'); - -# MySQL > Database name -define("PROJECT_DB_MYSQL_DBNAME", '__DBNAME__'); - -# MySQL > Username -define("PROJECT_DB_MYSQL_USERNAME", '__DBUSER__'); - -# MySQL > Password -define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__'); - -# A random 32 bytes key that will be used to encrypt data -define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__'); - -# The currently configured Baïkal version -define("BAIKAL_CONFIGURED_VERSION", '0.6.1'); diff --git a/manifest.json b/manifest.json index 49f43ef..ba00e60 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Lightweight CalDAV+CardDAV server", "fr": "Serveur CalDAV+CardDAV léger" }, - "version": "0.6.1~ynh1", + "version": "0.7.1~ynh1", "url": "http://baikal-server.com/", "license": "GPL-3.0", "maintainer": { diff --git a/scripts/backup b/scripts/backup index a9a89a1..8f642f0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # STANDARD BACKUP STEPS @@ -48,7 +49,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index e80ce8d..eefd59f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -96,7 +96,11 @@ fi #================================================= ynh_script_progression --message="Updating baikal configuration..." -ynh_replace_string --match_string="_BASEURI\", \"$old_path" --replace_string="_BASEURI\", \"$new_path" --target_file="${final_path}/Specific/config.system.php" +ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml" + +ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="${final_path}/config/baikal.yaml" + +ynh_store_file_checksum --file="${final_path}/config/baikal.yaml" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index 62b7247..d43be25 100644 --- a/scripts/install +++ b/scripts/install @@ -116,21 +116,15 @@ ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ # CONFIGURE BAIKAL #================================================= -bk_conf="${final_path}/Specific/config.php" -cp ../conf/config.php "$bk_conf" +bk_conf="${final_path}/config/baikal.yaml" +cp ../conf/baikal.yaml "$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" # Create admin password hash -password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) +password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1) ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash -# Store the config file checksum into the app settings -ynh_store_file_checksum --file="$bk_conf" - -bk_conf="${final_path}/Specific/config.system.php" -cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" @@ -154,8 +148,8 @@ touch "${final_path}/Specific/INSTALL_DISABLED" # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} -chmod 640 "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 930c1b4..fc9e81e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -27,6 +27,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -89,13 +90,14 @@ ynh_system_user_create --username=$app # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION @@ -104,7 +106,7 @@ ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= ynh_script_progression --message="Reloading nginx web server and php-fpm..." -ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index a4dcc05..0983311 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -75,15 +75,19 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 - # Keep the Specific folder intact: https://sabre.io/baikal/upgrade/ + # Keep the Specific and config folders intact: https://sabre.io/baikal/upgrade/ + mkdir -p "$final_path/config" temp_folder=$(mktemp -d) mv "$final_path/Specific" "$temp_folder" + mv "$final_path/config" "$temp_folder" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" ynh_secure_remove --file="$final_path/Specific" + ynh_secure_remove --file="$final_path/config" mv "$temp_folder/Specific" "$final_path" + mv "$temp_folder/config" "$final_path" ynh_secure_remove --file="$temp_folder" fi @@ -127,29 +131,16 @@ ynh_add_fpm_config if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading baikal..." - - # Run Baikal upgrade - php"${phpversion}" "${final_path}/bin/upgrade.sh" - - # Cleanup old baikal-admin sessions - # since we may have changed owner of the session file - grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f - #================================================= # UPGRADE BAIKAL CONFIGURATION #================================================= ynh_script_progression --message="Upgrading baikal configuration..." --weight=2 - bk_conf="${final_path}/Specific/config.php" - - # Verify the checksum and backup the file if it's different + bk_conf="${final_path}/config/baikal.yaml" ynh_backup_if_checksum_is_different --file="$bk_conf" - - cp ../conf/config.php "$bk_conf" + cp ../conf/baikal.yaml "$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" - password_hash=$(ynh_app_setting_get --app=$app --key=password_hash) # If the password_hash is not in the app's config, recreate it from the password. if [ -z "$password_hash" ]; then @@ -159,28 +150,33 @@ then fi ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" - # Store the config file checksum into the app settings - ynh_store_file_checksum --file="$bk_conf" - - bk_conf="${final_path}/Specific/config.system.php" - - # Verify the checksum and backup the file if it's different - ynh_backup_if_checksum_is_different --file="$bk_conf" - - cp ../conf/config.system.php "$bk_conf" - ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" - deskey=$(ynh_app_setting_get --app=$app --key=encrypt_key) + ynh_app_setting_set --app=$app --key=encrypt_key --value="$deskey" ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" + #================================================= + # UPGRADE BAIKAL + #================================================= + ynh_script_progression --message="Upgrading baikal..." + + # Run Baikal upgrade + php"${phpversion}" "${final_path}/bin/upgrade.sh" + + # Cleanup old baikal-admin sessions + # since we may have changed owner of the session file + grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f + # Store the config file checksum into the app settings ynh_store_file_checksum --file="$bk_conf" + # Remove checksums of old files + ynh_delete_file_checksum --file="${final_path}/Specific/config.php" + ynh_delete_file_checksum --file="${final_path}/Specific/config.system.php" fi #================================================= @@ -191,8 +187,8 @@ fi # Set permissions chown -R root: "$final_path" -chown $app "$final_path/Specific/"{config.php,config.system.php} -chmod 640 "$final_path/Specific/"{config.php,config.system.php} +chown $app "$final_path/config/baikal.yaml" +chmod 640 "$final_path/config/baikal.yaml" #================================================= # SETUP SSOWAT diff --git a/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php index c491d8d..d558a78 100644 --- a/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php +++ b/sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php @@ -1,6 +1,7 @@ accountValues = array(); - $sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR)); + $dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr']; + $dav_ldap_email_attr = $config['system']['dav_ldap_email_attr']; + $sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr)); $entry = ldap_get_entries($conn, $sr); - if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0])) - $this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]; - if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0])) - $this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]; + if (isset($entry[0][$dav_ldap_displayname_attr][0])) + $this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0]; + if (isset($entry[0][$dav_ldap_email_attr][0])) + $this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0]; /* close */ ldap_close($conn); diff --git a/sources/extra_files/app/bin/upgrade.sh b/sources/extra_files/app/bin/upgrade.sh index 6468200..b77d96b 100755 --- a/sources/extra_files/app/bin/upgrade.sh +++ b/sources/extra_files/app/bin/upgrade.sh @@ -41,15 +41,22 @@ if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) { } require PROJECT_PATH_ROOT . "vendor/autoload.php"; +use Symfony\Component\Yaml\Yaml; # Extend VersionUpgrade for cli usage class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { function run() { - $sBaikalVersion = BAIKAL_VERSION; - $sBaikalConfiguredVersion = BAIKAL_CONFIGURED_VERSION; + try { + $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml"); + } catch (\Exception $e) { + $this->output('Error reading baikal.yaml file : ' . $e->getMessage()); + } - if (BAIKAL_CONFIGURED_VERSION === BAIKAL_VERSION) { + $sBaikalVersion = BAIKAL_VERSION; + $sBaikalConfiguredVersion = $config['system']['configured_version']; + + if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) { $this->output("Baïkal is already configured for version " . $sBaikalVersion); return true; } else { @@ -57,7 +64,7 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { } try { - $bSuccess = $this->upgrade(BAIKAL_CONFIGURED_VERSION, BAIKAL_VERSION); + $bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION); } catch (\Exception $e) { $bSuccess = false; $this->output("Uncaught exception during upgrade: " . (string)$e); @@ -88,11 +95,6 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { # Bootstrap BaikalAdmin \BaikalAdmin\Framework::bootstrap(); -if (!defined("BAIKAL_CONFIGURED_VERSION") || !defined("BAIKAL_ADMIN_PASSWORDHASH")) { - echo "Baïkal is not properly configured!\n"; - exit(1); -} - # Run the upgrade $oUpgrade = new CLIUpgrade(); if (!$oUpgrade->run()) { diff --git a/sources/patches/app-add-ldap-auth.patch b/sources/patches/app-add-ldap-auth.patch index 9872571..eb51c42 100644 --- a/sources/patches/app-add-ldap-auth.patch +++ b/sources/patches/app-add-ldap-auth.patch @@ -1,5 +1,5 @@ diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php -index 957cac3..fcc2e3c 100644 +index e96fe39..b90b49e 100644 --- a/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php @@ -133,6 +133,8 @@ class Server { @@ -12,58 +12,58 @@ index 957cac3..fcc2e3c 100644 $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend->setRealm($this->authRealm); diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php -index 2e07f44..948b5be 100644 +index 1ef5a51..32ec217 100644 --- a/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php -@@ -46,6 +46,22 @@ class Standard extends \Baikal\Model\Config { +@@ -51,6 +51,22 @@ class Standard extends \Baikal\Model\Config { "type" => "string", "comment" => "HTTP authentication type for WebDAV; default Digest" ], -+ "BAIKAL_DAV_LDAP_URI" => [ ++ "dav_ldap_uri" => [ + "type" => "string", + "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///" + ], -+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => [ ++ "dav_ldap_dn_template" => [ + "type" => "string", + "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username" + ], -+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => [ ++ "dav_ldap_displayname_attr" => [ + "type" => "string", + "comment" => "LDAP-attribute for displayname; default cn" + ], -+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => [ ++ "dav_ldap_email_attr" => [ + "type" => "string", + "comment" => "LDAP-attribute for email; default mail" + ], - "BAIKAL_ADMIN_PASSWORDHASH" => [ + "admin_passwordhash" => [ "type" => "string", "comment" => "Baïkal Web admin password hash; Set via Baïkal Web Admin", -@@ -58,6 +74,10 @@ class Standard extends \Baikal\Model\Config { - "BAIKAL_CARD_ENABLED" => true, - "BAIKAL_CAL_ENABLED" => true, - "BAIKAL_DAV_AUTH_TYPE" => "Digest", -+ "BAIKAL_DAV_LDAP_URI" => "ldapi:///", -+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => "uid=%n,dc=example,dc=com", -+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => "cn", -+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => "mail", - "BAIKAL_ADMIN_PASSWORDHASH" => "" - ]; - -@@ -85,7 +105,31 @@ class Standard extends \Baikal\Model\Config { +@@ -64,6 +80,10 @@ class Standard extends \Baikal\Model\Config { + "card_enabled" => true, + "cal_enabled" => true, + "dav_auth_type" => "Digest", ++ "dav_ldap_uri" => "ldapi:///", ++ "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com", ++ "dav_ldap_displayname_attr" => "cn", ++ "dav_ldap_email_attr" => "mail", + "admin_passwordhash" => "", + "auth_realm" => "BaikalDAV", + "base_uri" => "" +@@ -103,7 +123,31 @@ class Standard extends \Baikal\Model\Config { $oMorpho->add(new \Formal\Element\Listbox([ - "prop" => "BAIKAL_DAV_AUTH_TYPE", + "prop" => "dav_auth_type", "label" => "WebDAV authentication type", - "options" => ["Digest", "Basic"] + "options" => ["Digest", "Basic", "LDAP-UserBind"] + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_URI", ++ "prop" => "dav_ldap_uri", + "label" => "LDAP URI" + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_DN_TEMPLATE", ++ "prop" => "dav_ldap_dn_template", + "label" => "LDAP DN template", + "popover" => [ + "title" => "posible placeholder", @@ -72,35 +72,13 @@ index 2e07f44..948b5be 100644 + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", ++ "prop" => "dav_ldap_displayname_attr", + "label" => "LDAP attribute for DisplayName" + ])); + + $oMorpho->add(new \Formal\Element\Text([ -+ "prop" => "BAIKAL_DAV_LDAP_EMAIL_ATTR", ++ "prop" => "dav_ldap_email_attr", + "label" => "LDAP attribute for eMail" ])); $oMorpho->add(new \Formal\Element\Password([ -@@ -180,6 +224,21 @@ define("BAIKAL_CAL_ENABLED", TRUE); - # WebDAV authentication type; default Digest - define("BAIKAL_DAV_AUTH_TYPE", "Digest"); - -+# Auth Backend LDAP-UserBind; LDAP URI -+define("BAIKAL_DAV_LDAP_URI", 'ldapi:///'); -+ -+# Auth Backend LDAP-UserBind; Template for userbind -+# %n => username -+# %u => user part of username when it is an email -+# %u => domain part of username when it is an email -+define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'cn=%u,dc=%d,ou=domains,o=server'); -+ -+# Auth Backend LDAP-UserBind; attribute for displayname -+define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn'); -+ -+# Auth Backend LDAP-UserBind; attribute for email -+define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail'); -+ - # Baïkal Web admin password hash; Set via Baïkal Web Admin - define("BAIKAL_ADMIN_PASSWORDHASH", ""); - CODE; From 04cb7942a80853206e43dfbf8f7939901a7871cd Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 15:44:48 +0200 Subject: [PATCH 5/7] change yunohost requirement --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index ba00e60..f99dab6 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.8.1" }, "multi_instance": false, "services": [ From f3530632bad4ab850f406cb2f07994f809b77196 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 15 Sep 2020 16:09:15 +0200 Subject: [PATCH 6/7] add reset_admin_password action --- README.md | 3 ++ actions.toml | 10 +++++ scripts/actions/reset_admin_password | 57 ++++++++++++++++++++++++++++ 3 files changed, 70 insertions(+) create mode 100644 actions.toml create mode 100644 scripts/actions/reset_admin_password diff --git a/README.md b/README.md index ed6fd97..d1141c6 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,9 @@ this package: ## Additional information +* There is a breaking change in the management of the administrator password when upgrading to 0.7.0. You must change the admin password! +* To be able to change the admin password, please visit the page: `https://you.domain.tld/yunohost/admin/#/apps/baikal/actions` and set a new password. + ## Links * Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues diff --git a/actions.toml b/actions.toml new file mode 100644 index 0000000..aa446e3 --- /dev/null +++ b/actions.toml @@ -0,0 +1,10 @@ +[reset_admin_password] +name = "Reset the admin password" +command = "/bin/bash scripts/actions/reset_admin_password" +accepted_return_codes = [0] +description = "Change the admin password of the app." + [reset_admin_password.arguments] + [reset_admin_password.arguments.password] + type = "password" + ask.en = "Set the password for the administration" + ask.fr = "Définissez le mot de passe pour l'administration" \ No newline at end of file diff --git a/scripts/actions/reset_admin_password b/scripts/actions/reset_admin_password new file mode 100644 index 0000000..c2b0be8 --- /dev/null +++ b/scripts/actions/reset_admin_password @@ -0,0 +1,57 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +# Get password +password=${YNH_ACTION_PASSWORD} + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# CHECK IF ARGUMENTS ARE CORRECT +#================================================= + +#================================================= +# CHECK IF AN ACTION HAS TO BE DONE +#================================================= + +password_hash_old=$(ynh_app_setting_get --app=$app --key=password_hash) +password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1) +if [ $password_hash == $password_hash_old ] +then + ynh_die "This is the same password." 0 +fi + +#================================================= +# SPECIFIC ACTION +#================================================= +# CHANGE THE PASSWORD +#================================================= +ynh_script_progression --message="Changing the password..." --weight=1 + +bk_conf="${final_path}/config/baikal.yaml" + +ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml" + +ynh_replace_string --match_string="${password_hash_old}" --replace_string="${password_hash}" --target_file="$bk_conf" +ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash + +ynh_store_file_checksum --file="${final_path}/config/baikal.yaml" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last \ No newline at end of file From 22d51bd481901b88d2ddbf547a62d1eabac441af Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 15 Sep 2020 16:16:37 +0200 Subject: [PATCH 7/7] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 4817dda..b36972b 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,6 @@ this package: * x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/) ## Limitations