Merge pull request #5 from YunoHost-Apps/testing

Testing

check_process

@@ -27,9 +27,7 @@
 	Level 1=auto
 	Level 2=auto
 	Level 3=auto
-# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it.
+	Level 4=1
-# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well.
-	Level 4=0
 	Level 5=auto
 	Level 6=auto
 	Level 7=auto

conf/class.auth.ldap.php

@@ -0,0 +1,81 @@
+<?php
+class myDcAuth extends dcAuth
+{
+        # The user can't change his password
+        protected $allow_pass_change = false;
+
+        public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true)
+        {
+                if ($pwd == '') {
+                        return parent::checkUser($user_id, null, $user_key, $check_blog);
+                }
+
+                $this->con->begin();
+                $cur = $this->con->openCursor($this->user_table);
+
+                # LDAP parameter
+                $server = "localhost";
+                $port = "389";
+                $racine = "dc=yunohost,dc=org";
+
+                # LDAP connection
+                $ds=ldap_connect($server);
+                ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
+                if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd))
+                {
+                        # Store the password
+                        $cur->user_pwd = $pwd;
+
+                        # If the user exist, then we just update his password.
+                        if ($this->core->userExists($user_id))
+                        {
+                                $this->sudo(array($this->core,'updUser'),$user_id,$cur);
+                                $this->con->commit();
+                        }
+                        # If not, we create him.
+                        # In order for him to connect, 
+                        # it is necessary to give him at least
+                        # a permission "usage" on the blog "default".
+                        else
+                        {
+                                # search the user in ldap, and get infos
+                                $sr=ldap_search($ds,$racine,"uid=$user_id",array( "dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
+                                $info = ldap_get_entries($ds, $sr);
+
+
+                                if ($info["count"] ==1)
+                                {
+                                        $cur->user_id = $user_id;
+                                        $cur->user_email = $info[0]['mail'][0];
+                                        $cur->user_name = $info[0]['givenname'][0];
+                                        $cur->user_firstname = $info[0]['sn'][0];
+                                        $cur->user_lang = 'fr';                         # Can change this, PR are welcome
+                                        $cur->user_tz = 'Europe/Paris';                 # Can change this, PR are welcome
+                                        $cur->user_default_blog = 'default';            # Can change this, PR are welcome
+                                        $this->sudo(array($this->core,'addUser'),$cur);
+                                        # Possible roles:
+                                        #admin "administrator"
+                                        #usage "manage their own entries and comments"
+                                        #publish "publish entries and comments"
+                                        #delete "delete entries and comments"
+                                        #contentadmin "manage all entries and comments"
+                                        #categories "manage categories"
+                                        #media "manage their own media items"
+                                        #media_admin "manage all media items"
+                                        #pages "manage pages"
+                                        #blogroll "manage blogroll"
+                                        $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
+                                        $this->con->commit();
+                                }
+                        }
+
+                        # The previous operations proceeded without error,
+                        # we can now call the parent method
+                        return parent::checkUser($user_id, $pwd, $user_key, $check_blog);
+                }
+                # In case of error we cancel and return "false"
+                $this->con->rollback();
+                return false;
+        }
+}
+?>

scripts/install

@@ -105,6 +105,7 @@ email=$(yunohost user info $admin | grep mail: | cut -d' ' -f2 | tr -d '\n')
 ynh_app_setting_set $app master_key $master_key
 
 cp $php_config.in $php_config
+cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
 
 admin_url=$(ynh_url_join $path_url admin/index.php)
 
@@ -128,6 +129,13 @@ ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_c
 ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config
 ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config
 
+# Adding LDAP login
+cat << EOF >> $php_config
+
+\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
+define('DC_AUTH_CLASS','myDcAuth');
+EOF
+
 ynh_store_file_checksum $php_config
 
 #=================================================
@@ -161,6 +169,8 @@ ynh_app_setting_delete $app skipped_uris
 if [ $is_public -eq 1 ]; then
 	# unprotected_uris allows SSO credentials to be passed anyway.
 	ynh_app_setting_set $app unprotected_uris "/"
+	# protect admin area
+	ynh_app_setting_set $app protected_uris "/admin"
 fi
 
 #=================================================

scripts/upgrade

@@ -125,6 +125,7 @@ ynh_add_fpm_config
 #=================================================
 
 cp $php_config.in $php_config
+cp ../conf/class.auth.ldap.php $final_path/inc/class.auth.ldap.php
 
 firstname=$(yunohost user info $admin | grep firstname: | cut -d' ' -f2 | tr -d '\n')
 lastname=$(yunohost user info $admin | grep lastname: | cut -d' ' -f2 | tr -d '\n')
@@ -151,6 +152,13 @@ ynh_replace_string "'DC_MASTER_KEY', ''" "'DC_MASTER_KEY', '$master_key'" $php_c
 ynh_replace_string "'DC_ADMIN_URL', ''" "'DC_ADMIN_URL', 'https://$domain$admin_url'" $php_config
 ynh_replace_string "'DC_ADMIN_MAILFROM', ''" "'DC_ADMIN_MAILFROM', '$email'" $php_config
 
+# Adding LDAP login
+cat << EOF >> $php_config
+
+\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
+define('DC_AUTH_CLASS','myDcAuth');
+EOF
+
 # Recalculate and store the checksum of the file for the next upgrade.
 ynh_store_file_checksum "$php_config"
 
@@ -173,6 +181,8 @@ if [ $is_public -eq 1 ]
 then
 	# unprotected_uris allows SSO credentials to be passed anyway
 	ynh_app_setting_set $app unprotected_uris "/"
+	# protect admin area
+	ynh_app_setting_set $app protected_uris "/admin"
 fi
 
 #=================================================