mirror of
https://github.com/YunoHost-Apps/dotclear2_ynh.git
synced 2024-09-03 18:26:29 +02:00
commit
be6012938d
8 changed files with 169 additions and 75 deletions
23
README.md
23
README.md
|
@ -1,6 +1,6 @@
|
|||
# DotClear 2 app for YunoHost
|
||||
# DotClear 2 for YunoHost
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/dotclear2.svg)](https://dash.yunohost.org/appci/app/dotclear2)
|
||||
[![Integration level](https://dash.yunohost.org/integration/dotclear2.svg)](https://dash.yunohost.org/appci/app/dotclear2) ![](https://ci-apps.yunohost.org/ci/badges/dotclear2.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/dotclear2.maintain.svg)
|
||||
[![Install dotclear2 with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=dotclear2)
|
||||
|
||||
> *This package allow you to install dotclear2 quickly and simply on a YunoHost server.
|
||||
|
@ -15,6 +15,10 @@ Dotclear is an open-source web publishing software.
|
|||
|
||||
![](https://installatron.com/images/remote/ss2_dotclear.png)
|
||||
|
||||
## Demo
|
||||
|
||||
* [Official demo](https://www.softaculous.com/demos/Dotclear)
|
||||
|
||||
## Configuration
|
||||
|
||||
How to configure this app: by an admin panel.
|
||||
|
@ -32,14 +36,17 @@ Can the app be used by multiple users? **Yes**
|
|||
|
||||
#### Supported architectures
|
||||
|
||||
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/dotclear2/)
|
||||
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dotclear2/)
|
||||
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/dotclear2%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/dotclear2/)
|
||||
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/dotclear2%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/dotclear2/)
|
||||
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/dotclear2%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/dotclear2/)
|
||||
|
||||
**More information on the documentation page:**
|
||||
https://yunohost.org/packaging_apps
|
||||
|
||||
## Links
|
||||
|
||||
* Report a bug: https://github.com/YunoHost-Apps/dotclear2_ynh/issues
|
||||
* App website: https://dotclear.org/
|
||||
* App website: https://dotclear.org
|
||||
* Upstream app repository: https://git.dotclear.org/dev/dotclear
|
||||
* YunoHost website: https://yunohost.org/
|
||||
|
||||
---
|
||||
|
@ -56,7 +63,3 @@ sudo yunohost app install https://github.com/YunoHost-Apps/dotclear2_ynh/tree/te
|
|||
or
|
||||
sudo yunohost app upgrade dotclear2 -u https://github.com/YunoHost-Apps/dotclear2_ynh/tree/testing --debug
|
||||
```
|
||||
|
||||
# TODO
|
||||
|
||||
- Add change url
|
||||
|
|
|
@ -1,42 +1,51 @@
|
|||
<?php
|
||||
class myDcAuth extends dcAuth
|
||||
class ldapDcAuth extends dcAuth
|
||||
{
|
||||
# The user can't change his password
|
||||
protected $allow_pass_change = false;
|
||||
|
||||
public function checkUser($user_id, $pwd=null, $user_key=null, $check_blog=true)
|
||||
# LDAP parameter
|
||||
private $server = "localhost";
|
||||
private $port = "389";
|
||||
private $base = "dc=yunohost,dc=org";
|
||||
|
||||
public function checkUser($user_id, $pwd=null, $user_key=null)
|
||||
{
|
||||
if ($pwd == '') {
|
||||
return parent::checkUser($user_id, null, $user_key, $check_blog);
|
||||
return parent::checkUser($user_id, null, $user_key);
|
||||
}
|
||||
|
||||
$this->con->begin();
|
||||
$cur = $this->con->openCursor($this->user_table);
|
||||
|
||||
# LDAP parameter
|
||||
$server = "localhost";
|
||||
$port = "389";
|
||||
$racine = "dc=yunohost,dc=org";
|
||||
|
||||
# LDAP connection
|
||||
$ds=ldap_connect($server);
|
||||
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
if (ldap_bind($ds,"uid=".$user_id.",ou=users,dc=yunohost,dc=org",$pwd))
|
||||
$ds = ldap_connect("ldap://".$this->server.":".$this->port);
|
||||
if ($ds)
|
||||
{
|
||||
# Store the password
|
||||
$cur->user_pwd = $pwd;
|
||||
ldap_set_option ($ds, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
|
||||
if (ldap_bind($ds, "uid=".$user_id.",ou=users,".$this->base, $pwd))
|
||||
{
|
||||
# search the user in ldap, and get infos
|
||||
$filter="(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";
|
||||
$sr=ldap_search($ds,$racine, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$filter = "(&(|(objectclass=posixAccount))(uid=".$user_id.")(permission=cn=__APP__.admin,ou=permission,".$this->base."))";
|
||||
$sr = ldap_search($ds, $this->base, $filter, array("dn", "cn", "sn", "mail", "givenname")); # /!\ fields have to be in lowercase
|
||||
$info = ldap_get_entries($ds, $sr);
|
||||
|
||||
if ($info["count"] == 1)
|
||||
{
|
||||
$this->con->begin();
|
||||
$cur = $this->con->openCursor($this->user_table);
|
||||
# Store the password
|
||||
$cur->user_pwd = $pwd;
|
||||
|
||||
# Store informations about the user
|
||||
$cur->user_id = $user_id;
|
||||
$cur->user_email = $info[0]['mail'][0];
|
||||
$cur->user_name = $info[0]['sn'][0];
|
||||
$cur->user_firstname = $info[0]['givenname'][0];
|
||||
$cur->user_displayname = $info[0]['cn'][0];
|
||||
|
||||
# If the user exist, then we just update his password.
|
||||
if ($this->core->userExists($user_id))
|
||||
{
|
||||
$this->sudo(array($this->core,'updUser'),$user_id,$cur);
|
||||
$this->sudo(array($this->core, 'updUser'), $user_id, $cur);
|
||||
}
|
||||
# If not, we create him.
|
||||
# In order for him to connect,
|
||||
|
@ -44,14 +53,10 @@ class myDcAuth extends dcAuth
|
|||
# a permission "usage" on the blog "default".
|
||||
else
|
||||
{
|
||||
$cur->user_id = $user_id;
|
||||
$cur->user_email = $info[0]['mail'][0];
|
||||
$cur->user_name = $info[0]['givenname'][0];
|
||||
$cur->user_firstname = $info[0]['sn'][0];
|
||||
$cur->user_lang = 'fr'; # Can change this, PR are welcome
|
||||
$cur->user_tz = 'Europe/Paris'; # Can change this, PR are welcome
|
||||
$cur->user_default_blog = 'default'; # Can change this, PR are welcome
|
||||
$this->sudo(array($this->core,'addUser'),$cur);
|
||||
$this->sudo(array($this->core,'addUser'), $cur);
|
||||
# Possible roles:
|
||||
#admin "administrator"
|
||||
#usage "manage their own entries and comments"
|
||||
|
@ -63,14 +68,15 @@ class myDcAuth extends dcAuth
|
|||
#media_admin "manage all media items"
|
||||
#pages "manage pages"
|
||||
#blogroll "manage blogroll"
|
||||
$this->sudo(array($this->core,'setUserBlogPermissions'),$user_id,'default',array('usage'=>true)); # Can change this, PR are welcome
|
||||
$this->sudo(array($this->core, 'setUserBlogPermissions'), $user_id, 'default', array('usage'=>true)); # Can change this, PR are welcome
|
||||
}
|
||||
$this->con->commit();
|
||||
}
|
||||
|
||||
# The previous operations proceeded without error,
|
||||
# we can now call the parent method
|
||||
return parent::checkUser($user_id, $pwd, $user_key, $check_blog);
|
||||
return parent::checkUser($user_id, $pwd);
|
||||
}
|
||||
}
|
||||
}
|
||||
# In case of error we cancel and return "false"
|
||||
$this->con->rollback();
|
||||
|
|
22
pull_request_template.md
Normal file
22
pull_request_template.md
Normal file
|
@ -0,0 +1,22 @@
|
|||
## Problem
|
||||
- *Description of why you made this PR*
|
||||
|
||||
## Solution
|
||||
- *And how you fix that problem*
|
||||
|
||||
## PR Status
|
||||
- [ ] Code finished.
|
||||
- [ ] Tested with Package_check.
|
||||
- [ ] Fix or enhancement tested.
|
||||
- [ ] Upgrade from last version tested.
|
||||
- [ ] Can be reviewed and tested.
|
||||
|
||||
## Validation
|
||||
---
|
||||
- [ ] **Code review** :
|
||||
- [ ] **Approval (LGTM)** :
|
||||
*Code review and approval have to be from a member of @YunoHost-Apps/apps-group*
|
||||
- **CI succeeded** :
|
||||
[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/dotclear2_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/dotclear2_ynh%20PR-NUM-/)
|
||||
*Please replace '-NUM-' in this link by the PR number.*
|
||||
When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.
|
|
@ -58,6 +58,14 @@ ynh_script_progression --message="Backing up the MySQL database..."
|
|||
|
||||
ynh_mysql_dump_db --database="$db_name" > db.sql
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up fail2ban configuration..."
|
||||
|
||||
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
@ -128,8 +128,8 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
|
|||
|
||||
cat << EOF >> $php_config
|
||||
|
||||
\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||
define('DC_AUTH_CLASS','myDcAuth');
|
||||
\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||
define('DC_AUTH_CLASS','ldapDcAuth');
|
||||
EOF
|
||||
|
||||
ynh_store_file_checksum --file=$php_config
|
||||
|
@ -162,6 +162,22 @@ ynh_local_curl $installUrl "u_email=$email" "u_firstname=$firstname" "u_name=$la
|
|||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
#=================================================
|
||||
|
||||
# Set permissions to app files
|
||||
chown -R root: $final_path
|
||||
chown -R $app $final_path/{public,cache,themes,plugins}
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring fail2ban..."
|
||||
|
||||
# Create a dedicated fail2ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
|
|
|
@ -65,6 +65,14 @@ ynh_script_progression --message="Removing the dedicated system user..."
|
|||
# Delete a system user
|
||||
ynh_system_user_delete --username=$app
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing fail2ban configuration..."
|
||||
|
||||
# Remove the dedicated fail2ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
|
|
@ -68,7 +68,8 @@ ynh_system_user_create --username=$app
|
|||
#=================================================
|
||||
|
||||
# Restore permissions on app files
|
||||
chown -R $app: $final_path
|
||||
chown -R root: $final_path
|
||||
chown -R $app $final_path/{public,cache,themes,plugins}
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE PHP-FPM CONFIGURATION
|
||||
|
@ -76,6 +77,15 @@ chown -R $app: $final_path
|
|||
|
||||
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the fail2ban configuration..."
|
||||
|
||||
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_systemd_action --action=restart --service_name=fail2ban
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
|
|
|
@ -163,8 +163,8 @@ ynh_replace_string "__APP__" "$app" $final_path/inc/class.auth.ldap.php
|
|||
|
||||
cat << EOF >> $php_config
|
||||
|
||||
\$__autoload['myDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||
define('DC_AUTH_CLASS','myDcAuth');
|
||||
\$__autoload['ldapDcAuth'] = dirname(__FILE__).'/class.auth.ldap.php';
|
||||
define('DC_AUTH_CLASS','ldapDcAuth');
|
||||
EOF
|
||||
|
||||
# Recalculate and store the checksum of the file for the next upgrade.
|
||||
|
@ -177,7 +177,16 @@ ynh_store_file_checksum --file=$php_config
|
|||
#=================================================
|
||||
|
||||
# Set permissions on app files
|
||||
chown -R $app: $final_path
|
||||
chown -R root: $final_path
|
||||
chown -R $app $final_path/{public,cache,themes,plugins}
|
||||
|
||||
#=================================================
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring fail2ban..."
|
||||
|
||||
# Create a dedicated fail2ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Invalid credentials in $final_path/inc/class.auth.ldap.php .* client: <HOST>, .*https://$domain${path_url%/}/admin/auth.php"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
|
@ -189,6 +198,18 @@ if ! ynh_permission_exists --permission "admin"; then
|
|||
ynh_permission_create --permission "admin" --url "/admin" --allowed $admin
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# UPDATING DATABASE
|
||||
#=================================================
|
||||
|
||||
ynh_permission_update --permission "admin" --add "visitors"
|
||||
|
||||
# Navigate to the admin panel to upgrade the database: https://dotclear.org/documentation/2.0/admin/upgrades
|
||||
adminUrl="/admin/auth.php"
|
||||
ynh_local_curl $adminUrl
|
||||
|
||||
ynh_permission_update --permission "admin" --remove "visitors"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue