YunoHost-Apps/dotclear2_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dotclear2_ynh.git synced 2024-09-03 18:26:29 +02:00
Code Issues Activity Actions 1

Merge pull request #77 from YunoHost-Apps/cleanup

Browse source 
Cleanup, updater.sh
This commit is contained in:
Salamandar 2023-12-12 11:37:57 +01:00 committed by GitHub
commit 4228bc2a1a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 143 additions and 152 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
.github/workflows/updater.sh vendored
View file

@ -14,15 +14,15 @@
#================================================= #=================================================
# Fetching information # Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') current_version=$(cat manifest.toml | grep "version =" | sed 's|version = "\(.*\)~ynh[0-9]*"|\1|')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') # repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
asset=$(curl --silent "https://download.dotclear.org/latest/" | grep "dotclear-.*?.zip" -Po | head -1) asset=$(curl --silent "https://download.dotclear.org/latest/" | grep "dotclear-.*?.zip" -Po | head -1)
version=${asset%.zip} version=${asset%.zip}
version=${version#dotclear-} version=${version#dotclear-}
# Later down the script, we assume the version has only digits and dots # Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out. # Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions. # You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1} version=${version:1}
fi fi
@ -54,7 +54,7 @@ src="app"
tempdir="$(mktemp -d)" tempdir="$(mktemp -d)"
# Download sources and calculate checksum # Download sources and calculate checksum
curl --silent -4 -L http://download.dotclear.org/latest/dotclear-$version.zip -o "$tempdir/$asset" curl --silent -4 -L http://download.dotclear.org/latest/dotclear-$version.tar.gz -o "$tempdir/$asset"
checksum=$(sha256sum "$tempdir/$asset" | head -c 64) checksum=$(sha256sum "$tempdir/$asset" | head -c 64)
# Delete temporary directory # Delete temporary directory
@ -66,17 +66,10 @@ if [[ $asset == *.zip ]]; then
fi fi
# Rewrite source file # Rewrite source file
cat <<EOT > conf/$src.src set -x
SOURCE_URL=http://download.dotclear.org/latest/dotclear-$version.zip sed -i "s|/dotclear-.*.tar.gz|/dotclear-$version.tar.gz|" manifest.toml
SOURCE_SUM=$checksum sed -i "s|sha256 = \".*\"|sha256 = \"$checksum\"|" manifest.toml
SOURCE_SUM_PRG=sha256sum sed -i "s|version = \".*\"|version = \"$version~ynh1\"|" manifest.toml
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true
EOT
echo "... conf/$src.src updated"
#================================================= #=================================================
# SPECIFIC UPDATE STEPS # SPECIFIC UPDATE STEPS
#================================================= #=================================================
@ -88,11 +81,8 @@ echo "... conf/$src.src updated"
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it # No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true # The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV echo "PROCEED=true" >> $GITHUB_ENV
exit 0 exit 0

218
conf/class.auth.ldap.php
View file

@ -1,127 +1,127 @@
<?php <?php
class ldapDcAuth extends dcAuth class ldapDcAuth extends dcAuth
{ {
# The user can't change his password # The user can't change his password
protected $allow_pass_change = false; protected $allow_pass_change = false;
# LDAP parameter # LDAP parameter
private $server = "localhost"; private $server = "localhost";
private $port = "389"; private $port = "389";
private $base = "dc=yunohost,dc=org"; private $base = "dc=yunohost,dc=org";
public function checkUser(string $user_id, ?string $pwd = NULL, ?string $user_key = NULL, bool $check_blog = true): bool public function checkUser(string $user_id, ?string $pwd = NULL, ?string $user_key = NULL, bool $check_blog = true): bool
{
if ($pwd == '') {
return parent::checkUser($user_id, null, $user_key, $check_blog);
}
# LDAP connection
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
if ($ds)
{ {
if ($pwd == '') { ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
return parent::checkUser($user_id, null, $user_key, $check_blog); if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
} {
# search the user in ldap, and get infos
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
# LDAP connection if ($info["count"] == 1)
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
if ($ds)
{ {
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); # To be case sensitive
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) {
{ return parent::checkUser($user_id, $pwd);
# search the user in ldap, and get infos }
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
$info = ldap_get_entries($ds, $sr);
if ($info["count"] == 1) try
{ {
# To be case sensitive $this->con->begin();
if ($info[0]['dn'] != "uid=".$user_id.",ou=users,".$this->base) { $cur = $this->con->openCursor($this->user_table);
return parent::checkUser($user_id, $pwd); # Store the password
} $cur->user_pwd = $pwd;
try
{
$this->con->begin();
$cur = $this->con->openCursor($this->user_table);
# Store the password
$cur->user_pwd = $pwd;
# Store informations about the user # Store informations about the user
$cur->user_id = $user_id; $cur->user_id = $user_id;
$cur->user_email = $info[0]['mail'][0]; $cur->user_email = $info[0]['mail'][0];
$cur->user_name = $info[0]['sn'][0]; $cur->user_name = $info[0]['sn'][0];
$cur->user_firstname = $info[0]['givenname'][0]; $cur->user_firstname = $info[0]['givenname'][0];
$cur->user_displayname = $info[0]['cn'][0]; $cur->user_displayname = $info[0]['cn'][0];
$super_user = "__ADMIN__"; $super_user = "__ADMIN__";
if ($super_user == $user_id) { if ($super_user == $user_id) {
$cur->user_super = 1; $cur->user_super = 1;
}
else {
$cur->user_super = 0;
}
# If the user exist, then we just update his password.
if (dcCore::app()->userExists($user_id))
{
$this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur);
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else
{
$cur->user_lang = 'fr'; # Can change this, PR are welcome
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
$this->sudo(array(dcCore::app(),'addUser'), $cur);
# Possible roles:
# admin "administrator"
# contentadmin "manage all entries and comments"
# usage "manage their own entries and comments"
# publish "publish entries and comments"
# delete "delete entries and comments"
# categories "manage categories"
# media_admin "manage all media items"
# media "manage their own media items"
# pages "manage pages"
# blogroll "manage blogroll"
$permissions = array(
'admin' => "__BLOG_ADMIN__",
'contentadmin' => "__BLOG_CONTENTADMIN__",
'usage' => "__BLOG_USAGE__",
'publish' => "__BLOG_PUBLISH__",
'delete' => "__BLOG_DELETE__",
'categories' => "__BLOG_CATEGORIES__",
'media_admin' => "__BLOG_MEDIA_ADMIN__",
'media' => "__BLOG_MEDIA__",
'pages' => "__BLOG_PAGES__",
'blogroll' => "__BLOG_BLOGROLL__",
);
$set_perms = [];
foreach ($permissions as $perm_id => $v) {
if (is_string($v) && $v == "true") {
$set_perms[$perm_id] = true;
}
}
$this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true);
}
$this->con->commit();
}
catch (Exception $e)
{
# In case of error we cancel and return "false"
$this->con->rollback();
return false;
}
# The previous operations proceeded without error,
# we can now call the parent method
return parent::checkUser($user_id, $pwd);
}
} }
else {
$cur->user_super = 0;
}
# If the user exist, then we just update his password.
if (dcCore::app()->userExists($user_id))
{
$this->sudo(array(dcCore::app(), 'updUser'), $user_id, $cur);
}
# If not, we create him.
# In order for him to connect,
# it is necessary to give him at least
# a permission "usage" on the blog "default".
else else
{ {
error_log("Failed to connect with the user ".$user_id); $cur->user_lang = 'fr'; # Can change this, PR are welcome
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
$this->sudo(array(dcCore::app(),'addUser'), $cur);
# Possible roles:
# admin "administrator"
# contentadmin "manage all entries and comments"
# usage "manage their own entries and comments"
# publish "publish entries and comments"
# delete "delete entries and comments"
# categories "manage categories"
# media_admin "manage all media items"
# media "manage their own media items"
# pages "manage pages"
# blogroll "manage blogroll"
$permissions = array(
'admin' => "__BLOG_ADMIN__",
'contentadmin' => "__BLOG_CONTENTADMIN__",
'usage' => "__BLOG_USAGE__",
'publish' => "__BLOG_PUBLISH__",
'delete' => "__BLOG_DELETE__",
'categories' => "__BLOG_CATEGORIES__",
'media_admin' => "__BLOG_MEDIA_ADMIN__",
'media' => "__BLOG_MEDIA__",
'pages' => "__BLOG_PAGES__",
'blogroll' => "__BLOG_BLOGROLL__",
);
$set_perms = [];
foreach ($permissions as $perm_id => $v) {
if (is_string($v) && $v == "true") {
$set_perms[$perm_id] = true;
}
}
$this->sudo(array(dcCore::app(), 'setUserBlogPermissions'), $user_id, 'default', $set_perms, true);
} }
$this->con->commit();
}
catch (Exception $e)
{
# In case of error we cancel and return "false"
$this->con->rollback();
return false;
}
# The previous operations proceeded without error,
# we can now call the parent method
return parent::checkUser($user_id, $pwd);
} }
return parent::checkUser($user_id, $pwd); }
else
{
error_log("Failed to connect with the user ".$user_id);
}
} }
return parent::checkUser($user_id, $pwd);
}
} }
?> ?>

12
scripts/_common.sh
View file

@ -8,6 +8,18 @@
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
_dotclear2_setup_source() {
# In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz
src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r)
if curl --output /dev/null --silent --head --fail "$src_url"; then
ynh_setup_source --dest_dir="$install_dir" --source_id="latest"
else
ynh_setup_source --dest_dir="$install_dir" --source_id="attic"
fi
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

12
scripts/install
View file

@ -14,13 +14,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=4 ynh_script_progression --message="Setting up source files..." --weight=4
# In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz _dotclear2_setup_source
src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r)
if ! curl --output /dev/null --silent --head --fail "$src_url"; then
ynh_setup_source --dest_dir="$install_dir" --source_id="attic"
else
ynh_setup_source --dest_dir="$install_dir" --source_id="latest"
fi
chmod 750 "$install_dir" chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
@ -134,7 +128,9 @@ ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$la
ynh_script_progression --message="Configuring Fail2Ban..." ynh_script_progression --message="Configuring Fail2Ban..."
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $install_dir/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path%/}/admin/auth.php" ynh_add_fail2ban_config \
--logpath="/var/log/nginx/${domain}-error.log" \
--failregex="Invalid credentials in $install_dir/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path%/}/admin/auth.php"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

25
scripts/upgrade
View file

@ -23,14 +23,14 @@ upgrade_type=$(ynh_check_app_version_changed)
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
if [ -z "${blog_admin:-}" ] || if [ -z "${blog_admin:-}" ] ||
[ -z "$blog_contentadmin" ] || [ -z "$blog_contentadmin" ] ||
[ -z "$blog_usage" ] || [ -z "$blog_usage" ] ||
[ -z "$blog_publish" ] || [ -z "$blog_publish" ] ||
[ -z "$blog_delete" ] || [ -z "$blog_delete" ] ||
[ -z "$blog_categories" ] || [ -z "$blog_categories" ] ||
[ -z "$blog_media_admin" ] || [ -z "$blog_media_admin" ] ||
[ -z "$blog_media" ] || [ -z "$blog_media" ] ||
[ -z "$blog_pages" ] || [ -z "$blog_pages" ] ||
[ -z "$blog_blogroll" ]; then [ -z "$blog_blogroll" ]; then
blog_admin="false" blog_admin="false"
blog_contentadmin="false" blog_contentadmin="false"
@ -62,14 +62,7 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src _dotclear2_setup_source
# In case of a new version, the url change from http://download.dotclear.org/latest/dotclear-X.X.X.tar.gz to http://download.dotclear.org/attic/dotclear-X.X.X.tar.gz
src_url=$(cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq '.resources.sources.latest.url' -r)
if ! curl --output /dev/null --silent --head --fail "$src_url"; then
ynh_setup_source --dest_dir="$install_dir" --source_id="attic"
else
ynh_setup_source --dest_dir="$install_dir" --source_id="latest"
fi
fi fi
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"