1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/baikal_ynh.git synced 2024-09-03 18:16:11 +02:00

[autopatch] Automatic patch attempt for helpers 2.1

This commit is contained in:
Yunohost-Bot 2024-08-30 22:40:50 +02:00 committed by Alexandre Aubin
parent e1ef8fca83
commit 59f0fd74eb
15 changed files with 82 additions and 492 deletions

2
.gitignore vendored
View file

@ -1,2 +1,4 @@
*~
*.sw[po]
*.sw[op]
.DS_Store

View file

@ -1,4 +0,0 @@
; Additional php.ini defines, specific to this pool of workers.
php_admin_value[upload_max_filesize] = 50M
php_admin_value[post_max_size] = 50M

View file

@ -21,7 +21,7 @@ location __PATH__/ {
fastcgi_split_path_info ^(.+\.php)(.*)$;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php/php__PHP_VERSION__-fpm-__APP__.sock;
}
location ~ ^__PATH__/(\.ht|Core|Specific|config) {

View file

@ -20,7 +20,8 @@ userdoc = "https://sabre.io/baikal/install/"
code = "https://github.com/sabre-io/Baikal"
[integration]
yunohost = ">= 11.2"
yunohost = ">= 11.2.18"
helpers_version = "2.1"
architectures = "all"
multi_instance = false
@ -52,6 +53,7 @@ ram.runtime = "50M"
[resources.system_user]
[resources.install_dir]
group = "www-data:r-x"
[resources.permissions]
main.url = "/"

View file

@ -1,18 +1,14 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
#=================================================
# PERSONAL HELPERS
# COMMON VARIABLES AND CUSTOM HELPERS
#=================================================
# Check if an URL is already handled
# usage: is_url_handled --domain=DOMAIN --path=PATH_URI
is_url_handled() {
# Declare an array to define the options of this helper.
local legacy_args=dp
#REMOVEME? local legacy_args=dp
declare -Ar args_array=( [d]=domain= [p]=path= )
local domain
local path
@ -39,11 +35,3 @@ is_url_handled() {
return 1
fi
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

View file

@ -8,37 +8,34 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
ynh_print_info "Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$install_dir"
ynh_backup "$install_dir"
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_backup "/etc/php/$php_version/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
ynh_print_info "Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" > db.sql
ynh_mysql_dump_db > db.sql
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

View file

@ -16,30 +16,30 @@ then
# Check if .well-known is available for the new domain.
if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $new_domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
fi
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
ynh_script_progression "Updating NGINX web server configuration..."
ynh_change_url_nginx_config
ynh_config_change_url_nginx
#=================================================
# UPDATE CONFIGURATION
#=================================================
ynh_script_progression --message="Updating $app configuration..." --weight=2
ynh_script_progression "Updating $app configuration..."
ynh_backup_if_checksum_is_different --file="$install_dir/config/baikal.yaml"
ynh_backup_if_checksum_is_different "$install_dir/config/baikal.yaml"
ynh_replace_string --match_string="base_uri: '$old_path'" --replace_string="base_uri: '$new_path'" --target_file="$install_dir/config/baikal.yaml"
ynh_replace --match="base_uri: '$old_path'" --replace="base_uri: '$new_path'" --file="$install_dir/config/baikal.yaml"
ynh_store_file_checksum --file="$install_dir/config/baikal.yaml"
ynh_store_file_checksum "$install_dir/config/baikal.yaml"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last
ynh_script_progression "Change of URL completed for $app"

View file

@ -12,66 +12,65 @@ source /usr/share/yunohost/helpers
#=================================================
timezone=$(cat /etc/timezone)
encrypt_key=$(ynh_string_random 24)
encrypt_key=$(ynh_string_random --length=24)
password_hash=$(echo -n admin:BaikalDAV:$password | sha256sum | cut -d ' ' -f 1)
ynh_app_setting_set --app="$app" --key="encrypt_key" --value="$encrypt_key"
ynh_app_setting_set --app="$app" --key="password_hash" --value="$password_hash"
ynh_app_setting_set --key="encrypt_key" --value="$encrypt_key"
ynh_app_setting_set --key="password_hash" --value="$password_hash"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
ynh_script_progression "Validating installation parameters..."
# Check if .well-known is available for this domain.
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=8
ynh_script_progression "Setting up source files..."
ynh_setup_source --dest_dir="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir"
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
ynh_script_progression "Adding system configurations related to $app..."
ynh_add_fpm_config
ynh_config_add_phpfpm
ynh_add_nginx_config
ynh_config_add_nginx
# Create the logfile, required before configuring fail2ban
touch "/var/log/nginx/${domain}-error.log"
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
#=================================================
# INITIALIZE DATABASE
#=================================================
ynh_script_progression --message="Configuring $app..." --weight=3
ynh_script_progression "Configuring $app..."
ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name < "$install_dir/Core/Resources/Db/MySQL/db.sql"
ynh_mysql_db_shell < "$install_dir/Core/Resources/Db/MySQL/db.sql"
#=================================================
# CONFIGURE BAIKAL
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_script_progression "Adding $app's configuration..."
path=${path%/}
ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
# Disable installation
touch "$install_dir/Specific/INSTALL_DISABLED"
@ -80,4 +79,4 @@ touch "$install_dir/Specific/INSTALL_DISABLED"
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression "Installation of $app completed"

View file

@ -10,16 +10,16 @@ source /usr/share/yunohost/helpers
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
ynh_script_progression "Removing NGINX web server configuration..."
ynh_remove_nginx_config
ynh_config_remove_nginx
ynh_remove_fpm_config
ynh_config_remove_phpfpm
ynh_remove_fail2ban_config
ynh_config_remove_fail2ban
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression "Removal of $app completed"

View file

@ -11,58 +11,57 @@ source /usr/share/yunohost/helpers
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_script_progression "Validating restoration parameters..."
# Check if .well-known is available for this domain.
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_die --message="Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
ynh_die "Another app already uses the domain $domain to serve a calDAV/cardDAV feature. Please use another domain."
fi
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=3
ynh_script_progression "Restoring the app main directory..."
ynh_restore_file --origin_path="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
ynh_restore "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R $app:www-data "$install_dir"
# Set permissions
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=2
ynh_script_progression "Restoring the MySQL database..."
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
ynh_mysql_db_shell < ./db.sql
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_script_progression "Restoring system configurations related to $app..."
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_restore "/etc/php/$php_version/fpm/pool.d/$app.conf"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
ynh_restore "/etc/fail2ban/jail.d/$app.conf"
ynh_restore "/etc/fail2ban/filter.d/$app.conf"
ynh_systemctl --action=restart --service=fail2ban
#=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_script_progression "Reloading NGINX web server and $app's service..."
ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemctl --service="php$php_version-fpm" --action=reload
ynh_systemctl --service=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression "Restoration completed for $app"

View file

@ -12,44 +12,41 @@ timezone=$(cat /etc/timezone)
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Upgrading source files..." --weight=3
ynh_script_progression "Upgrading source files..."
ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config Specific"
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir"
ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="config Specific"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod -R o-rwx "$install_dir"
#REMOVEME? Assuming the install dir is setup using ynh_setup_source, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown -R "$app:www-data" "$install_dir"
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
ynh_script_progression "Upgrading system configurations related to $app..."
ynh_add_fpm_config
ynh_config_add_phpfpm
ynh_add_nginx_config
ynh_config_add_nginx
# Create the logfile, required before configuring fail2ban
touch "/var/log/nginx/${domain}-error.log"
# Create a dedicated fail2ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: <HOST>'
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPGRADE BAIKAL CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading the configuration file..." --weight=2
ynh_script_progression "Upgrading the configuration file..."
# We keep this to allow upgrade the config file in case it needs to be changed.
path=${path%/}
ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
chown $app: "$install_dir/config/baikal.yaml"
chmod 640 "$install_dir/config/baikal.yaml"
ynh_config_add --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chown $app: "$install_dir/config/baikal.yaml"
#REMOVEME? Assuming the file is setup using ynh_config_add, the proper chmod/chowns are now already applied and it shouldn't be necessary to tweak perms | chmod 640 "$install_dir/config/baikal.yaml"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression "Upgrade of $app completed"

View file

@ -1,130 +0,0 @@
<?php
namespace Baikal\Core;
/**
* This is an abstract authentication, that allows to create external
* authentication backends. User are automatic created, when the does not exists
* in baikal (can disabled).
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
abstract class AbstractExternalAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
/**
* enable autocreation of user
*
* @var PDO
*/
protected $enableAutoCreation;
/**
* Reference to PDO connection
*
* @var PDO
*/
private $pdo;
/**
* PDO table name we'll be using
*
* @var string
*/
private $tableName;
/**
* Creates the backend object.
*
* If the filename argument is passed in, it will parse out the specified file fist.
*
* @param PDO $pdo
* @param string $realm
* @param string $tableName The PDO table name to use
*/
public function __construct(\PDO $pdo, $realm = 'BaikalDAV', $tableName = 'users') {
$this->pdo = $pdo;
$this->tableName = $tableName;
$this->enableAutoCreation = true;
}
/**
* Validates a username and password
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPass($username, $password) {
if (!$this->validateUserPassExternal($username, $password))
return false;
$this->currentUser = $username;
if ($this->enableAutoCreation)
$this->autoUserCreation($username);
return true;
}
/**
* Validates a username and password agains external backend
*
* This method should return true or false depending on if login
* succeeded.
*
* @param string $username
* @param string $password
* @return bool
*/
public abstract function validateUserPassExternal($username, $password);
/**
* return the displayname and email from the external Backend
*
* @param string $username
* @return array ('displayname' => string, 'email' => string)
*/
public function getAccountValues($username) {
return array();
}
/**
* create an internal user, when user not exists
*
* @param string $username
*/
private function autoUserCreation($username) {
/* search user in DB and do nothing, when user exists */
$stmt = $this->pdo->prepare('SELECT username FROM '.$this->tableName.' WHERE username = ?');
$stmt->execute(array($username));
$result = $stmt->fetchAll();
if (count($result) != 0)
return;
/* get account values from backend */
$values = $this->getAccountValues($username);
if (!isset($values['displayname']) OR strlen($values['displayname']) === 0)
$values['displayname'] = $username;
if (!isset($values['email']) OR strlen($values['email']) === 0) {
if(filter_var($username, FILTER_VALIDATE_EMAIL))
$values['email'] = $username;
else
$values['email'] = 'unset-mail';
}
/* create user */
$user = new \Baikal\Model\User();
$user->set('username', $username);
$user->set('displayname', $values['displayname']);
$user->set('email', $values['email']);
$user->persist();
}
}

View file

@ -1,79 +0,0 @@
<?php
namespace Baikal\Core;
use Symfony\Component\Yaml\Yaml;
/**
* This is an authentication backend that uses a ldap backend to authenticate user.
*
* @author Sascha Kuehndel (InuSasha) <dev@inusasha.de>
* @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
*/
class LDAPUserBindAuth extends AbstractExternalAuth {
/**
* AccountValues for getAccountValues
*
* @var array ('displayname' => string, 'email' => string)
*/
private $accountValues;
/**
* Validates a username and password over ldap
*
* @param string $username
* @param string $password
* @return bool
*/
public function validateUserPassExternal($username, $password) {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
/* create ldap connection */
$conn = ldap_connect($config['system']['dav_ldap_uri']);
if (!$conn)
return false;
if (!ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, 3))
return false;
/* bind with user
* error_handler have to change, because a failed bind raises an error
* this raise a secuity issue because in the stack trace is the password of user readable
*/
$arr = explode('@', $username, 2);
$dn = str_replace('%n', $username, $config['system']['dav_ldap_dn_template']);
$dn = str_replace('%u', $arr[0], $dn);
if(isset($arr[1])) $dn = str_replace('%d', $arr[1], $dn);
set_error_handler("\Baikal\Core\LDAPUserBindAuth::exception_error_handler");
$bind = ldap_bind($conn, $dn, $password);
restore_error_handler();
if (!$bind) {
ldap_close($conn);
return false;
}
/* read displayname and email from user */
$this->accountValues = array();
$dav_ldap_displayname_attr = $config['system']['dav_ldap_displayname_attr'];
$dav_ldap_email_attr = $config['system']['dav_ldap_email_attr'];
$sr = ldap_read($conn, $dn, '(objectclass=*)', array($dav_ldap_displayname_attr, $dav_ldap_email_attr));
$entry = ldap_get_entries($conn, $sr);
if (isset($entry[0][$dav_ldap_displayname_attr][0]))
$this->accountValues['displayname'] = $entry[0][$dav_ldap_displayname_attr][0];
if (isset($entry[0][$dav_ldap_email_attr][0]))
$this->accountValues['email'] = $entry[0][$dav_ldap_email_attr][0];
/* close */
ldap_close($conn);
return true;
}
public function getAccountValues($username) {
return $this->accountValues;
}
# WorkAround error_handler in failed bind of LDAP
public static function exception_error_handler($errno, $errstr, $errfile, $errline) {
}
}

View file

@ -1,102 +0,0 @@
#!/usr/bin/env php
<?php
/***************************************************************
* Copyright notice
*
* (c) 2013 Jérôme Schneider <mail@jeromeschneider.fr>
* All rights reserved
*
* http://baikal-server.com
*
* This script is part of the Baïkal Server project. The Baïkal
* Server project is free software; you can redistribute it
* and/or modify it under the terms of the GNU General Public
* License as published by the Free Software Foundation; either
* version 2 of the License, or (at your option) any later version.
*
* The GNU General Public License can be found at
* http://www.gnu.org/copyleft/gpl.html.
*
* This script is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* This copyright notice MUST APPEAR in all copies of the script!
***************************************************************/
ini_set("session.cookie_httponly", 1);
ini_set("log_errors", 1);
error_reporting(E_WARNING | E_ERROR);
define("BAIKAL_CONTEXT", true);
define("BAIKAL_CONTEXT_INSTALL", true);
define("PROJECT_CONTEXT_BASEURI", "/admin/install/");
define('PROJECT_PATH_ROOT', realpath(__DIR__ . '/..') . '/' );
if (!file_exists(PROJECT_PATH_ROOT . 'vendor/')) {
echo "Baïkal is not completely installed!\n";
exit(1);
}
require PROJECT_PATH_ROOT . "vendor/autoload.php";
use Symfony\Component\Yaml\Yaml;
# Extend VersionUpgrade for cli usage
class CLIUpgrade extends \BaikalAdmin\Controller\Install\VersionUpgrade {
function run() {
try {
$config = Yaml::parseFile(PROJECT_PATH_CONFIG . "baikal.yaml");
} catch (\Exception $e) {
$this->output('Error reading baikal.yaml file : ' . $e->getMessage());
}
$sBaikalVersion = BAIKAL_VERSION;
$sBaikalConfiguredVersion = $config['system']['configured_version'];
if (isset($config['system']['configured_version']) && $sBaikalConfiguredVersion === BAIKAL_VERSION) {
$this->output("Baïkal is already configured for version " . $sBaikalVersion);
return true;
} else {
$this->output("Upgrading Baïkal from version " . $sBaikalConfiguredVersion . " to version " . $sBaikalVersion);
}
try {
$bSuccess = $this->upgrade($sBaikalConfiguredVersion, BAIKAL_VERSION);
} catch (\Exception $e) {
$bSuccess = false;
$this->output("Uncaught exception during upgrade: " . (string)$e);
}
if (!empty($oUpgrade->aErrors)) {
$this->output("Some errors occured:\n" . implode("\n - ", $oUpgrade->aErrors));
}
if (!empty($oUpgrade->aSuccess)) {
$this->output(implode("\n", $oUpgrade->aSuccess));
}
if ($bSuccess === false) {
$this->output("Error: unable to upgrade Baïkal.");
} else {
$this->output("Baïkal has been upgraded!");
}
return $bSuccess;
}
function output($message) {
echo $message . "\n";
}
}
# Bootstraping Flake
\Flake\Framework::bootstrap();
# Bootstrap BaikalAdmin
\BaikalAdmin\Framework::bootstrap();
# Run the upgrade
$oUpgrade = new CLIUpgrade();
if (!$oUpgrade->run()) {
exit(1);
}

View file

@ -1,79 +0,0 @@
diff --git a/Core/Frameworks/Baikal/Core/Server.php b/Core/Frameworks/Baikal/Core/Server.php
index e96fe39..b90b49e 100644
--- a/Core/Frameworks/Baikal/Core/Server.php
+++ b/Core/Frameworks/Baikal/Core/Server.php
@@ -133,8 +133,8 @@
if ($this->authType === 'Basic') {
$authBackend = new \Baikal\Core\PDOBasicAuth($this->pdo, $this->authRealm);
- } elseif ($this->authType === 'Apache') {
- $authBackend = new \Sabre\DAV\Auth\Backend\Apache();
+ } elseif ($this->authType === 'LDAP-UserBind') {
+ $authBackend = new \Baikal\Core\LDAPUserBindAuth($this->pdo, $this->authRealm);
} else {
$authBackend = new \Sabre\DAV\Auth\Backend\PDO($this->pdo);
$authBackend->setRealm($this->authRealm);
diff --git a/Core/Frameworks/Baikal/Model/Config/Standard.php b/Core/Frameworks/Baikal/Model/Config/Standard.php
index 1ef5a51..32ec217 100644
--- a/Core/Frameworks/Baikal/Model/Config/Standard.php
+++ b/Core/Frameworks/Baikal/Model/Config/Standard.php
@@ -37,6 +37,26 @@
"card_enabled" => true,
"cal_enabled" => true,
"dav_auth_type" => "Digest",
+ "dav_ldap_uri" => "ldapi:///",
+ "dav_ldap_dn_template" => "uid=%n,dc=example,dc=com",
+ "dav_ldap_displayname_attr" => "cn",
+ "dav_ldap_email_attr" => "mail",
+ "dav_ldap_uri" => [
+ "type" => "string",
+ "comment" => "URI to LDAP Server (for ldap-userbind auth); default ldapi:///"
+ ],
+ "dav_ldap_dn_template" => [
+ "type" => "string",
+ "comment" => "User DN for bind; with replacments %n => username, %u => user part, %d => domain part of username"
+ ],
+ "dav_ldap_displayname_attr" => [
+ "type" => "string",
+ "comment" => "LDAP-attribute for displayname; default cn"
+ ],
+ "dav_ldap_email_attr" => [
+ "type" => "string",
+ "comment" => "LDAP-attribute for email; default mail"
+ ],
"admin_passwordhash" => "",
"failed_access_message" => "user %u authentication failure for Baikal",
// While not editable as will change admin & any existing user passwords,
@@ -79,7 +99,31 @@
$oMorpho->add(new \Formal\Element\Listbox([
"prop" => "dav_auth_type",
"label" => "WebDAV authentication type",
- "options" => ["Digest", "Basic", "Apache"],
+ "options" => ["Digest", "Basic", "LDAP-UserBind"]
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_uri",
+ "label" => "LDAP URI"
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_dn_template",
+ "label" => "LDAP DN template",
+ "popover" => [
+ "title" => "posible placeholder",
+ "content" => "<strong>%n</strong> - username<br /><strong>%u</strong> - user part of username , when it is an email address)<br /><strong>%d</strong> - domain part",
+ ]
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_displayname_attr",
+ "label" => "LDAP attribute for DisplayName"
+ ]));
+
+ $oMorpho->add(new \Formal\Element\Text([
+ "prop" => "dav_ldap_email_attr",
+ "label" => "LDAP attribute for eMail"
]));
$oMorpho->add(new \Formal\Element\Password([