YunoHost-Apps/baikal_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00
Code Issues Activity Actions

Merge pull request #52 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
Kayou 2020-09-28 13:04:47 +02:00 committed by GitHub
commit 18cccebc5c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 201 additions and 251 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
README.md
View file

@ -10,13 +10,15 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
[Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on [Baïkal](http://baikal-server.com/) is a CalDAV and CardDAV server, based on
sabre/dav, that includes an administration interface for easy management. sabre/dav, that includes an administration interface for easy management.
**Shipped version:** 0.6.1 **Shipped version:** 0.7.1
## Screenshots ## Screenshots
## Demo ## Demo
* [YunoHost demo](https://demo.yunohost.org/baikal/admin/) * [YunoHost demo](https://demo.yunohost.org/baikal/admin/)
* Accounts:
* `demo/demo` then `admin/demo`
## Configuration ## Configuration
@ -38,12 +40,14 @@ this package:
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/) * x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/baikal/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/baikal%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/baikal/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/baikal%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/baikal/)
## Limitations ## Limitations
## Additional information ## Additional information
* There is a breaking change in the management of the administrator password when upgrading to 0.7.0. You must change the admin password!
* To be able to change the admin password, please visit the page: `https://you.domain.tld/yunohost/admin/#/apps/baikal/actions` and set a new password.
## Links ## Links
* Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues * Report a bug: https://github.com/YunoHost-Apps/baikal_ynh/issues

10
actions.toml Normal file
View file

@ -0,0 +1,10 @@
[reset_admin_password]
name = "Reset the admin password"
command = "/bin/bash scripts/actions/reset_admin_password"
accepted_return_codes = [0]
description = "Change the admin password of the app."
[reset_admin_password.arguments]
[reset_admin_password.arguments.password]
type = "password"
ask.en = "Set the password for the administration"
ask.fr = "Définissez le mot de passe pour l'administration"

4
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.6.1/baikal-0.6.1.zip SOURCE_URL=https://github.com/sabre-io/Baikal/releases/download/0.7.1/baikal-0.7.1.zip
SOURCE_SUM=b3a553591a84f4262a6333cf79a1624e5d424d52c4071c77934b7191f714d757 SOURCE_SUM=dade7d8dd740ed66f6d87368a6ceff845938ba57d7f45063f8b9cea6278c1c0a
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true

29
conf/baikal.yaml Normal file
View file

@ -0,0 +1,29 @@
system:
configured_version: '0.7.1'
timezone: '__TIMEZONE__'
card_enabled: true
cal_enabled: true
invite_from: 'noreply@localhost'
dav_auth_type: 'LDAP-UserBind'
admin_passwordhash: __PASSWORDHASH__
auth_realm: BaikalDAV
base_uri: '__PATH__'
# Auth Backend LDAP-UserBind; LDAP URI
dav_ldap_uri: 'ldap://127.0.0.1/'
# Auth Backend LDAP-UserBind; Template for userbind
# %n => username
# %u => user part of username when it is an email
# %u => domain part of username when it is an email
dav_ldap_dn_template: 'uid=%n,ou=users,dc=yunohost,dc=org'
# Auth Backend LDAP-UserBind; attribute for displayname
dav_ldap_displayname_attr: 'cn'
# Auth Backend LDAP-UserBind; attribute for email
dav_ldap_email_attr: 'mail'
database:
encryption_key: '__DESKEY__'
sqlite_file: "absolute/path/to/Specific/db/db.sqlite"
mysql: true
mysql_host: 'localhost'
mysql_dbname: '__DBNAME__'
mysql_username: '__DBUSER__'
mysql_password: '__DBPASS__'

62
conf/config.php
View file

@ -1,62 +0,0 @@
<?php
##############################################################################
#
# Copyright notice
#
# (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved
#
# http://baikal-server.com
#
# This script is part of the Baïkal Server project. The Baïkal
# Server project is free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# The GNU General Public License can be found at
# http://www.gnu.org/copyleft/gpl.html.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# This copyright notice MUST APPEAR in all copies of the script!
#
##############################################################################
##############################################################################
# Required configuration
# You *have* to review these settings for Baïkal to run properly
#
# Timezone of your users, if unsure, check http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
define("PROJECT_TIMEZONE", '__TIMEZONE__');
# CardDAV ON/OFF switch; default TRUE
define("BAIKAL_CARD_ENABLED", TRUE);
# CalDAV ON/OFF switch; default TRUE
define("BAIKAL_CAL_ENABLED", TRUE);
# WebDAV authentication type; default Digest
define("BAIKAL_DAV_AUTH_TYPE", 'LDAP-UserBind');
# Auth Backend LDAP-UserBind; LDAP URI
define("BAIKAL_DAV_LDAP_URI", 'ldap://127.0.0.1/');
# Auth Backend LDAP-UserBind; Template for userbind
# %n => username
# %u => user part of username when it is an email
# %u => domain part of username when it is an email
define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'uid=%n,ou=users,dc=yunohost,dc=org');
# Auth Backend LDAP-UserBind; attribute for displayname
define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn');
# Auth Backend LDAP-UserBind; attribute for email
define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail');
# Baïkal Web admin password hash; Set via Baïkal Web Admin
define("BAIKAL_ADMIN_PASSWORDHASH", '__PASSWORDHASH__');

72
conf/config.system.php
View file

@ -1,72 +0,0 @@
<?php
##############################################################################
#
# Copyright notice
#
# (c) 2017 Jérôme Schneider <mail@jeromeschneider.fr>
# All rights reserved
#
# http://baikal-server.com
#
# This script is part of the Baïkal Server project. The Baïkal
# Server project is free software; you can redistribute it
# and/or modify it under the terms of the GNU General Public
# License as published by the Free Software Foundation; either
# version 2 of the License, or (at your option) any later version.
#
# The GNU General Public License can be found at
# http://www.gnu.org/copyleft/gpl.html.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# This copyright notice MUST APPEAR in all copies of the script!
#
##############################################################################
##############################################################################
# System configuration
# Should not be changed, unless YNWYD
#
# RULES
# 0. All folder pathes *must* be suffixed by "/"
# 1. All URIs *must* be suffixed by "/" if pointing to a folder
#
# If you change this value, you'll have to re-generate passwords for all your users
define("BAIKAL_AUTH_REALM", 'BaikalDAV');
# Should begin and end with a "/"
define("BAIKAL_CARD_BASEURI", "__PATH__/card.php/");
# Should begin and end with a "/"
define("BAIKAL_CAL_BASEURI", "__PATH__/cal.php/");
# Should begin and end with a "/"
define("BAIKAL_DAV_BASEURI", "__PATH__/dav.php/");
# Define path to Baïkal Database SQLite file
define("PROJECT_SQLITE_FILE", PROJECT_PATH_SPECIFIC . "db/db.sqlite");
# MySQL > Use MySQL instead of SQLite ?
define("PROJECT_DB_MYSQL", TRUE);
# MySQL > Host, including ':portnumber' if port is not the default one (3306)
define("PROJECT_DB_MYSQL_HOST", 'localhost');
# MySQL > Database name
define("PROJECT_DB_MYSQL_DBNAME", '__DBNAME__');
# MySQL > Username
define("PROJECT_DB_MYSQL_USERNAME", '__DBUSER__');
# MySQL > Password
define("PROJECT_DB_MYSQL_PASSWORD", '__DBPASS__');
# A random 32 bytes key that will be used to encrypt data
define("BAIKAL_ENCRYPTION_KEY", '__DESKEY__');
# The currently configured Baïkal version
define("BAIKAL_CONFIGURED_VERSION", '0.6.1');

4
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Lightweight CalDAV+CardDAV server", "en": "Lightweight CalDAV+CardDAV server",
"fr": "Serveur CalDAV+CardDAV léger" "fr": "Serveur CalDAV+CardDAV léger"
}, },
"version": "0.6.1~ynh1", "version": "0.7.1~ynh1",
"url": "http://baikal-server.com/", "url": "http://baikal-server.com/",
"license": "GPL-3.0", "license": "GPL-3.0",
"maintainer": { "maintainer": {
@ -14,7 +14,7 @@
"email": "julien.malik@paraiso.me" "email": "julien.malik@paraiso.me"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.5.0" "yunohost": ">= 3.8.1"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [

4
scripts/_common.sh
View file

@ -5,7 +5,9 @@
#================================================= #=================================================
# dependencies used by the app # dependencies used by the app
pkg_dependencies="php-xml php-mbstring php-mysql" YNH_PHP_VERSION="7.3"
pkg_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-mysql"
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS

57
scripts/actions/reset_admin_password Normal file
View file

@ -0,0 +1,57 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
# Get password
password=${YNH_ACTION_PASSWORD}
app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID}
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
#=================================================
#=================================================
# CHECK IF AN ACTION HAS TO BE DONE
#=================================================
password_hash_old=$(ynh_app_setting_get --app=$app --key=password_hash)
password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1)
if [ $password_hash == $password_hash_old ]
then
ynh_die "This is the same password." 0
fi
#=================================================
# SPECIFIC ACTION
#=================================================
# CHANGE THE PASSWORD
#=================================================
ynh_script_progression --message="Changing the password..." --weight=1
bk_conf="${final_path}/config/baikal.yaml"
ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml"
ynh_replace_string --match_string="${password_hash_old}" --replace_string="${password_hash}" --target_file="$bk_conf"
ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash
ynh_store_file_checksum --file="${final_path}/config/baikal.yaml"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Execution completed" --last

3
scripts/backup
View file

@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# STANDARD BACKUP STEPS # STANDARD BACKUP STEPS
@ -48,7 +49,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
ynh_script_progression --message="Backing up php-fpm configuration..." ynh_script_progression --message="Backing up php-fpm configuration..."
ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#================================================= #=================================================
# BACKUP THE MYSQL DATABASE # BACKUP THE MYSQL DATABASE

6
scripts/change_url
View file

@ -96,7 +96,11 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Updating baikal configuration..." ynh_script_progression --message="Updating baikal configuration..."
ynh_replace_string --match_string="_BASEURI\", \"$old_path" --replace_string="_BASEURI\", \"$new_path" --target_file="${final_path}/Specific/config.system.php" ynh_backup_if_checksum_is_different --file="${final_path}/config/baikal.yaml"
ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="${final_path}/config/baikal.yaml"
ynh_store_file_checksum --file="${final_path}/config/baikal.yaml"
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION

18
scripts/install
View file

@ -116,22 +116,16 @@ ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \
# CONFIGURE BAIKAL # CONFIGURE BAIKAL
#================================================= #=================================================
bk_conf="${final_path}/Specific/config.php" bk_conf="${final_path}/config/baikal.yaml"
cp ../conf/config.php "$bk_conf" cp ../conf/baikal.yaml "$bk_conf"
ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf"
# Create admin password hash # Create admin password hash
password_hash=$(echo -n admin:BaikalDAV:$password | md5sum | cut -d ' ' -f 1) password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1)
ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf"
ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash ynh_app_setting_set --app=$app --key=password_hash --value=$password_hash
# Store the config file checksum into the app settings ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf"
ynh_store_file_checksum --file="$bk_conf"
bk_conf="${final_path}/Specific/config.system.php"
cp ../conf/config.system.php "$bk_conf"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf"
ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf"
ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf"
ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf"
@ -154,8 +148,8 @@ touch "${final_path}/Specific/INSTALL_DISABLED"
# Set permissions # Set permissions
chown -R root: "$final_path" chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php} chown $app "$final_path/config/baikal.yaml"
chmod 640 "$final_path/Specific/"{config.php,config.system.php} chmod 640 "$final_path/config/baikal.yaml"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

8
scripts/restore
View file

@ -27,6 +27,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED
@ -89,13 +90,14 @@ ynh_system_user_create --username=$app
# Set permissions # Set permissions
chown -R root: "$final_path" chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php} chown $app "$final_path/config/baikal.yaml"
chmod 640 "$final_path/config/baikal.yaml"
#================================================= #=================================================
# RESTORE THE PHP-FPM CONFIGURATION # RESTORE THE PHP-FPM CONFIGURATION
#================================================= #=================================================
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -104,7 +106,7 @@ ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..." ynh_script_progression --message="Reloading nginx web server and php-fpm..."
ynh_systemd_action --service_name=php7.0-fpm --action=reload ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================

57
scripts/upgrade
View file

@ -75,15 +75,19 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." --weight=3 ynh_script_progression --message="Upgrading source files..." --weight=3
# Keep the Specific folder intact: https://sabre.io/baikal/upgrade/ # Keep the Specific and config folders intact: https://sabre.io/baikal/upgrade/
mkdir -p "$final_path/config"
temp_folder=$(mktemp -d) temp_folder=$(mktemp -d)
mv "$final_path/Specific" "$temp_folder" mv "$final_path/Specific" "$temp_folder"
mv "$final_path/config" "$temp_folder"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" ynh_setup_source --dest_dir="$final_path"
ynh_secure_remove --file="$final_path/Specific" ynh_secure_remove --file="$final_path/Specific"
ynh_secure_remove --file="$final_path/config"
mv "$temp_folder/Specific" "$final_path" mv "$temp_folder/Specific" "$final_path"
mv "$temp_folder/config" "$final_path"
ynh_secure_remove --file="$temp_folder" ynh_secure_remove --file="$temp_folder"
fi fi
@ -94,6 +98,7 @@ ynh_script_progression --message="Upgrading nginx web server configuration..."
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# UPGRADE DEPENDENCIES # UPGRADE DEPENDENCIES
@ -126,29 +131,16 @@ ynh_add_fpm_config
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading baikal..."
# Run Baikal upgrade
php "${final_path}/bin/upgrade.sh"
# Cleanup old baikal-admin sessions
# since we may have changed owner of the session file
grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f
#================================================= #=================================================
# UPGRADE BAIKAL CONFIGURATION # UPGRADE BAIKAL CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Upgrading baikal configuration..." --weight=2 ynh_script_progression --message="Upgrading baikal configuration..." --weight=2
bk_conf="${final_path}/Specific/config.php" bk_conf="${final_path}/config/baikal.yaml"
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different --file="$bk_conf" ynh_backup_if_checksum_is_different --file="$bk_conf"
cp ../conf/baikal.yaml "$bk_conf"
cp ../conf/config.php "$bk_conf"
ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf" ynh_replace_string --match_string="__TIMEZONE__" --replace_string="$(cat /etc/timezone)" --target_file="$bk_conf"
password_hash=$(ynh_app_setting_get --app=$app --key=password_hash) password_hash=$(ynh_app_setting_get --app=$app --key=password_hash)
# If the password_hash is not in the app's config, recreate it from the password. # If the password_hash is not in the app's config, recreate it from the password.
if [ -z "$password_hash" ]; then if [ -z "$password_hash" ]; then
@ -158,28 +150,33 @@ then
fi fi
ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf" ynh_replace_string --match_string="__PASSWORDHASH__" --replace_string="${password_hash}" --target_file="$bk_conf"
# Store the config file checksum into the app settings ynh_replace_string --match_string="__PATH__" --replace_string="${path_url%/}" --target_file="$bk_conf"
ynh_store_file_checksum --file="$bk_conf"
bk_conf="${final_path}/Specific/config.system.php"
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different --file="$bk_conf"
cp ../conf/config.system.php "$bk_conf"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$bk_conf"
ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBNAME__" --replace_string="$db_name" --target_file="$bk_conf"
ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf" ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$bk_conf"
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf" ynh_replace_string --match_string="__DBPASS__" --replace_string="$db_pwd" --target_file="$bk_conf"
deskey=$(ynh_app_setting_get --app=$app --key=encrypt_key) deskey=$(ynh_app_setting_get --app=$app --key=encrypt_key)
ynh_app_setting_set --app=$app --key=encrypt_key --value="$deskey"
ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf" ynh_replace_string --match_string="__DESKEY__" --replace_string="$deskey" --target_file="$bk_conf"
#=================================================
# UPGRADE BAIKAL
#=================================================
ynh_script_progression --message="Upgrading baikal..."
# Run Baikal upgrade
php"${phpversion}" "${final_path}/bin/upgrade.sh"
# Cleanup old baikal-admin sessions
# since we may have changed owner of the session file
grep --files-with-matches --recursive "CSRF_TOKEN|s:" /var/lib/php/sessions | xargs rm -f
# Store the config file checksum into the app settings # Store the config file checksum into the app settings
ynh_store_file_checksum --file="$bk_conf" ynh_store_file_checksum --file="$bk_conf"
# Remove checksums of old files
ynh_delete_file_checksum --file="${final_path}/Specific/config.php"
ynh_delete_file_checksum --file="${final_path}/Specific/config.system.php"
fi fi
#================================================= #=================================================
@ -190,8 +187,8 @@ fi
# Set permissions # Set permissions
chown -R root: "$final_path" chown -R root: "$final_path"
chown $app "$final_path/Specific/"{config.php,config.system.php} chown $app "$final_path/config/baikal.yaml"
chmod 640 "$final_path/Specific/"{config.php,config.system.php} chmod 640 "$final_path/config/baikal.yaml"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT

18
sources/extra_files/app/Core/Frameworks/Baikal/Core/LDAPUserBindAuth.php
View file

@ -1,6 +1,7 @@
<?php <?php
namespace Baikal\Core; namespace Baikal\Core;
use Symfony\Component\Yaml\Yaml;
/** /**
* This is an authentication backend that uses a ldap backend to authenticate user. * This is an authentication backend that uses a ldap backend to authenticate user.
@ -25,9 +26,10 @@ class LDAPUserBindAuth extends AbstractExternalAuth {
* @return bool * @return bool
*/ */
public function validateUserPassExternal($username, $password) { public function validateUserPassExternal($username, $password) {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
/* create ldap connection */ /* create ldap connection */
$conn = ldap_connect(BAIKAL_DAV_LDAP_URI); $conn = ldap_connect($config['system']['dav_ldap_uri']);
if (!$conn) if (!$conn)
return false; return false;
if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3)) if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
@ -38,7 +40,7 @@ class LDAPUserBindAuth extends AbstractExternalAuth {
* this raise a secuity issue because in the stack trace is the password of user readable * this raise a secuity issue because in the stack trace is the password of user readable
*/ */
$arr = explode('@', $username, 2); $arr = explode('@', $username, 2);
$dn = str_replace('%n', $username, BAIKAL_DAV_LDAP_DN_TEMPLATE); $dn = str_replace('%n', $username, $config['system']['dav_ldap_dn_template']);
$dn = str_replace('%u', $arr[0], $dn); $dn = str_replace('%u', $arr[0], $dn);
if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn); if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);
@ -52,12 +54,14 @@ class LDAPUserBindAuth extends AbstractExternalAuth {
/* read displayname and email from user */ /* read displayname and email from user */
$this->accountValues = array(); $this->accountValues = array();
$sr = ldap_read($conn, $dn, '(objectclass=*)', array(BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR, BAIKAL_DAV_LDAP_EMAIL_ATTR)); $dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr'];
$dav_ldap_email_attr = $config['system']['dav_ldap_email_attr'];
$sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr));
$entry = ldap_get_entries($conn, $sr); $entry = ldap_get_entries($conn, $sr);
if (isset($entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0])) if (isset($entry[0][$dav_ldap_displayname_attr][0]))
$this->accountValues['displayname'] = $entry[0][BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR][0]; $this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0];
if (isset($entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0])) if (isset($entry[0][$dav_ldap_email_attr][0]))
$this->accountValues['email'] = $entry[0][BAIKAL_DAV_LDAP_EMAIL_ATTR][0]; $this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0];
/* close */ /* close */
ldap_close($conn); ldap_close($conn);

20
sources/extra_files/app/bin/upgrade.sh
View file

@ -41,15 +41,22 @@ if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) {
} }
require PROJECT_PATH_ROOT . "vendor/autoload.php"; require PROJECT_PATH_ROOT . "vendor/autoload.php";
use Symfony\Component\Yaml\Yaml;
# Extend VersionUpgrade for cli usage # Extend VersionUpgrade for cli usage
class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade { class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade {
function run() { function run() {
$sBaikalVersion = BAIKAL_VERSION; try {
$sBaikalConfiguredVersion = BAIKAL_CONFIGURED_VERSION; $config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
} catch (\Exception $e) {
$this->output('Error reading baikal.yaml file : ' . $e->getMessage());
}
if (BAIKAL_CONFIGURED_VERSION === BAIKAL_VERSION) { $sBaikalVersion = BAIKAL_VERSION;
$sBaikalConfiguredVersion = $config['system']['configured_version'];
if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) {
$this->output("Baïkal is already configured for version " . $sBaikalVersion); $this->output("Baïkal is already configured for version " . $sBaikalVersion);
return true; return true;
} else { } else {
@ -57,7 +64,7 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade {
} }
try { try {
$bSuccess = $this->upgrade(BAIKAL_CONFIGURED_VERSION, BAIKAL_VERSION); $bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION);
} catch (\Exception $e) { } catch (\Exception $e) {
$bSuccess = false; $bSuccess = false;
$this->output("Uncaught exception during upgrade: " . (string)$e); $this->output("Uncaught exception during upgrade: " . (string)$e);
@ -88,11 +95,6 @@ class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade {
# Bootstrap BaikalAdmin # Bootstrap BaikalAdmin
\BaikalAdmin\Framework::bootstrap(); \BaikalAdmin\Framework::bootstrap();
if (!defined("BAIKAL_CONFIGURED_VERSION") || !defined("BAIKAL_ADMIN_PASSWORDHASH")) {
echo "Baïkal is not properly configured!\n";
exit(1);
}
# Run the upgrade # Run the upgrade
$oUpgrade = new CLIUpgrade(); $oUpgrade = new CLIUpgrade();
if (!$oUpgrade->run()) { if (!$oUpgrade->run()) {

72
sources/patches/app-add-ldap-auth.patch
View file

@ -1,5 +1,5 @@
diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php
index 957cac3..fcc2e3c 100644 index e96fe39..b90b49e 100644
--- a/Core/Frameworks/Baikal/Core/Server.php --- a/Core/Frameworks/Baikal/Core/Server.php
+++ b/Core/Frameworks/Baikal/Core/Server.php +++ b/Core/Frameworks/Baikal/Core/Server.php
@@ -133,6 +133,8 @@ class Server { @@ -133,6 +133,8 @@ class Server {
@ -12,58 +12,58 @@ index 957cac3..fcc2e3c 100644
$authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo); $authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo);
$authBackend->setRealm($this->authRealm); $authBackend->setRealm($this->authRealm);
diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php
index 2e07f44..948b5be 100644 index 1ef5a51..32ec217 100644
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php --- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php +++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@@ -46,6 +46,22 @@ class Standard extends \Baikal\Model\Config { @@ -51,6 +51,22 @@ class Standard extends \Baikal\Model\Config {
"type" => "string", "type" => "string",
"comment" => "HTTP authentication type for WebDAV; default Digest" "comment" => "HTTP authentication type for WebDAV; default Digest"
], ],
+ "BAIKAL_DAV_LDAP_URI" => [ + "dav_ldap_uri" => [
+ "type" => "string", + "type" => "string",
+ "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///" + "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///"
+ ], + ],
+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => [ + "dav_ldap_dn_template" => [
+ "type" => "string", + "type" => "string",
+ "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username" + "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username"
+ ], + ],
+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => [ + "dav_ldap_displayname_attr" => [
+ "type" => "string", + "type" => "string",
+ "comment" => "LDAP-attribute for displayname; default cn" + "comment" => "LDAP-attribute for displayname; default cn"
+ ], + ],
+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => [ + "dav_ldap_email_attr" => [
+ "type" => "string", + "type" => "string",
+ "comment" => "LDAP-attribute for email; default mail" + "comment" => "LDAP-attribute for email; default mail"
+ ], + ],
"BAIKAL_ADMIN_PASSWORDHASH" => [ "admin_passwordhash" => [
"type" => "string", "type" => "string",
"comment" => "Baïkal Web admin password hash; Set via Baïkal Web Admin", "comment" => "Baïkal Web admin password hash; Set via Baïkal Web Admin",
@@ -58,6 +74,10 @@ class Standard extends \Baikal\Model\Config { @@ -64,6 +80,10 @@ class Standard extends \Baikal\Model\Config {
"BAIKAL_CARD_ENABLED" => true, "card_enabled" => true,
"BAIKAL_CAL_ENABLED" => true, "cal_enabled" => true,
"BAIKAL_DAV_AUTH_TYPE" => "Digest", "dav_auth_type" => "Digest",
+ "BAIKAL_DAV_LDAP_URI" => "ldapi:///", + "dav_ldap_uri" => "ldapi:///",
+ "BAIKAL_DAV_LDAP_DN_TEMPLATE" => "uid=%n,dc=example,dc=com", + "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com",
+ "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR" => "cn", + "dav_ldap_displayname_attr" => "cn",
+ "BAIKAL_DAV_LDAP_EMAIL_ATTR" => "mail", + "dav_ldap_email_attr" => "mail",
"BAIKAL_ADMIN_PASSWORDHASH" => "" "admin_passwordhash" => "",
]; "auth_realm" => "BaikalDAV",
"base_uri" => ""
@@ -85,7 +105,31 @@ class Standard extends \Baikal\Model\Config { @@ -103,7 +123,31 @@ class Standard extends \Baikal\Model\Config {
$oMorpho->add(new \Formal\Element\Listbox([ $oMorpho->add(new \Formal\Element\Listbox([
"prop" => "BAIKAL_DAV_AUTH_TYPE", "prop" => "dav_auth_type",
"label" => "WebDAV authentication type", "label" => "WebDAV authentication type",
- "options" => ["Digest", "Basic"] - "options" => ["Digest", "Basic"]
+ "options" => ["Digest", "Basic", "LDAP-UserBind"] + "options" => ["Digest", "Basic", "LDAP-UserBind"]
+ ])); + ]));
+ +
+ $oMorpho->add(new \Formal\Element\Text([ + $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "BAIKAL_DAV_LDAP_URI", + "prop" => "dav_ldap_uri",
+ "label" => "LDAP URI" + "label" => "LDAP URI"
+ ])); + ]));
+ +
+ $oMorpho->add(new \Formal\Element\Text([ + $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "BAIKAL_DAV_LDAP_DN_TEMPLATE", + "prop" => "dav_ldap_dn_template",
+ "label" => "LDAP DN template", + "label" => "LDAP DN template",
+ "popover" => [ + "popover" => [
+ "title" => "posible placeholder", + "title" => "posible placeholder",
@ -72,35 +72,13 @@ index 2e07f44..948b5be 100644
+ ])); + ]));
+ +
+ $oMorpho->add(new \Formal\Element\Text([ + $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", + "prop" => "dav_ldap_displayname_attr",
+ "label" => "LDAP attribute for DisplayName" + "label" => "LDAP attribute for DisplayName"
+ ])); + ]));
+ +
+ $oMorpho->add(new \Formal\Element\Text([ + $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "BAIKAL_DAV_LDAP_EMAIL_ATTR", + "prop" => "dav_ldap_email_attr",
+ "label" => "LDAP attribute for eMail" + "label" => "LDAP attribute for eMail"
])); ]));
$oMorpho->add(new \Formal\Element\Password([ $oMorpho->add(new \Formal\Element\Password([
@@ -180,6 +224,21 @@ define("BAIKAL_CAL_ENABLED", TRUE);
# WebDAV authentication type; default Digest
define("BAIKAL_DAV_AUTH_TYPE", "Digest");
+# Auth Backend LDAP-UserBind; LDAP URI
+define("BAIKAL_DAV_LDAP_URI", 'ldapi:///');
+
+# Auth Backend LDAP-UserBind; Template for userbind
+# %n => username
+# %u => user part of username when it is an email
+# %u => domain part of username when it is an email
+define("BAIKAL_DAV_LDAP_DN_TEMPLATE", 'cn=%u,dc=%d,ou=domains,o=server');
+
+# Auth Backend LDAP-UserBind; attribute for displayname
+define("BAIKAL_DAV_LDAP_DISPLAYNAME_ATTR", 'cn');
+
+# Auth Backend LDAP-UserBind; attribute for email
+define("BAIKAL_DAV_LDAP_EMAIL_ATTR", 'mail');
+
# Baïkal Web admin password hash; Set via Baïkal Web Admin
define("BAIKAL_ADMIN_PASSWORDHASH", "");
CODE;