YunoHost-Apps/dolibarr_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dolibarr_ynh.git synced 2024-09-03 18:35:53 +02:00
Code Issues Activity Actions

LDAP and HTTP auth

Browse source 
YunoHost users are now instantly logged in with HTTP auth
For this feature to work, the app now needs to be private, all YNH users
must be added in the database, and the admin user must be a YNH user. As
a result, the manifest has changed:
- Admin password is replaced by admin user
- Public/Private is removed
- Adding YNH users as Dolibarr users is removed: this is default now
Unfortunately, upgrading the app will not change the previous behavior
(ie no automatic login). For automatic login to work, you **must**
reinstall the app
The sync script does not delete users. Therefore the post_user_delete
hook is not needed (and does not work anyway)
This commit is contained in:
Jeff 2017-05-05 17:34:15 +02:00 committed by GitHub
parent efc42505f4
commit 5cc9b9c96f
11 changed files with 49 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -18,5 +18,6 @@ What does not work yet: see Issues
What works: What works:
- Install, upgrade, remove, backup, restore - Install, upgrade, remove, backup, restore
- Automatic login
- Sync YNH users with Dolibarr users - Sync YNH users with Dolibarr users
- Sync YNH users with members in Dolibarr - Sync YNH users with members in Dolibarr

14
check_process
View file

@ -3,19 +3,19 @@
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/dolibarr" (PATH) path="/dolibarr" (PATH)
password="admin" (PASSWORD) admin="homer" (USER)
is_public=0 (PUBLIC|public=0|private=1) member="1"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
setup_root=1 setup_root=1
setup_nourl=0 setup_nourl=0
setup_private=1 setup_private=1
setup_public=1 setup_public=0
upgrade=1 upgrade=1
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=1
wrong_user=0 wrong_user=1
wrong_path=1 wrong_path=1
incorrect_path=1 incorrect_path=1
corrupt_source=0 corrupt_source=0
@ -26,8 +26,8 @@
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto
Level 3=auto Level 3=auto
Level 4=na Level 4=1
# LDAP is not integrated yet # LDAP is integrated with HTTP auth
Level 5=auto Level 5=auto
Level 6=auto Level 6=auto
Level 7=auto Level 7=auto

1
conf/ldap_member.sql
View file

@ -5,7 +5,6 @@ REPLACE INTO ynh_const (`name`, `value`, `type`) VALUES
('LDAP_MEMBER_FIELD_NAME', 'sn', 'chaine'), ('LDAP_MEMBER_FIELD_NAME', 'sn', 'chaine'),
('LDAP_MEMBER_FIELD_LOGIN', 'uid', 'chaine'), ('LDAP_MEMBER_FIELD_LOGIN', 'uid', 'chaine'),
('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'), ('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'),
('LDAP_MEMBER_FIELD_PASSWORD_CRYPTED', 'userPassword', 'chaine'),
('LDAP_MEMBER_FILTER', '&(objectClass=posixAccount)', 'chaine'), ('LDAP_MEMBER_FILTER', '&(objectClass=posixAccount)', 'chaine'),
('LDAP_MEMBER_OBJECT_CLASS', 'organizationalUnit,top', 'chaine'), ('LDAP_MEMBER_OBJECT_CLASS', 'organizationalUnit,top', 'chaine'),
('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'), ('LDAP_MEMBER_FIELD_MAIL', 'mail', 'chaine'),

1
conf/ldap_user.sql
View file

@ -8,5 +8,4 @@ REPLACE INTO ynh_const (`name`, `value`, `type`) VALUES
('LDAP_FIELD_FIRSTNAME', 'givenName', 'chaine'), ('LDAP_FIELD_FIRSTNAME', 'givenName', 'chaine'),
('LDAP_FIELD_MAIL', 'mail', 'chaine'), ('LDAP_FIELD_MAIL', 'mail', 'chaine'),
('LDAP_KEY_USERS', 'uid', 'chaine'), ('LDAP_KEY_USERS', 'uid', 'chaine'),
('LDAP_FIELD_PASSWORD_CRYPTED', 'userPassword', 'chaine'),
('LDAP_SYNCHRO_ACTIVE', 'ldap2dolibarr', 'chaine'); ('LDAP_SYNCHRO_ACTIVE', 'ldap2dolibarr', 'chaine');

3
conf/nginx.conf
View file

@ -17,4 +17,7 @@ location YNH_WWW_PATH/ {
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
} }
# show YunoHost panel access
include conf.d/yunohost_panel.conf.inc;
} }

9
hooks/post_user_create
View file

@ -4,13 +4,10 @@ src_path=/var/www/$app
user=YNH_USER user=YNH_USER
member=YNH_MEMBER member=YNH_MEMBER
# If YNH users should be users, sync users # Sync users
if [ $user = 1 ]; sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
then
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
fi
# If YNH users should be members, sync members # If YNH users should also be members, sync members
if [ $member = 1 ]; if [ $member = 1 ];
then then
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y

17
hooks/post_user_delete
View file

@ -1,17 +0,0 @@
#!/bin/bash
app=YNH_APP
src_path=/var/www/$app
user=YNH_USER
member=YNH_MEMBER
# If YNH users should be users, sync users
if [ $user = 1 ];
then
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
fi
# If YNH users should be members, sync members
if [ $member = 1 ];
then
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y
fi

37
manifest.json
View file

@ -15,7 +15,7 @@
"requirements": { "requirements": {
"yunohost": ">> 2.4.0" "yunohost": ">> 2.4.0"
}, },
"multi_instance": false, "multi_instance": true,
"services": [ "services": [
"nginx", "nginx",
"php5-fpm", "php5-fpm",
@ -43,39 +43,22 @@
"default": "/dolibarr" "default": "/dolibarr"
}, },
{ {
"name": "password", "name": "admin",
"type": "password", "type": "user",
"ask": { "ask": {
"en": "Choose a strong password for the 'admin' user", "en": "Choose an admin user",
"fr": "Choisissez un mot de passe fort pour l'administrateur 'admin'" "fr": "Choisissez ladministrateur"
}
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public site?",
"fr": "Est-ce un site public ?"
}, },
"default": false "example": "johndoe"
}, },
{
"name": "user",
"type": "boolean",
"ask": {
"en": "Should YunoHost users be users in Dolibarr?",
"fr": "Les utilisateurs YunoHost doivent-ils être des utilisateurs Dolibarr ?"
},
"default": true
},
{ {
"name": "member", "name": "member",
"type": "boolean", "type": "boolean",
"ask": { "ask": {
"en": "Should YunoHost users be draft members in Dolibarr?", "en": "Should YunoHost users also be added as members awaiting approval in Dolibarr?",
"fr": "Les utilisateurs YunoHost doivent-ils être des adhérents à l'état brouillon dans Dolibarr ?" "fr": "Les utilisateurs YunoHost doivent-ils aussi être ajoutés comme adhérents en attente de validation dans Dolibarr ?"
}, },
"default": true "default": false
} }
] ]
} }

43
scripts/install
View file

@ -10,9 +10,7 @@ version=$(cat ../sources/version)
# Retrieve arguments # Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH path=$YNH_APP_ARG_PATH
password=$YNH_APP_ARG_PASSWORD admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
user=$YNH_APP_ARG_USER
member=$YNH_APP_ARG_MEMBER member=$YNH_APP_ARG_MEMBER
# Correct path: puts a / at the start and nothing at the end # Correct path: puts a / at the start and nothing at the end
@ -25,12 +23,15 @@ version=$(cat ../sources/version)
# Check domain/path availability # Check domain/path availability
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ sudo yunohost app checkurl "${domain}${path}" -a "$app" \
|| ynh_die "Path not available: ${domain}${path}" || ynh_die "path not available: ${domain}${path}"
# Check user parameter
ynh_user_exists "$admin" \
|| ynh_die "The chosen admin user does not exist."
# Store settings # Store settings
ynh_app_setting_set $app domain $domain ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app user $user
ynh_app_setting_set $app member $member ynh_app_setting_set $app member $member
ynh_app_setting_set $app version $version ynh_app_setting_set $app version $version
@ -73,6 +74,7 @@ version=$(cat ../sources/version)
sed -i "s@YNH_DBNAME@$dbname@g" ../sources/install.forced.php sed -i "s@YNH_DBNAME@$dbname@g" ../sources/install.forced.php
sed -i "s@YNH_DBUSER@$dbuser@g" ../sources/install.forced.php sed -i "s@YNH_DBUSER@$dbuser@g" ../sources/install.forced.php
sed -i "s@YNH_DBPASS@$dbpass@g" ../sources/install.forced.php sed -i "s@YNH_DBPASS@$dbpass@g" ../sources/install.forced.php
sed -i "s@YNH_ADMIN@$admin@g" ../sources/install.forced.php
if [ $member = 1 ]; if [ $member = 1 ];
then then
# If YNH users are members, we must activate the members module # If YNH users are members, we must activate the members module
@ -93,6 +95,9 @@ version=$(cat ../sources/version)
ynh_app_setting_set "$app" unprotected_uris "/" ynh_app_setting_set "$app" unprotected_uris "/"
sudo yunohost app ssowatconf sudo yunohost app ssowatconf
# Generate a random password for the admin user (will be ignored because of LDAP)
password=$(ynh_string_random 8)
# Install with CURL # Install with CURL
curl -kL -H "Host: $domain" -X POST https://$domain$path/install/fileconf.php > /dev/null 2>&1 curl -kL -H "Host: $domain" -X POST https://$domain$path/install/fileconf.php > /dev/null 2>&1
curl -kL -H "Host: $domain" -X POST https://$domain$path/install/step1.php --data "testpost=ok&action=set&selectlang=fr_FR" > /dev/null 2>&1 curl -kL -H "Host: $domain" -X POST https://$domain$path/install/step1.php --data "testpost=ok&action=set&selectlang=fr_FR" > /dev/null 2>&1
@ -102,13 +107,10 @@ version=$(cat ../sources/version)
# Populate the LDAP parameters # Populate the LDAP parameters
mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap.sql mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap.sql
# If YNH users should be users, populate the database accordingly and sync users. Set the script as executable by all users to tackle a Hook limitation # Populate the database with YNH users.
if [ $user = 1 ]; mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap_user.sql
then sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
mysql -u ${dbuser} -p${dbpass} ${dbname} < ../conf/ldap_user.sql
sudo sudo -u www-data php $src_path/scripts/user/sync_users_ldap2dolibarr.php commitiferror --server=localhost -y
fi
# If YNH users should be members, populate the database accordingly, create the member list, and sync members # If YNH users should be members, populate the database accordingly, create the member list, and sync members
if [ $member = 1 ]; if [ $member = 1 ];
@ -117,18 +119,15 @@ version=$(cat ../sources/version)
sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y sudo sudo -u www-data php $src_path/scripts/members/sync_members_ldap2dolibarr.php commitiferror 1 --server=localhost -y
fi fi
# Enable SSO if chosen by the user # Re-enable SSO if chosen by the user
if [ $is_public = 0 ]; ynh_app_setting_delete $app unprotected_uris
then sudo yunohost app ssowatconf
ynh_app_setting_delete $app unprotected_uris
sudo yunohost app ssowatconf # Setup HTTP auth in conf
fi sudo sed -i "s@\$dolibarr_main_authentication='dolibarr';@\$dolibarr_main_authentication='http';@g" $src_path/htdocs/conf/conf.php
# Setup hooks # Setup hooks
sed -i "s@YNH_APP@$app@g" ../hooks/post_user_create sed -i "s@YNH_APP@$app@g" ../hooks/post_user_create
sed -i "s@YNH_USER@$user@g" ../hooks/post_user_create
sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_create sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_create
sed -i "s@YNH_APP@$app@g" ../hooks/post_user_delete sed -i "s@YNH_APP@$app@g" ../hooks/post_user_delete
sed -i "s@YNH_USER@$user@g" ../hooks/post_user_delete
sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_delete sed -i "s@YNH_MEMBER@$member@g" ../hooks/post_user_delete

10
scripts/upgrade
View file

@ -12,7 +12,6 @@ version=$(cat ../sources/version)
# Retrieve app settings # Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain) domain=$(ynh_app_setting_get "$app" domain)
path=$(ynh_app_setting_get "$app" path) path=$(ynh_app_setting_get "$app" path)
is_public=$(ynh_app_setting_get "$app" is_public)
old_version=$(ynh_app_setting_get "$app" version) old_version=$(ynh_app_setting_get "$app" version)
# Copy source files # Copy source files
@ -65,12 +64,9 @@ version=$(cat ../sources/version)
sudo chmod 444 $lock sudo chmod 444 $lock
sudo chown www-data: $lock sudo chown www-data: $lock
# Enable SSO if chosen by the user # Re-enable SSO
if [ $is_public = 0 ]; ynh_app_setting_delete $app unprotected_uris
then sudo yunohost app ssowatconf
ynh_app_setting_delete $app unprotected_uris
sudo yunohost app ssowatconf
fi
# Store the new version # Store the new version
ynh_app_setting_set $app version $version ynh_app_setting_set $app version $version

2
sources/install.forced.php
View file

@ -38,7 +38,7 @@ $force_install_createuser = false;
//$force_install_databaserootpass = ''; //$force_install_databaserootpass = '';
/** @var string Dolibarr super-administrator username */ /** @var string Dolibarr super-administrator username */
$force_install_dolibarrlogin = 'admin'; $force_install_dolibarrlogin = 'YNH_ADMIN';
/** @var string Enable module(s) (Comma separated class names list) */ /** @var string Enable module(s) (Comma separated class names list) */
$force_install_module = 'modLdap'; $force_install_module = 'modLdap';