mirror of
https://github.com/YunoHost-Apps/calibreweb_ynh.git
synced 2024-09-03 18:16:20 +02:00
Add SSO
This commit is contained in:
Krakinou
parent
164a3ad7a8
commit
a15211390f
6 changed files with 91 additions and 36 deletions
|
|
@ -7,20 +7,30 @@ users=$2
|
|||
permission=$3
|
||||
group=$4
|
||||
|
||||
#Si le groupe visitors a été affecté à calibreweb
|
||||
#Visitor group has been revomed => app is public
|
||||
if echo "$group" | grep visitors ; then
|
||||
if tail /etc/yunohost/apps/$app/conf/nginx.conf | grep " proxy_set_header X-Remote-User"; then
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path=$(ynh_app_setting_get --app=$app --key=path)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
#loading settings from the app
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path=$(ynh_app_setting_get --app=$app --key=path)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
||||
|
||||
touch ../manifest.toml
|
||||
#otherwise ynh_add_config complain about manifest
|
||||
touch ../manifest.toml
|
||||
|
||||
ynh_replace_string --match_string=" proxy_set_header X-Remote-User" --replace_string="# proxy_set_header X-Remote-User" --target_file="/etc/yunohost/apps/$app/conf/nginx.conf"
|
||||
ynh_add_config --template="/etc/yunohost/apps/$app/conf/nginx.conf" --destination="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
rm ../manifest.toml
|
||||
fi
|
||||
#reset a new conf file and move it to nginx
|
||||
ynh_replace_string --match_string=" proxy_set_header X-Remote-User" \
|
||||
--replace_string="# proxy_set_header X-Remote-User" \
|
||||
--target_file="/etc/yunohost/apps/$app/conf/nginx.conf"
|
||||
ynh_add_config --template="/etc/yunohost/apps/$app/conf/nginx.conf" \
|
||||
--destination="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
rm ../manifest.toml
|
||||
|
||||
#Update settings in calibre database
|
||||
sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='', config_allow_reverse_proxy_header_login=0 WHERE ID)1;"
|
||||
# ynh_print_info --message="Restarting Calibre-web to take new parameters into account
|
||||
# ynh_systemd_action --service_name=$app --action=restart --line_match="Starting Gevent server on" -t 30
|
||||
fi
|
||||
|
|
@ -7,24 +7,30 @@ users=$2
|
|||
permission=$3
|
||||
group=$4
|
||||
|
||||
#Visitor group has been revomed => app is private
|
||||
if echo "$group" | grep visitors; then
|
||||
if tail /etc/yunohost/apps/$app/conf/nginx.conf | grep "# proxy_set_header X-Remote-User"; then
|
||||
|
||||
domain = $(ynh_app_setting_get --app=$app --key=domain)
|
||||
path = $(ynh_app_setting_get --app=$app --key=path)
|
||||
port = $(ynh_app_setting_get --app=$app --key=port)
|
||||
|
||||
touch ../manifest.toml
|
||||
|
||||
ynh_replace_string --match_string="# proxy_set_header X-Remote-User" \
|
||||
--replace_string=" proxy_set_header X-Remote-User" \
|
||||
--target_file="/etc/yunohost/apps/$app/conf/nginx.conf"
|
||||
|
||||
ynh_add_config --template="/etc/yunohost/apps/$app/conf/nginx.conf" \
|
||||
--destination="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
rm ../manifest.toml
|
||||
fi
|
||||
fi
|
||||
|
||||
#loading settings from the app
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path=$(ynh_app_setting_get --app=$app --key=path)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
||||
|
||||
#otherwise ynh_add_config complain about manifest
|
||||
touch ../manifest.toml
|
||||
|
||||
#reset a new conf file and move it to nginx
|
||||
ynh_replace_string --match_string="# proxy_set_header X-Remote-User" \
|
||||
--replace_string=" proxy_set_header X-Remote-User" \
|
||||
--target_file="/etc/yunohost/apps/$app/conf/nginx.conf"
|
||||
ynh_add_config --template="/etc/yunohost/apps/$app/conf/nginx.conf" \
|
||||
--destination="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
rm ../manifest.toml
|
||||
|
||||
#Update settings in calibre database
|
||||
sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='X-Remote-User', config_allow_reverse_proxy_header_login=1 WHERE ID=1;"
|
||||
# ynh_print_info --message="Restarting Calibre-web to take new parameters into account
|
||||
# ynh_systemd_action --service_name=$app --action=restart --line_match="Starting Gevent server on" -t 30
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@ app=${app:3}
|
|||
source /etc/yunohost/apps/$app/scripts/_common.sh
|
||||
|
||||
username=$1
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
install_dir=$(ynh_app_setting_get $app install_dir)
|
||||
del_tables_user="book_read_link remote_auth_token downloads shelf bookmark"
|
||||
del_tables_shelf="book_shelf_link"
|
||||
|
||||
|
|
@ -16,12 +16,12 @@ del_id() {
|
|||
#$1=table
|
||||
#$2=id_type
|
||||
#$3=id
|
||||
sqlite3 $final_path/app.db "DELETE FROM $1 WHERE $2='$3'"
|
||||
sqlite3 $install_dir/app.db "DELETE FROM $1 WHERE $2='$3'"
|
||||
}
|
||||
|
||||
|
||||
user_id=$(sqlite3 $final_path/app.db "SELECT id from user WHERE nickname='$username'")
|
||||
shelf_id=$(sqlite3 $final_path/app.db "SELECT id from shelf WHERE user_id='$user_id'")
|
||||
user_id=$(sqlite3 $install_dir/app.db "SELECT id from user WHERE nickname='$username'")
|
||||
shelf_id=$(sqlite3 $install_dir/app.db "SELECT id from shelf WHERE user_id='$user_id'")
|
||||
|
||||
#Delete all entry with dependencies for user
|
||||
#pas de check sur l'existence de l'utilisateur car fonctionne sans
|
||||
|
|
|
|||
|
|
@ -95,6 +95,12 @@ if [ $path = "/" ] ; then
|
|||
ynh_replace_string " proxy_set_header X-Script-Name" "# proxy_set_header X-Script-Name" ../conf/nginx.conf
|
||||
fi
|
||||
|
||||
if [ $(ynh_permission_has_user --permission=main --user=visitors) ]; then
|
||||
ynh_replace_string --match_string=" proxy_set_header X-Remote-User" \
|
||||
--replace_string="# proxy_set_header X-Remote-User" \
|
||||
--target_file="../conf/nginx.conf"
|
||||
fi
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
||||
|
|
@ -123,6 +129,8 @@ ynh_replace_string --match_string="<policy domain="coder" rights="none" pattern=
|
|||
--replace_string="<policy domain="coder" rights="read" pattern="PDF" />" \
|
||||
--target_file="/etc/ImageMagick-6/policy.xml"
|
||||
|
||||
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
|
|
@ -162,6 +170,13 @@ ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*LDAP Login failed
|
|||
ynh_script_progression --message="Start $app..." --weight=5
|
||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting Gevent server on" -t 30
|
||||
|
||||
#We need to update the sso login parameter, but for that the app needs to have run at least once to initialize the tables.
|
||||
if [ ! $(ynh_permission_has_user --permission=main --user=visitors) ]; then
|
||||
ynh_systemd_action --service_name=$app --action="stop"
|
||||
sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='X-Remote-User', config_allow_reverse_proxy_header_login=1 WHERE ID=1;"
|
||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting Gevent server on"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -106,6 +106,16 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." -
|
|||
if [ $path = "/" ] ; then
|
||||
ynh_replace_string " proxy_set_header X-Script-Name" "# proxy_set_header X-Script-Name" ../conf/nginx.conf
|
||||
fi
|
||||
|
||||
if [ ynh_permission_has_user --permission=main --user=visitors ]; then
|
||||
sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='', config_allow_reverse_proxy_header_login=0 WHERE ID)1;"
|
||||
ynh_replace_string --match_string=" proxy_set_header X-Remote-User" \
|
||||
--replace_string="# proxy_set_header X-Remote-User" \
|
||||
--target_file="../conf/nginx.conf"
|
||||
else
|
||||
sqlite3 $install_dir/app.db "UPDATE settings SET config_reverse_proxy_login_header_name='X-Remote-User', config_allow_reverse_proxy_header_login=1 WHERE ID=1;"
|
||||
fi
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
||||
|
|
|
|||
14
sources/patches/main-web.py.patch
Normal file
14
sources/patches/main-web.py.patch
Normal file
|
|
@ -0,0 +1,14 @@
|
|||
--- a/cps/web.py 2023-03-27 19:49:57.000000000 +0200
|
||||
+++ b/cps/web.py 2023-08-05 11:05:36.703730438 +0200
|
||||
@@ -1411,7 +1411,10 @@
|
||||
if feature_support['oauth'] and (config.config_login_type == 2 or config.config_login_type == 3):
|
||||
logout_oauth_user()
|
||||
log.debug("User logged out")
|
||||
- return redirect(url_for('web.login'))
|
||||
+ if config.config_login_type == constants.LOGIN_LDAP:
|
||||
+ return redirect(request.host_url + '/yunohost/sso/?action=logout')
|
||||
+ else:
|
||||
+ return redirect(url_for('web.login'))
|
||||
|
||||
|
||||
# ################################### Users own configuration #########################################################
|
||||
Loading…
Add table
Reference in a new issue