From e896d8e20b5fcf0883999463172611f0cb3be00a Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 17 Apr 2020 16:52:35 +0200 Subject: [PATCH 1/8] Add PR template --- pull_request_template.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 pull_request_template.md diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..8c14b7b --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,22 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how you fix that problem* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Validation +--- +- [ ] **Code review** : +- [ ] **Approval (LGTM)** : +*Code review and approval have to be from a member of @YunoHost-Apps/apps-group* +- **CI succeeded** : +[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/dotclear2_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/dotclear2_ynh%20PR-NUM-/) +*Please replace '-NUM-' in this link by the PR number.* +When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From a4b2910d5d613f77b788188ac52e950e9f20d9e9 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 17 Apr 2020 23:49:35 +0200 Subject: [PATCH 2/8] Refactor ldap class --- conf/class.auth.ldap.php | 121 ++++++++++++++++++++------------------- scripts/install | 4 +- scripts/upgrade | 4 +- 3 files changed, 66 insertions(+), 63 deletions(-) diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 7f85d30..02a172c 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -1,76 +1,79 @@ con->begin(); - $cur = $this->con->openCursor($this->user_table); - - # LDAP parameter - $server = "localhost"; - $port = "389"; - $racine = "dc=yunohost,dc=org"; - # LDAP connection - $ds=ldap_connect($server); - ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd)) + $ds = ldap_connect("ldap://".$this->server.":".$this->port); + if ($ds) { - # Store the password - $cur->user_pwd = $pwd; + ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3); - # search the user in ldap, and get infos - $filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))"; - $sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase - $info = ldap_get_entries($ds, $sr); + if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd)) + { + # search the user in ldap, and get infos + $filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))"; + $sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase + $info = ldap_get_entries($ds, $sr); - if ($info["count"] == 1) - { - # If the user exist, then we just update his password. - if ($this->core->userExists($user_id)) - { - $this->sudo(array($this->core,'updUser'),$user_id,$cur); - } - # If not, we create him. - # In order for him to connect, - # it is necessary to give him at least - # a permission "usage" on the blog "default". - else - { - $cur->user_id = $user_id; - $cur->user_email = $info[0]['mail'][0]; - $cur->user_name = $info[0]['givenname'][0]; - $cur->user_firstname = $info[0]['sn'][0]; - $cur->user_lang = 'fr'; # Can change this, PR are welcome - $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome - $cur->user_default_blog = 'default'; # Can change this, PR are welcome - $this->sudo(array($this->core,'addUser'),$cur); - # Possible roles: - #admin "administrator" - #usage "manage their own entries and comments" - #publish "publish entries and comments" - #delete "delete entries and comments" - #contentadmin "manage all entries and comments" - #categories "manage categories" - #media "manage their own media items" - #media_admin "manage all media items" - #pages "manage pages" - #blogroll "manage blogroll" - $this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome - } - $this->con->commit(); - } + if ($info["count"] == 1) + { + $this->con->begin(); + $cur = $this->con->openCursor($this->user_table); + # Store the password + $cur->user_pwd = $pwd; - # The previous operations proceeded without error, - # we can now call the parent method - return parent::checkUser($user_id, $pwd, $user_key, $check_blog); + # If the user exist, then we just update his password. + if ($this->core->userExists($user_id)) + { + $this->sudo(array($this->core, 'updUser'), $user_id, $cur); + } + # If not, we create him. + # In order for him to connect, + # it is necessary to give him at least + # a permission "usage" on the blog "default". + else + { + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['givenname'][0]; + $cur->user_firstname = $info[0]['sn'][0]; + $cur->user_lang = 'fr'; # Can change this, PR are welcome + $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome + $cur->user_default_blog = 'default'; # Can change this, PR are welcome + $this->sudo(array($this->core,'addUser'), $cur); + # Possible roles: + #admin "administrator" + #usage "manage their own entries and comments" + #publish "publish entries and comments" + #delete "delete entries and comments" + #contentadmin "manage all entries and comments" + #categories "manage categories" + #media "manage their own media items" + #media_admin "manage all media items" + #pages "manage pages" + #blogroll "manage blogroll" + $this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome + } + $this->con->commit(); + + # The previous operations proceeded without error, + # we can now call the parent method + return parent::checkUser($user_id, $pwd); + } + } } # In case of error we cancel and return "false" $this->con->rollback(); diff --git a/scripts/install b/scripts/install index 8aa824b..382262e 100755 --- a/scripts/install +++ b/scripts/install @@ -128,8 +128,8 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil cat << EOF >> $php_config -\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; -define('DC_AUTH_CLASS','myDcAuth'); +\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','ldapDcAuth'); EOF ynh_store_file_checksum --file=$php_config diff --git a/scripts/upgrade b/scripts/upgrade index 054a2d2..b1fd23b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -163,8 +163,8 @@ ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php cat << EOF >> $php_config -\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; -define('DC_AUTH_CLASS','myDcAuth'); +\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php'; +define('DC_AUTH_CLASS','ldapDcAuth'); EOF # Recalculate and store the checksum of the file for the next upgrade. From b621a399b829f4b390a7d7c1bf3062ffd0f48815 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 00:36:39 +0200 Subject: [PATCH 3/8] Fix first/last name and update at login --- conf/class.auth.ldap.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/conf/class.auth.ldap.php b/conf/class.auth.ldap.php index 02a172c..2ebc53f 100644 --- a/conf/class.auth.ldap.php +++ b/conf/class.auth.ldap.php @@ -35,6 +35,13 @@ class ldapDcAuth extends dcAuth # Store the password $cur->user_pwd = $pwd; + # Store informations about the user + $cur->user_id = $user_id; + $cur->user_email = $info[0]['mail'][0]; + $cur->user_name = $info[0]['sn'][0]; + $cur->user_firstname = $info[0]['givenname'][0]; + $cur->user_displayname = $info[0]['cn'][0]; + # If the user exist, then we just update his password. if ($this->core->userExists($user_id)) { @@ -46,10 +53,6 @@ class ldapDcAuth extends dcAuth # a permission "usage" on the blog "default". else { - $cur->user_id = $user_id; - $cur->user_email = $info[0]['mail'][0]; - $cur->user_name = $info[0]['givenname'][0]; - $cur->user_firstname = $info[0]['sn'][0]; $cur->user_lang = 'fr'; # Can change this, PR are welcome $cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome $cur->user_default_blog = 'default'; # Can change this, PR are welcome From 5a4bf8a734ee6467559a232cd6522b7f8879b05c Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 00:37:11 +0200 Subject: [PATCH 4/8] secure files --- scripts/install | 8 ++++++++ scripts/restore | 3 ++- scripts/upgrade | 4 +++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 382262e..76c1567 100755 --- a/scripts/install +++ b/scripts/install @@ -162,6 +162,14 @@ ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$la #================================================= # GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: $final_path +chown -R $app $final_path/{public,cache,themes,plugins} + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index d9634df..9c4b1ee 100755 --- a/scripts/restore +++ b/scripts/restore @@ -68,7 +68,8 @@ ynh_system_user_create --username=$app #================================================= # Restore permissions on app files -chown -R $app: $final_path +chown -R root: $final_path +chown -R $app $final_path/{public,cache,themes,plugins} #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index b1fd23b..d5d70da 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -177,7 +177,9 @@ ynh_store_file_checksum --file=$php_config #================================================= # Set permissions on app files -chown -R $app: $final_path +chown -R root: $final_path +chown -R $app $final_path/{public,cache,themes,plugins} + #================================================= # SETUP SSOWAT From 6456cc339c07bbb30b50d496553d593d54b75dfb Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 00:56:33 +0200 Subject: [PATCH 5/8] Updating database --- scripts/upgrade | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index d5d70da..922ed46 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -180,7 +180,6 @@ ynh_store_file_checksum --file=$php_config chown -R root: $final_path chown -R $app $final_path/{public,cache,themes,plugins} - #================================================= # SETUP SSOWAT #================================================= @@ -191,6 +190,18 @@ if ! ynh_permission_exists --permission "admin"; then ynh_permission_create --permission "admin" --url "/admin" --allowed $admin fi +#================================================= +# UPDATING DATABASE +#================================================= + +ynh_permission_update --permission "admin" --add "visitors" + +# Navigate to the admin panel to upgrade the database: https://dotclear.org/documentation/2.0/admin/upgrades +adminUrl="/admin/auth.php" +ynh_local_curl $adminUrl + +ynh_permission_update --permission "admin" --remove "visitors" + #================================================= # RELOAD NGINX #================================================= From 600983b03a8f8ae1f0a20323ed88c07a845440b5 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 01:08:12 +0200 Subject: [PATCH 6/8] fail2ban --- scripts/install | 8 ++++++++ scripts/upgrade | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/scripts/install b/scripts/install index 76c1567..d505356 100755 --- a/scripts/install +++ b/scripts/install @@ -170,6 +170,14 @@ ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$la chown -R root: $final_path chown -R $app $final_path/{public,cache,themes,plugins} +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in /var/www/dotclear2/inc/class.auth.ldap.php .* client: " + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 922ed46..ad78629 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -180,6 +180,14 @@ ynh_store_file_checksum --file=$php_config chown -R root: $final_path chown -R $app $final_path/{public,cache,themes,plugins} +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in /var/www/dotclear2/inc/class.auth.ldap.php .* client: " + #================================================= # SETUP SSOWAT #================================================= From 55647fe28f311f16ec3641c5fa574ac77b78e54a Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 01:17:09 +0200 Subject: [PATCH 7/8] Update README --- README.md | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index dfd82d2..9c3f68e 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ -# DotClear 2 app for YunoHost +# DotClear 2 for YunoHost -[![Integration level](https://dash.yunohost.org/integration/dotclear2.svg)](https://dash.yunohost.org/appci/app/dotclear2) +[![Integration level](https://dash.yunohost.org/integration/dotclear2.svg)](https://dash.yunohost.org/appci/app/dotclear2) ![](https://ci-apps.yunohost.org/ci/badges/dotclear2.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/dotclear2.maintain.svg) [![Install dotclear2 with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=dotclear2) > *This package allow you to install dotclear2 quickly and simply on a YunoHost server. @@ -15,6 +15,10 @@ Dotclear is an open-source web publishing software. ![](https://installatron.com/images/remote/ss2_dotclear.png) +## Demo + +* [Official demo](https://www.softaculous.com/demos/Dotclear) + ## Configuration How to configure this app: by an admin panel. @@ -32,14 +36,17 @@ Can the app be used by multiple users? **Yes** #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/dotclear2/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dotclear2/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/dotclear2/) +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dotclear2%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/dotclear2/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dotclear2%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dotclear2/) + +**More information on the documentation page:** +https://yunohost.org/packaging_apps ## Links * Report a bug: https://github.com/YunoHost-Apps/dotclear2_ynh/issues - * App website: https://dotclear.org/ + * App website: https://dotclear.org + * Upstream app repository: https://git.dotclear.org/dev/dotclear * YunoHost website: https://yunohost.org/ --- @@ -56,7 +63,3 @@ sudo yunohost app install https://github.com/YunoHost-Apps/dotclear2_ynh/tree/te or sudo yunohost app upgrade dotclear2 -u https://github.com/YunoHost-Apps/dotclear2_ynh/tree/testing --debug ``` - -# TODO - -- Add change url From 4ddaa01774ddc5b2892f9eb65d1793a4a18d5a6c Mon Sep 17 00:00:00 2001 From: Kay0u Date: Sat, 18 Apr 2020 01:25:53 +0200 Subject: [PATCH 8/8] Backup/restore fail2ban --- scripts/backup | 8 ++++++++ scripts/install | 2 +- scripts/remove | 8 ++++++++ scripts/restore | 9 +++++++++ scripts/upgrade | 2 +- 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/scripts/backup b/scripts/backup index ac5794c..cec5110 100755 --- a/scripts/backup +++ b/scripts/backup @@ -58,6 +58,14 @@ ynh_script_progression --message="Backing up the MySQL database..." ynh_mysql_dump_db --database="$db_name" > db.sql +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Backing up fail2ban configuration..." + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index d505356..e0c40a8 100755 --- a/scripts/install +++ b/scripts/install @@ -176,7 +176,7 @@ chown -R $app $final_path/{public,cache,themes,plugins} ynh_script_progression --message="Configuring fail2ban..." # Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in /var/www/dotclear2/inc/class.auth.ldap.php .* client: " +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: , .*https://$domain${path_url%/}/admin/auth.php" #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index f20e7d7..0ab4889 100755 --- a/scripts/remove +++ b/scripts/remove @@ -65,6 +65,14 @@ ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing fail2ban configuration..." + +# Remove the dedicated fail2ban config +ynh_remove_fail2ban_config + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 9c4b1ee..38b3011 100755 --- a/scripts/restore +++ b/scripts/restore @@ -77,6 +77,15 @@ chown -R $app $final_path/{public,cache,themes,plugins} ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +#================================================= +# RESTORE THE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the fail2ban configuration..." + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # SPECIFIC RESTORATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index ad78629..121612a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -186,7 +186,7 @@ chown -R $app $final_path/{public,cache,themes,plugins} ynh_script_progression --message="Reconfiguring fail2ban..." # Create a dedicated fail2ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in /var/www/dotclear2/inc/class.auth.ldap.php .* client: " +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: , .*https://$domain${path_url%/}/admin/auth.php" #================================================= # SETUP SSOWAT