2023-01-11 10:32:49 +01:00
#!/bin/bash
2023-01-05 14:48:22 +01:00
#=================================================
2023-01-11 10:32:49 +01:00
# SET ALL CONSTANTS
2023-01-05 14:48:22 +01:00
#=================================================
2023-06-25 18:48:03 +02:00
function set_forgejo_login_source( ) {
2023-07-05 16:20:06 +02:00
ynh_print_info --message= "Creating forgejo login source"
2023-06-25 18:48:03 +02:00
pushd " $install_dir "
2024-05-04 01:24:34 +02:00
ynh_exec_as " $app " ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter " (&(objectclass=posixAccount)(uid=%s)(permission=cn= $app .main,ou=permission,dc=yunohost,dc=org)) " --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail"
2023-06-25 18:48:03 +02:00
popd
2023-07-05 16:20:06 +02:00
}
function enable_login_source_sync( ) {
ynh_print_info --message= "Set forgejo login source as synchronizable"
# Enable login source synchronisation manualy because forgejo command does not allow it (https://codeberg.org/forgejo/forgejo/issues/952)
2024-05-04 01:24:34 +02:00
ynh_psql_execute_as_root --database " $db_name " --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'"
2023-07-05 16:20:06 +02:00
}
function create_forgejo_api_user( ) {
ynh_print_info --message= "Creating forgejo api user"
forgejo_api_user = yunohost_api
forgejo_api_pwd = $( ynh_string_random --length= 24)
2024-05-04 01:24:34 +02:00
ynh_app_setting_set --app= " $app " --key= forgejo_api_user --value= " $forgejo_api_user "
ynh_app_setting_set --app= " $app " --key= forgejo_api_pwd --value= " $forgejo_api_pwd "
2023-07-05 16:20:06 +02:00
pushd " $install_dir "
2024-05-04 01:24:34 +02:00
ynh_exec_as " $app " ./forgejo admin user create --username " $forgejo_api_user " --password " $forgejo_api_pwd " --email " admin@ ${ domain } " --admin --must-change-password= false
forgejo_api_token = $( ynh_exec_as " $app " ./forgejo admin user generate-access-token --username " $forgejo_api_user " --token-name "admin" --scopes "write:admin" --raw | tail -1)
ynh_app_setting_set --app= " $app " --key= forgejo_api_token --value= " $forgejo_api_token "
2023-07-05 16:20:06 +02:00
popd
}
function set_users_login_source( ) {
# Previously created users have «Local» login source. It should be «YunoHost LDAP»
for username in $( ynh_user_list) ; do
ynh_print_info --message= " Updating forgejo user login type for ${ username } "
2024-05-04 01:24:34 +02:00
ynh_psql_execute_as_root --database " $db_name " --sql " update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = ' ${ username } ' "
2023-07-05 16:20:06 +02:00
done
}
function synchronize_users( ) {
ynh_print_info --message= "Synchronizing forgejo users"
2024-01-25 20:45:22 +01:00
# Fetch the token independently such that it's redacted by Yunohost logging mechanism
2024-05-04 01:24:34 +02:00
forgejo_api_token = $( ynh_app_setting_get --app= " $app " --key= forgejo_api_token)
2024-01-25 20:38:30 +01:00
# Remove trailing slash from path
local no_trailing_slash_path = ${ path %/ }
2023-07-05 16:20:06 +02:00
# User synchronization must be launched using API : no cli exists for this purpose (https://codeberg.org/forgejo/forgejo/issues/953)
2024-05-04 01:24:34 +02:00
curl --url " https:// ${ domain } ${ no_trailing_slash_path } /api/v1/admin/cron/sync_external_users " -X POST -H " Authorization: token $forgejo_api_token " -kfsS
2024-01-25 20:45:22 +01:00
}
