From 9cbb6291542d1f68085d985e72c2071f31abbadd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 26 Oct 2022 22:51:40 +0200 Subject: [PATCH] Add more security as default --- conf/config.json.example | 5 +++-- config_panel.toml.example | 24 ++++++++++++++++++++++++ scripts/install | 5 +++++ scripts/upgrade | 13 +++++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 config_panel.toml.example diff --git a/conf/config.json.example b/conf/config.json.example index 5b9bfe1..96ddbfb 100644 --- a/conf/config.json.example +++ b/conf/config.json.example @@ -8,10 +8,11 @@ "useCDN": false, "allowGravatar": false, "allowFreeURL": false, + "allowAnonymous": __ALLOW_ANONYMOUS__, "allowAnonymousEdits": true, "defaultPermission": "locked", "email": true, - "allowEmailRegister": true, + "allowEmailRegister": __ALLOW_EMAIL_REGISTRATION__, "imageUploadType": "filesystem", "tooBusyLag": 1000, "hsts": { @@ -54,6 +55,6 @@ "usernameField": "cn", "useridField": "uid", "providerName": "YunoHost" - } + }, } } diff --git a/config_panel.toml.example b/config_panel.toml.example new file mode 100644 index 0000000..e784143 --- /dev/null +++ b/config_panel.toml.example @@ -0,0 +1,24 @@ +version = "1.0" + +[main] +name = "HedgeDoc configuration" + + [main.config] + name = "Configuration Options" + + [main.config.allow_anonymous] + ask = "Allow anonymous usage" + type = "boolean" + yes = "true" + no = "false" + help = "Set to allow anonymous usage (default is true)." + bind = "allow_anonymous:__FINALPATH__/config.json" + + [main.config.allow_email_registration] + ask = "Allow email registration" + type = "boolean" + yes = "true" + no = "false" + help = "Set to allow registration of new accounts using an email address. If set to false, you can still create accounts using the command line." + bind = "allow_email_registration:__FINALPATH__/config.json" + diff --git a/scripts/install b/scripts/install index 6b71a53..a023b35 100644 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,9 @@ is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME +allow_anonymous=false +allow_email_registration=false + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -47,6 +50,8 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=allow_anonymous --value=$allow_anonymous +ynh_app_setting_set --app=$app --key=allow_email_registration --value=$allow_email_registration #================================================= # STANDARD MODIFICATIONS diff --git a/scripts/upgrade b/scripts/upgrade index 4041836..d0f97ad 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,6 +24,9 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +allow_anonymous=$(ynh_app_setting_get --app=$app --key=allow_anonymous) +allow_email_registration=$(ynh_app_setting_get --app=$app --key=allow_email_registration) + #================================================= # CHECK VERSION #================================================= @@ -35,6 +38,16 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +if [ -z "$allow_anonymous" ]; then + allow_anonymous="false" + ynh_app_setting_set --app=$app --key=allow_anonymous --value=$allow_anonymous +fi + +if [ -z "$allow_email_registration" ]; then + allow_email_registration="false" + ynh_app_setting_set --app=$app --key=allow_email_registration --value=$allow_email_registration +fi + # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all