diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 5e4fcd1..287f13b 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -14,15 +14,15 @@ #================================================= # Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +current_version=$(cat manifest.toml | grep "version =" | sed 's|version = "\(.*\)~ynh[0-9]*"|\1|') +# repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') asset=$(curl --silent "https://download.dotclear.org/latest/" | grep "dotclear-.*?.zip" -Po | head -1) version=${asset%.zip} version=${version#dotclear-} # Later down the script, we assume the version has only digits and dots # Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. +# You may need more tweaks here if the upstream repository has different naming conventions. if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then version=${version:1} fi @@ -54,7 +54,7 @@ src="app" tempdir="$(mktemp -d)" # Download sources and calculate checksum -curl --silent -4 -L http://download.dotclear.org/latest/dotclear-$version.zip -o "$tempdir/$asset" +curl --silent -4 -L http://download.dotclear.org/latest/dotclear-$version.tar.gz -o "$tempdir/$asset" checksum=$(sha256sum "$tempdir/$asset" | head -c 64) # Delete temporary directory @@ -66,17 +66,10 @@ if [[ $asset == *.zip ]]; then fi # Rewrite source file -cat < conf/$src.src -SOURCE_URL=http://download.dotclear.org/latest/dotclear-$version.zip -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT -echo "... conf/$src.src updated" - +set -x +sed -i "s|/dotclear-.*.tar.gz|/dotclear-$version.tar.gz|" manifest.toml +sed -i "s|sha256 = \".*\"|sha256 = \"$checksum\"|" manifest.toml +sed -i "s|version = \".*\"|version = \"$version~ynh1\"|" manifest.toml #================================================= # SPECIFIC UPDATE STEPS #================================================= @@ -88,11 +81,8 @@ echo "... conf/$src.src updated" # GENERIC FINALIZATION #================================================= -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - # No need to update the README, yunohost-bot takes care of it # The Action will proceed only if the PROCEED environment variable is set to true echo "PROCEED=true" >> $GITHUB_ENV -exit 0 \ No newline at end of file +exit 0 diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 030c349..28d9701 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -1,127 +1,127 @@ server.":".$this->port); + if ($ds) { - if ($pwd == '') { - return parent::checkUser($user_id, null, $user_key, $check_blog); - } + ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); + if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) + { + # search the user in ldap, and get infos + $filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))"; + $sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase + $info = ldap_get_entries($ds, $sr); - # LDAP connection - $ds = ldap_connect("ldap://".$this->server.":".$this->port); - if ($ds) + if ($info["count"] == 1) { - ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) - { - # search the user in ldap, and get infos - $filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))"; - $sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase - $info = ldap_get_entries($ds, $sr); + # To be case sensitive + if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) { + return parent::checkUser($user_id, $pwd); + } - if ($info["count"] == 1) - { - # To be case sensitive - if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) { - return parent::checkUser($user_id, $pwd); - } - - try - { - $this->con->begin(); - $cur = $this->con->openCursor($this->user_table); - # Store the password - $cur->user_pwd = $pwd; + try + { + $this->con->begin(); + $cur = $this->con->openCursor($this->user_table); + # Store the password + $cur->user_pwd = $pwd; - # Store informations about the user - $cur->user_id = $user_id; - $cur->user_email = $info[0]['mail'][0]; - $cur->user_name = $info[0]['sn'][0]; - $cur->user_firstname = $info[0]['givenname'][0]; - $cur->user_displayname = $info[0]['cn'][0]; - $super_user = "__ADMIN__"; - if ($super_user == $user_id) { - $cur->user_super = 1; - } - else { - $cur->user_super = 0; - } - - # If the user exist, then we just update his password. - if (dcCore::app()->userExists($user_id)) - { - $this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur); - } - # If not, we create him. - # In order for him to connect, - # it is necessary to give him at least - # a permission "usage" on the blog "default". - else - { - $cur->user_lang = 'fr'; # Can change this, PR are welcome - $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome - $cur->user_default_blog = 'default'; # Can change this, PR are welcome - $this->sudo(array(dcCore::app(),'addUser'), $cur); - # Possible roles: - # admin "administrator" - # contentadmin "manage all entries and comments" - # usage "manage their own entries and comments" - # publish "publish entries and comments" - # delete "delete entries and comments" - # categories "manage categories" - # media_admin "manage all media items" - # media "manage their own media items" - # pages "manage pages" - # blogroll "manage blogroll" - $permissions = array( - 'admin' => "__BLOG_ADMIN__", - 'contentadmin' => "__BLOG_CONTENTADMIN__", - 'usage' => "__BLOG_USAGE__", - 'publish' => "__BLOG_PUBLISH__", - 'delete' => "__BLOG_DELETE__", - 'categories' => "__BLOG_CATEGORIES__", - 'media_admin' => "__BLOG_MEDIA_ADMIN__", - 'media' => "__BLOG_MEDIA__", - 'pages' => "__BLOG_PAGES__", - 'blogroll' => "__BLOG_BLOGROLL__", - ); - $set_perms = []; - - foreach ($permissions as $perm_id => $v) { - if (is_string($v) && $v == "true") { - $set_perms[$perm_id] = true; - } - } - $this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true); - } - - $this->con->commit(); - } - catch (Exception $e) - { - # In case of error we cancel and return "false" - $this->con->rollback(); - return false; - } - # The previous operations proceeded without error, - # we can now call the parent method - return parent::checkUser($user_id, $pwd); - } + # Store informations about the user + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['sn'][0]; + $cur->user_firstname = $info[0]['givenname'][0]; + $cur->user_displayname = $info[0]['cn'][0]; + $super_user = "__ADMIN__"; + if ($super_user == $user_id) { + $cur->user_super = 1; } + else { + $cur->user_super = 0; + } + + # If the user exist, then we just update his password. + if (dcCore::app()->userExists($user_id)) + { + $this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur); + } + # If not, we create him. + # In order for him to connect, + # it is necessary to give him at least + # a permission "usage" on the blog "default". else { - error_log("Failed to connect with the user ".$user_id); + $cur->user_lang = 'fr'; # Can change this, PR are welcome + $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome + $cur->user_default_blog = 'default'; # Can change this, PR are welcome + $this->sudo(array(dcCore::app(),'addUser'), $cur); + # Possible roles: + # admin "administrator" + # contentadmin "manage all entries and comments" + # usage "manage their own entries and comments" + # publish "publish entries and comments" + # delete "delete entries and comments" + # categories "manage categories" + # media_admin "manage all media items" + # media "manage their own media items" + # pages "manage pages" + # blogroll "manage blogroll" + $permissions = array( + 'admin' => "__BLOG_ADMIN__", + 'contentadmin' => "__BLOG_CONTENTADMIN__", + 'usage' => "__BLOG_USAGE__", + 'publish' => "__BLOG_PUBLISH__", + 'delete' => "__BLOG_DELETE__", + 'categories' => "__BLOG_CATEGORIES__", + 'media_admin' => "__BLOG_MEDIA_ADMIN__", + 'media' => "__BLOG_MEDIA__", + 'pages' => "__BLOG_PAGES__", + 'blogroll' => "__BLOG_BLOGROLL__", + ); + $set_perms = []; + + foreach ($permissions as $perm_id => $v) { + if (is_string($v) && $v == "true") { + $set_perms[$perm_id] = true; + } + } + $this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true); } + + $this->con->commit(); + } + catch (Exception $e) + { + # In case of error we cancel and return "false" + $this->con->rollback(); + return false; + } + # The previous operations proceeded without error, + # we can now call the parent method + return parent::checkUser($user_id, $pwd); } - return parent::checkUser($user_id, $pwd); + } + else + { + error_log("Failed to connect with the user ".$user_id); + } } + return parent::checkUser($user_id, $pwd); + } } ?> diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..b2ada97 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,6 +8,18 @@ # PERSONAL HELPERS #================================================= +_dotclear2_setup_source() { + # In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz + + src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r) + + if curl --output /dev/null --silent --head --fail "$src_url"; then + ynh_setup_source --dest_dir="$install_dir" --source_id="latest" + else + ynh_setup_source --dest_dir="$install_dir" --source_id="attic" + fi +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index e4f1116..19755e4 100755 --- a/scripts/install +++ b/scripts/install @@ -14,13 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Setting up source files..." --weight=4 -# In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz -src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r) -if ! curl --output /dev/null --silent --head --fail "$src_url"; then - ynh_setup_source --dest_dir="$install_dir" --source_id="attic" -else - ynh_setup_source --dest_dir="$install_dir" --source_id="latest" -fi +_dotclear2_setup_source chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" @@ -134,7 +128,9 @@ ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$la ynh_script_progression --message="Configuring Fail2Ban..." # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $install_dir/inc/class.auth.ldap.php .* client: , .*https://$domain${path%/}/admin/auth.php" +ynh_add_fail2ban_config \ + --logpath="/var/log/nginx/${domain}-error.log" \ + --failregex="Invalid credentials in $install_dir/inc/class.auth.ldap.php .* client: , .*https://$domain${path%/}/admin/auth.php" #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index da82346..74f06d6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,14 +23,14 @@ upgrade_type=$(ynh_check_app_version_changed) ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 if [ -z "${blog_admin:-}" ] || - [ -z "$blog_contentadmin" ] || - [ -z "$blog_usage" ] || - [ -z "$blog_publish" ] || - [ -z "$blog_delete" ] || - [ -z "$blog_categories" ] || - [ -z "$blog_media_admin" ] || - [ -z "$blog_media" ] || - [ -z "$blog_pages" ] || + [ -z "$blog_contentadmin" ] || + [ -z "$blog_usage" ] || + [ -z "$blog_publish" ] || + [ -z "$blog_delete" ] || + [ -z "$blog_categories" ] || + [ -z "$blog_media_admin" ] || + [ -z "$blog_media" ] || + [ -z "$blog_pages" ] || [ -z "$blog_blogroll" ]; then blog_admin="false" blog_contentadmin="false" @@ -62,14 +62,7 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." - # Download, check integrity, uncompress and patch the source from app.src - # In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz - src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r) - if ! curl --output /dev/null --silent --head --fail "$src_url"; then - ynh_setup_source --dest_dir="$install_dir" --source_id="attic" - else - ynh_setup_source --dest_dir="$install_dir" --source_id="latest" - fi + _dotclear2_setup_source fi chmod -R o-rwx "$install_dir"