Merge pull request #105 from Gredin67/patch-1

Expose shared secret and add instructions for registering users

conf/dendrite.yaml

@@ -81,7 +81,7 @@ global:
 
   # Disables federation. Dendrite will not be able to communicate with other servers
   # in the Matrix federation and the federation API will not be exposed.
-  disable_federation: false
+  disable_federation: __DISABLE_FEDERATION__
 
   # Configures the handling of presence events. Inbound controls whether we receive
   # presence events from other servers, outbound controls whether we send presence
@@ -164,16 +164,16 @@ client_api:
 
   # Prevents new guest accounts from being created. Guest registration is also
   # disabled implicitly by setting 'registration_disabled' above.
-  guests_disabled: true
+  guests_disabled: __GUESTS_DISABLED__
 
   # If set, allows registration by anyone who knows the shared secret, regardless
   # of whether registration is otherwise disabled.
-  registration_shared_secret: ""
+  registration_shared_secret: __REGISTRATION_SHARED_SECRET__
 
   # Whether to require reCAPTCHA for registration. If you have enabled registration
   # then this is HIGHLY RECOMMENDED to reduce the risk of your homeserver being used
   # for coordinated spam attacks.
-  enable_registration_captcha: false
+  enable_registration_captcha: __ENABLE_REGISTRATION_CAPTCHA__
 
   # Settings for ReCAPTCHA.
   recaptcha_public_key: ""

config_panel.toml

@@ -2,11 +2,57 @@ version = "1.0"
 
 [main]
 name = "Dendrite configuration"
+services = ["__APP__"]
 
     [main.registration]
     name = "User registration"
 
-        [main.registration.registration]
-        ask = "Should registration be enabled?"
+        [main.registration.registration_shared_secret]
+        ask = "Shared Secret for Registration."
+        type = "string"
+        help = "Allows registration of default user or admin accounts, even if Registration disabled. See instructions https://matrix-org.github.io/synapse/latest/admin_api/register_api.html"
+        bind = ":/opt/yunohost/__APP__/dendrite.yaml"
+
+        [main.registration.helptext]
+        ask = '''
+        HOW TO REGISTER AN ACCOUNT ? 
+        * Provide a Registration Shared Secret.
+        * To register an **admin** account for the user `USERNAME`, connect to your server with ssh and type :
+        `/opt/yunohost/dendrite/bin/create-account -config /opt/yunohost/dendrite/dendrite.yaml -username USERNAME -admin`
+        * Remove `-admin` to register a default user account
+        '''
+        type = "markdown"
+
+        [main.registration.registration_disabled]
+        ask = "Disable Registration from Element ?"
         type = "boolean"
-        default = false
+        yes = "true"
+        no = "false"
+        help = "If True, Registration of default user accounts from a Client App is disabled. If false and your server is federated, reCAPTCHA verification should be activated to avoid spamming the whole Matrix network."
+
+        [main.registration.enable_registration_captcha]
+        ask = "Require CAPTCHA verification for Registration."
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "ReCAPTCHA API should be configured. See instructions https://matrix-org.github.io/dendrite/administration/registration#recaptcha-verification"
+        bind = ":/opt/yunohost/__APP__/dendrite.yaml"
+        visible = "!registration_disabled"
+
+        [main.registration.guests_disabled]
+        ask = "Disable guests registration."
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "Guest registration is also disabled implicitly if Registration from Element is disabled."
+        bind = ":/opt/yunohost/__APP__/dendrite.yaml"
+        visible = "!registration_disabled"
+        
+        [main.registration.disable_federation]
+        ask = "Disable Federation."
+        type = "boolean"
+        yes = "true"
+        no = "false"
+        help = "Do not communicate with other homeservers of the Matrix Federation."
+        bind = ":/opt/yunohost/__APP__/dendrite.yaml"
+        visible = "enable_registration_captcha"

manifest.toml

@@ -43,6 +43,8 @@ ram.runtime = "50M"
     ask.en = "Should the server allow any visitor to register as a user?"
     ask.fr = "Le serveur doit-il permettre à quiconque de s'enregistrer comme utilisateur ?"
     type = "boolean"
+    help.en = "If no, accounts should be registered by an admin after defining a secret. If yes, to protect your server and the federation from spammer, federation will be deactived by default. You must Activate CAPTCHA verification before federation reactivation. See Config Panel for instructions"
+    help.fr = "Si non, les comptes seront créés par un admin après avoir défini un secret. Si oui, la fédération sera désactivée pour protéger la fédération et vous des spammeurs. Activez la vérification par CAPTCHA avant de réactiver la fédération ! Voir les instructions dans le Config Panel"
     default = false
 
 [resources]

scripts/config

@@ -9,30 +9,33 @@
 source _common.sh
 source /usr/share/yunohost/helpers
 
+# Stop script if errors
+ynh_abort_if_errors
+
+get_registration_disabled() {
+    registration_disabled=$(ynh_app_setting_get --app $app --key registration_disabled)
+    echo "${registration_disabled}"
+}
+
+set__registration_disabled() { 
+    if [ "$registration_disabled" -eq "1" ]
+    then
+        really_enable_open_registration=""
+    else
+        really_enable_open_registration="--really-enable-open-registration"
+    fi
+
+    ynh_write_var_in_file --file=$install_dir/dendrite.yaml --key=registration_disabled --value="${registration_disabled}" 
+    domain=$(ynh_app_setting_get --app $app --key domain)
+    port_tls=$(ynh_app_setting_get --app $app --key port_tls)
+    port=$(ynh_app_setting_get --app $app --key port)
+    psql_version=$(ynh_app_setting_get --app $app --key psql_version)
+    ynh_add_systemd_config
+    ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd"
+    ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
+}
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 
-ynh_app_config_apply() {
-    _ynh_app_config_apply
-
-    if [ "${changed[registration]}" == "true" ]
-    then
-        if [ $registration -eq 1 ]
-        then
-            registration_disabled="false"
-            really_enable_open_registration="--really-enable-open-registration"
-        else
-            registration_disabled="true"
-            really_enable_open_registration=""
-        fi
-
-        ynh_add_config --template="../conf/dendrite.yaml" --destination="$install_dir/dendrite.yaml"
-        ynh_add_systemd_config
-        ynh_systemd_action --service_name=$app --action="restart" --line_match="Starting external listener" --log_path="systemd"
-        ynh_app_setting_set --app=$app --key=registration --value=$registration
-
-    fi
-}
-
 ynh_app_config_run $1

scripts/install

@@ -15,13 +15,15 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 # Allow or deny registration based on is_public
-if [ $registration -eq 1 ]
+if [ "$registration" -eq "1" ]
 then
 	registration_disabled="false"
 	really_enable_open_registration="--really-enable-open-registration"
+	disable_federation="true"
 else
 	registration_disabled="true"
 	really_enable_open_registration=""
+	disable_federation="false"
 fi
 
 #=================================================
@@ -29,7 +31,7 @@ fi
 #=================================================
 
 ynh_app_setting_set --app=$app --key=server_name --value=$server_name
-ynh_app_setting_set --app=$app --key=registration --value=$registration
+ynh_app_setting_set --app=$app --key=domain --value=$domain
 
 #=================================================
 # ADD USER TO THE SSL-CERT GROUP
@@ -103,6 +105,18 @@ popd
 # Set permissions to app files
 chown -R $app:root "$install_dir"
 
+#=================================================
+## SET STANDARD SETTINGS FROM DEFAULT CONFIG
+#=================================================
+guests_disabled="true"
+registration_shared_secret=""
+enable_registration_captcha="false"
+ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
+ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
+ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled
+ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret
+ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha
+
 #=================================================
 # ADD A CONFIGURATION
 #=================================================

scripts/upgrade

@@ -34,21 +34,75 @@ if ! groups $app | grep -q 'ssl-cert'; then
         adduser $app ssl-cert
 fi
 
+#=================================================
+# GET CONFIG PANEL SETTINGS
+#=================================================
+
+server_name=$(ynh_app_setting_get --app=$app --key=server_name)
+domain=$(ynh_app_setting_get --app=$app --key=domain)
+
+registration_disabled=$(ynh_app_setting_get --app=$app --key=registration_disabled)
+disable_federation=$(ynh_app_setting_get --app=$app --key=disable_federation)
+guests_disabled=$(ynh_app_setting_get --app=$app --key=guests_disabled)
+registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
+enable_registration_captcha=$(ynh_app_setting_get --app=$app --key=enable_registration_captcha)
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# MIGRATION : Manage old settings
+#=================================================
+
+
 # Define $server_name if not already defined
 if [ -z $server_name ]; then
    server_name=$domain
    ynh_app_setting_set --app=$app --key=server_name --value=$domain
 fi
 
+# Define $disable_federation if not already defined
+if [ -z $enable_registration_captcha ]; then
+   enable_registration_captcha="false"
+   ynh_app_setting_set --app=$app --key=enable_registration_captcha --value=$enable_registration_captcha
+fi
+
+# Define $guests_disabled if not already defined
+if [ -z $guests_disabled ]; then
+   guests_disabled="true"
+   ynh_app_setting_set --app=$app --key=guests_disabled --value=$guests_disabled
+fi
+
+# Define $registration_shared_secret if not already defined
+if [ -z $registration_shared_secret ]; then
+   registration_shared_secret=""
+   ynh_app_setting_set --app=$app --key=registration_shared_secret --value=$registration_shared_secret
+fi
+
 # Load up registration variables
-if [[ $registration -eq 1 ]]
-then
+registration=$(ynh_app_setting_get --app=$app --key=registration)
+if [ -z $registration ]; then
+	if [ "$registration_disabled" -eq "1" ]
+	then
+		really_enable_open_registration="--really-enable-open-registration"
+	else
+		really_enable_open_registration=""
+	fi
+else
+	ynh_app_setting_delete --app=$app --key=registration
+	if [[ "$registration" -eq "1" ]]
+	then
 		registration_disabled="false"
 		really_enable_open_registration="--really-enable-open-registration"
-else
+		disable_federation="true"
+		ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
+		ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
+	else
 		registration_disabled="true"
 		really_enable_open_registration=""
-        ynh_app_setting_set --app=$app --key=registration --value=0
+		disable_federation="false"
+		ynh_app_setting_set --app=$app --key=registration_disabled --value=$registration_disabled
+		ynh_app_setting_set --app=$app --key=disable_federation --value=$disable_federation
+	fi
 fi
 
 #=================================================