diff --git a/conf/dendrite.yaml b/conf/dendrite.yaml index ed247c7..d9ad595 100644 --- a/conf/dendrite.yaml +++ b/conf/dendrite.yaml @@ -81,7 +81,7 @@ global: # Disables federation. Dendrite will not be able to communicate with other servers # in the Matrix federation and the federation API will not be exposed. - disable_federation: false + disable_federation: __DISABLE_FEDERATION__ # Configures the handling of presence events. Inbound controls whether we receive # presence events from other servers, outbound controls whether we send presence @@ -164,16 +164,16 @@ client_api: # Prevents new guest accounts from being created. Guest registration is also # disabled implicitly by setting 'registration_disabled' above. - guests_disabled: true + guests_disabled: __GUESTS_DISABLED__ # If set, allows registration by anyone who knows the shared secret, regardless # of whether registration is otherwise disabled. - registration_shared_secret: "" + registration_shared_secret: __REGISTRATION_SHARED_SECRET__ # Whether to require reCAPTCHA for registration. If you have enabled registration # then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used # for coordinated spam attacks. - enable_registration_captcha: false + enable_registration_captcha: __ENABLE_REGISTRATION_CAPTCHA__ # Settings for ReCAPTCHA. recaptcha_public_key: "" diff --git a/config_panel.toml b/config_panel.toml index 5f28876..6f464ea 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -2,11 +2,57 @@ version = "1.0" [main] name = "Dendrite configuration" +services = ["__APP__"] [main.registration] name = "User registration" - [main.registration.registration] - ask = "Should registration be enabled?" + [main.registration.registration_shared_secret] + ask = "Shared Secret for Registration." + type = "string" + help = "Allows registration of default user or admin accounts, even if Registration disabled. See instructions https://matrix-org.github.io/synapse/latest/admin_api/register_api.html" + bind = ":/opt/yunohost/__APP__/dendrite.yaml" + + [main.registration.helptext] + ask = ''' + HOW TO REGISTER AN ACCOUNT ? + * Provide a Registration Shared Secret. + * To register an **admin** account for the user `USERNAME`, connect to your server with ssh and type : + `/opt/yunohost/dendrite/bin/create-account -config /opt/yunohost/dendrite/dendrite.yaml -username USERNAME -admin` + * Remove `-admin` to register a default user account + ''' + type = "markdown" + + [main.registration.registration_disabled] + ask = "Disable Registration from Element ?" type = "boolean" - default = false + yes = "true" + no = "false" + help = "If True, Registration of default user accounts from a Client App is disabled. If false and your server is federated, reCAPTCHA verification should be activated to avoid spamming the whole Matrix network." + + [main.registration.enable_registration_captcha] + ask = "Require CAPTCHA verification for Registration." + type = "boolean" + yes = "true" + no = "false" + help = "ReCAPTCHA API should be configured. See instructions https://matrix-org.github.io/dendrite/administration/registration#recaptcha-verification" + bind = ":/opt/yunohost/__APP__/dendrite.yaml" + visible = "!registration_disabled" + + [main.registration.guests_disabled] + ask = "Disable guests registration." + type = "boolean" + yes = "true" + no = "false" + help = "Guest registration is also disabled implicitly if Registration from Element is disabled." + bind = ":/opt/yunohost/__APP__/dendrite.yaml" + visible = "!registration_disabled" + + [main.registration.disable_federation] + ask = "Disable Federation." + type = "boolean" + yes = "true" + no = "false" + help = "Do not communicate with other homeservers of the Matrix Federation." + bind = ":/opt/yunohost/__APP__/dendrite.yaml" + visible = "enable_registration_captcha" diff --git a/manifest.toml b/manifest.toml index b438278..6418eeb 100644 --- a/manifest.toml +++ b/manifest.toml @@ -43,6 +43,8 @@ ram.runtime = "50M" ask.en = "Should the server allow any visitor to register as a user?" ask.fr = "Le serveur doit-il permettre à quiconque de s'enregistrer comme utilisateur ?" type = "boolean" + help.en = "If no, accounts should be registered by an admin after defining a secret. If yes, to protect your server and the federation from spammer, federation will be deactived by default. You must Activate CAPTCHA verification before federation reactivation. See Config Panel for instructions" + help.fr = "Si non, les comptes seront créés par un admin après avoir défini un secret. Si oui, la fédération sera désactivée pour protéger la fédération et vous des spammeurs. Activez la vérification par CAPTCHA avant de réactiver la fédération ! Voir les instructions dans le Config Panel" default = false [resources] diff --git a/scripts/config b/scripts/config index cc18266..46a5252 100644 --- a/scripts/config +++ b/scripts/config @@ -9,30 +9,33 @@ source _common.sh source /usr/share/yunohost/helpers +# Stop script if errors +ynh_abort_if_errors + +get_registration_disabled() { + registration_disabled=$(ynh_app_setting_get --app $app --key registration_disabled) + echo "${registration_disabled}" +} + +set__registration_disabled() { + if [ "$registration_disabled" -eq "1" ] + then + really_enable_open_registration="" + else + really_enable_open_registration="--really-enable-open-registration" + fi + + ynh_write_var_in_file --file=$install_dir/dendrite.yaml --key=registration_disabled --value="${registration_disabled}" + domain=$(ynh_app_setting_get --app $app --key domain) + port_tls=$(ynh_app_setting_get --app $app --key port_tls) + port=$(ynh_app_setting_get --app $app --key port) + psql_version=$(ynh_app_setting_get --app $app --key psql_version) + ynh_add_systemd_config + ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd" + ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled +} #================================================= # GENERIC FINALIZATION #================================================= -ynh_app_config_apply() { - _ynh_app_config_apply - - if [ "${changed[registration]}" == "true" ] - then - if [ $registration -eq 1 ] - then - registration_disabled="false" - really_enable_open_registration="--really-enable-open-registration" - else - registration_disabled="true" - really_enable_open_registration="" - fi - - ynh_add_config --template="../conf/dendrite.yaml" --destination="$install_dir/dendrite.yaml" - ynh_add_systemd_config - ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd" - ynh_app_setting_set --app=$app --key=registration --value=$registration - - fi -} - ynh_app_config_run $1 diff --git a/scripts/install b/scripts/install index fb8aaac..d921150 100644 --- a/scripts/install +++ b/scripts/install @@ -15,13 +15,15 @@ source /usr/share/yunohost/helpers #================================================= # Allow or deny registration based on is_public -if [ $registration -eq 1 ] +if [ "$registration" -eq "1" ] then registration_disabled="false" really_enable_open_registration="--really-enable-open-registration" + disable_federation="true" else registration_disabled="true" really_enable_open_registration="" + disable_federation="false" fi #================================================= @@ -29,7 +31,7 @@ fi #================================================= ynh_app_setting_set --app=$app --key=server_name --value=$server_name -ynh_app_setting_set --app=$app --key=registration --value=$registration +ynh_app_setting_set --app=$app --key=domain --value=$domain #================================================= # ADD USER TO THE SSL-CERT GROUP @@ -103,6 +105,18 @@ popd # Set permissions to app files chown -R $app:root "$install_dir" +#================================================= +## SET STANDARD SETTINGS FROM DEFAULT CONFIG +#================================================= +guests_disabled="true" +registration_shared_secret="" +enable_registration_captcha="false" +ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled +ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation +ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled +ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret +ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha + #================================================= # ADD A CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8545259..a3a486c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -34,21 +34,75 @@ if ! groups $app | grep -q 'ssl-cert'; then adduser $app ssl-cert fi +#================================================= +# GET CONFIG PANEL SETTINGS +#================================================= + +server_name=$(ynh_app_setting_get --app=$app --key=server_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) + +registration_disabled=$(ynh_app_setting_get --app=$app --key=registration_disabled) +disable_federation=$(ynh_app_setting_get --app=$app --key=disable_federation) +guests_disabled=$(ynh_app_setting_get --app=$app --key=guests_disabled) +registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) +enable_registration_captcha=$(ynh_app_setting_get --app=$app --key=enable_registration_captcha) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# MIGRATION : Manage old settings +#================================================= + + # Define $server_name if not already defined if [ -z $server_name ]; then server_name=$domain ynh_app_setting_set --app=$app --key=server_name --value=$domain fi +# Define $disable_federation if not already defined +if [ -z $enable_registration_captcha ]; then + enable_registration_captcha="false" + ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha +fi + +# Define $guests_disabled if not already defined +if [ -z $guests_disabled ]; then + guests_disabled="true" + ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled +fi + +# Define $registration_shared_secret if not already defined +if [ -z $registration_shared_secret ]; then + registration_shared_secret="" + ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret +fi + # Load up registration variables -if [[ $registration -eq 1 ]] -then - registration_disabled="false" - really_enable_open_registration="--really-enable-open-registration" +registration=$(ynh_app_setting_get --app=$app --key=registration) +if [ -z $registration ]; then + if [ "$registration_disabled" -eq "1" ] + then + really_enable_open_registration="--really-enable-open-registration" + else + really_enable_open_registration="" + fi else - registration_disabled="true" - really_enable_open_registration="" - ynh_app_setting_set --app=$app --key=registration --value=0 + ynh_app_setting_delete --app=$app --key=registration + if [[ "$registration" -eq "1" ]] + then + registration_disabled="false" + really_enable_open_registration="--really-enable-open-registration" + disable_federation="true" + ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled + ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation + else + registration_disabled="true" + really_enable_open_registration="" + disable_federation="false" + ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled + ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation + fi fi #=================================================