mirror of
https://github.com/YunoHost-Apps/dolibarr_ynh.git
synced 2024-09-03 18:35:53 +02:00
LDAP and HTTP auth
YunoHost users are now instantly logged in with HTTP auth For this feature to work, the app now needs to be private, all YNH users must be added in the database, and the admin user must be a YNH user. As a result, the manifest has changed: - Admin password is replaced by admin user - Public/Private is removed - Adding YNH users as Dolibarr users is removed: this is default now Unfortunately, upgrading the app will not change the previous behavior (ie no automatic login). For automatic login to work, you **must** reinstall the app The sync script does not delete users. Therefore the post_user_delete hook is not needed (and does not work anyway)
This commit is contained in:
Jeff
GitHub
parent
efc42505f4
commit
5cc9b9c96f
11 changed files with 49 additions and 89 deletions
|
|
@ -18,5 +18,6 @@ What does not work yet: see Issues
|
|||
|
||||
What works:
|
||||
- Install, upgrade, remove, backup, restore
|
||||
- Automatic login
|
||||
- Sync YNH users with Dolibarr users
|
||||
- Sync YNH users with members in Dolibarr
|
||||
|
|
|
|||
|
|
@ -3,19 +3,19 @@
|
|||
; Manifest
|
||||
domain="domain.tld" (DOMAIN)
|
||||
path="/dolibarr" (PATH)
|
||||
password="admin" (PASSWORD)
|
||||
is_public=0 (PUBLIC|public=0|private=1)
|
||||
admin="homer" (USER)
|
||||
member="1"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
setup_root=1
|
||||
setup_nourl=0
|
||||
setup_private=1
|
||||
setup_public=1
|
||||
setup_public=0
|
||||
upgrade=1
|
||||
backup_restore=1
|
||||
multi_instance=0
|
||||
wrong_user=0
|
||||
multi_instance=1
|
||||
wrong_user=1
|
||||
wrong_path=1
|
||||
incorrect_path=1
|
||||
corrupt_source=0
|
||||
|
|
@ -26,8 +26,8 @@
|
|||
Level 1=auto
|
||||
Level 2=auto
|
||||
Level 3=auto
|
||||
Level 4=na
|
||||
# LDAP is not integrated yet
|
||||
Level 4=1
|
||||
# LDAP is integrated with HTTP auth
|
||||
Level 5=auto
|
||||
Level 6=auto
|
||||
Level 7=auto
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ REPLACE INTO ynh_const (`name`, `value`, `type`) VALUES
|
|||
('LDAP_MEMBER_FIELD_NAME', 'sn', 'chaine'),
|
||||
('LDAP_MEMBER_FIELD_LOGIN', 'uid', 'chaine'),
|
||||
('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'),
|
||||
('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED', 'userPassword', 'chaine'),
|
||||
('LDAP_MEMBER_FILTER', '&(objectClass=posixAccount)', 'chaine'),
|
||||
('LDAP_MEMBER_OBJECT_CLASS', 'organizationalUnit,top', 'chaine'),
|
||||
('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'),
|
||||
|
|
|
|||
|
|
@ -8,5 +8,4 @@ REPLACE INTO ynh_const (`name`, `value`, `type`) VALUES
|
|||
('LDAP_FIELD_FIRSTNAME', 'givenName', 'chaine'),
|
||||
('LDAP_FIELD_MAIL', 'mail', 'chaine'),
|
||||
('LDAP_KEY_USERS', 'uid', 'chaine'),
|
||||
('LDAP_FIELD_PASSWORD_CRYPTED', 'userPassword', 'chaine'),
|
||||
('LDAP_SYNCHRO_ACTIVE', 'ldap2dolibarr', 'chaine');
|
||||
|
|
|
|||
|
|
@ -17,4 +17,7 @@ location YNH_WWW_PATH/ {
|
|||
fastcgi_param PATH_INFO $fastcgi_path_info;
|
||||
fastcgi_param SCRIPT_FILENAME $request_filename;
|
||||
}
|
||||
|
||||
# show YunoHost panel access
|
||||
include conf.d/yunohost_panel.conf.inc;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,13 +4,10 @@ src_path=/var/www/$app
|
|||
user=YNH_USER
|
||||
member=YNH_MEMBER
|
||||
|
||||
# If YNH users should be users, sync users
|
||||
if [ $user = 1 ];
|
||||
then
|
||||
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
|
||||
fi
|
||||
# Sync users
|
||||
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
|
||||
|
||||
# If YNH users should be members, sync members
|
||||
# If YNH users should also be members, sync members
|
||||
if [ $member = 1 ];
|
||||
then
|
||||
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y
|
||||
|
|
|
|||
|
|
@ -1,17 +0,0 @@
|
|||
#!/bin/bash
|
||||
app=YNH_APP
|
||||
src_path=/var/www/$app
|
||||
user=YNH_USER
|
||||
member=YNH_MEMBER
|
||||
|
||||
# If YNH users should be users, sync users
|
||||
if [ $user = 1 ];
|
||||
then
|
||||
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
|
||||
fi
|
||||
|
||||
# If YNH users should be members, sync members
|
||||
if [ $member = 1 ];
|
||||
then
|
||||
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y
|
||||
fi
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
"requirements": {
|
||||
"yunohost": ">> 2.4.0"
|
||||
},
|
||||
"multi_instance": false,
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
"nginx",
|
||||
"php5-fpm",
|
||||
|
|
@ -43,39 +43,22 @@
|
|||
"default": "/dolibarr"
|
||||
},
|
||||
{
|
||||
"name": "password",
|
||||
"type": "password",
|
||||
"name": "admin",
|
||||
"type": "user",
|
||||
"ask": {
|
||||
"en": "Choose a strong password for the 'admin' user",
|
||||
"fr": "Choisissez un mot de passe fort pour l'administrateur 'admin'"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
"ask": {
|
||||
"en": "Is it a public site?",
|
||||
"fr": "Est-ce un site public ?"
|
||||
"en": "Choose an admin user",
|
||||
"fr": "Choisissez l’administrateur"
|
||||
},
|
||||
"default": false
|
||||
},
|
||||
{
|
||||
"name": "user",
|
||||
"type": "boolean",
|
||||
"ask": {
|
||||
"en": "Should YunoHost users be users in Dolibarr?",
|
||||
"fr": "Les utilisateurs YunoHost doivent-ils être des utilisateurs Dolibarr ?"
|
||||
},
|
||||
"default": true
|
||||
},
|
||||
"example": "johndoe"
|
||||
},
|
||||
{
|
||||
"name": "member",
|
||||
"type": "boolean",
|
||||
"ask": {
|
||||
"en": "Should YunoHost users be draft members in Dolibarr?",
|
||||
"fr": "Les utilisateurs YunoHost doivent-ils être des adhérents à l'état brouillon dans Dolibarr ?"
|
||||
"en": "Should YunoHost users also be added as members awaiting approval in Dolibarr?",
|
||||
"fr": "Les utilisateurs YunoHost doivent-ils aussi être ajoutés comme adhérents en attente de validation dans Dolibarr ?"
|
||||
},
|
||||
"default": true
|
||||
"default": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,9 +10,7 @@ version=$(cat ../sources/version)
|
|||
# Retrieve arguments
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path=$YNH_APP_ARG_PATH
|
||||
password=$YNH_APP_ARG_PASSWORD
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
user=$YNH_APP_ARG_USER
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
member=$YNH_APP_ARG_MEMBER
|
||||
|
||||
# Correct path: puts a / at the start and nothing at the end
|
||||
|
|
@ -25,12 +23,15 @@ version=$(cat ../sources/version)
|
|||
|
||||
# Check domain/path availability
|
||||
sudo yunohost app checkurl "${domain}${path}" -a "$app" \
|
||||
|| ynh_die "Path not available: ${domain}${path}"
|
||||
|| ynh_die "path not available: ${domain}${path}"
|
||||
|
||||
# Check user parameter
|
||||
ynh_user_exists "$admin" \
|
||||
|| ynh_die "The chosen admin user does not exist."
|
||||
|
||||
# Store settings
|
||||
ynh_app_setting_set $app domain $domain
|
||||
ynh_app_setting_set $app is_public $is_public
|
||||
ynh_app_setting_set $app user $user
|
||||
ynh_app_setting_set $app admin $admin
|
||||
ynh_app_setting_set $app member $member
|
||||
ynh_app_setting_set $app version $version
|
||||
|
||||
|
|
@ -73,6 +74,7 @@ version=$(cat ../sources/version)
|
|||
sed -i "s@YNH_DBNAME@$dbname@g" ../sources/install.forced.php
|
||||
sed -i "s@YNH_DBUSER@$dbuser@g" ../sources/install.forced.php
|
||||
sed -i "s@YNH_DBPASS@$dbpass@g" ../sources/install.forced.php
|
||||
sed -i "s@YNH_ADMIN@$admin@g" ../sources/install.forced.php
|
||||
if [ $member = 1 ];
|
||||
then
|
||||
# If YNH users are members, we must activate the members module
|
||||
|
|
@ -93,6 +95,9 @@ version=$(cat ../sources/version)
|
|||
ynh_app_setting_set "$app" unprotected_uris "/"
|
||||
sudo yunohost app ssowatconf
|
||||
|
||||
# Generate a random password for the admin user (will be ignored because of LDAP)
|
||||
password=$(ynh_string_random 8)
|
||||
|
||||
# Install with CURL
|
||||
curl -kL -H "Host: $domain" -X POST https://$domain$path/install/fileconf.php > /dev/null 2>&1
|
||||
curl -kL -H "Host: $domain" -X POST https://$domain$path/install/step1.php --data "testpost=ok&action=set&selectlang=fr_FR" > /dev/null 2>&1
|
||||
|
|
@ -102,13 +107,10 @@ version=$(cat ../sources/version)
|
|||
|
||||
# Populate the LDAP parameters
|
||||
mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap.sql
|
||||
|
||||
# If YNH users should be users, populate the database accordingly and sync users. Set the script as executable by all users to tackle a Hook limitation
|
||||
if [ $user = 1 ];
|
||||
then
|
||||
mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap_user.sql
|
||||
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
|
||||
fi
|
||||
|
||||
# Populate the database with YNH users.
|
||||
mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap_user.sql
|
||||
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
|
||||
|
||||
# If YNH users should be members, populate the database accordingly, create the member list, and sync members
|
||||
if [ $member = 1 ];
|
||||
|
|
@ -117,18 +119,15 @@ version=$(cat ../sources/version)
|
|||
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y
|
||||
fi
|
||||
|
||||
# Enable SSO if chosen by the user
|
||||
if [ $is_public = 0 ];
|
||||
then
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
sudo yunohost app ssowatconf
|
||||
fi
|
||||
# Re-enable SSO if chosen by the user
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
sudo yunohost app ssowatconf
|
||||
|
||||
# Setup HTTP auth in conf
|
||||
sudo sed -i "s@\$dolibarr_main_authentication='dolibarr';@\$dolibarr_main_authentication='http';@g" $src_path/htdocs/conf/conf.php
|
||||
|
||||
# Setup hooks
|
||||
sed -i "s@YNH_APP@$app@g" ../hooks/post_user_create
|
||||
sed -i "s@YNH_USER@$user@g" ../hooks/post_user_create
|
||||
sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_create
|
||||
|
||||
sed -i "s@YNH_APP@$app@g" ../hooks/post_user_delete
|
||||
sed -i "s@YNH_USER@$user@g" ../hooks/post_user_delete
|
||||
sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_delete
|
||||
|
|
|
|||
|
|
@ -12,7 +12,6 @@ version=$(cat ../sources/version)
|
|||
# Retrieve app settings
|
||||
domain=$(ynh_app_setting_get "$app" domain)
|
||||
path=$(ynh_app_setting_get "$app" path)
|
||||
is_public=$(ynh_app_setting_get "$app" is_public)
|
||||
old_version=$(ynh_app_setting_get "$app" version)
|
||||
|
||||
# Copy source files
|
||||
|
|
@ -65,12 +64,9 @@ version=$(cat ../sources/version)
|
|||
sudo chmod 444 $lock
|
||||
sudo chown www-data: $lock
|
||||
|
||||
# Enable SSO if chosen by the user
|
||||
if [ $is_public = 0 ];
|
||||
then
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
sudo yunohost app ssowatconf
|
||||
fi
|
||||
# Re-enable SSO
|
||||
ynh_app_setting_delete $app unprotected_uris
|
||||
sudo yunohost app ssowatconf
|
||||
|
||||
# Store the new version
|
||||
ynh_app_setting_set $app version $version
|
||||
|
|
|
|||
|
|
@ -38,7 +38,7 @@ $force_install_createuser = false;
|
|||
//$force_install_databaserootpass = '';
|
||||
|
||||
/** @var string Dolibarr super-administrator username */
|
||||
$force_install_dolibarrlogin = 'admin';
|
||||
$force_install_dolibarrlogin = 'YNH_ADMIN';
|
||||
|
||||
/** @var string Enable module(s) (Comma separated class names list) */
|
||||
$force_install_module = 'modLdap';
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue