From 5bc9f14151ab1c95930558cb17fb35598663441d Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 26 Feb 2021 14:41:11 +0100 Subject: [PATCH 1/9] Update READMEs, add French readme --- README.md | 6 ++--- README_fr.md | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 3 deletions(-) create mode 100644 README_fr.md diff --git a/README.md b/README.md index 5da2391..a94a809 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview HumHub is a feature rich and highly flexible OpenSource Social Network Kit written in PHP. -**Shipped version:** 1.0 +**Shipped version:** 1.7.2 ## Screenshots @@ -27,7 +27,7 @@ How to configure this app: From an admin panel, a plain file with SSH, or any ot ## Documentation - * Official documentation: Link to the official documentation of this app + * Official documentation: https://docs.humhub.org * YunoHost documentation: If specific documentation is needed, feel free to contribute. ## YunoHost specific features @@ -57,7 +57,7 @@ https://yunohost.org/packaging_apps * Report a bug: https://github.com/YunoHost-Apps/humhub_ynh/issues * App website: https://www.humhub.org/ - * Upstream app repository: Link to the official repository of the upstream app. + * Upstream app repository: https://github.com/humhub/humhub * YunoHost website: https://yunohost.org/ --- diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..a38b1fc --- /dev/null +++ b/README_fr.md @@ -0,0 +1,76 @@ +# HumHub pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/humhub.svg)](https://dash.yunohost.org/appci/app/humhub) ![](https://ci-apps.yunohost.org/ci/badges/humhub.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/humhub.maintain.svg) +[![Installer humhub avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=humhub) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer HumHub rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* + +## Vue d'ensemble +HumHub est un logiciel libre de réseau social fait pour faciliter la communication et la collaboration. + +Il est léger, puissant et possède une interface agréable. Avec HumHub, vous pouvez créer votre propre réseau social personnalisé. + +**Version incluse :** 1.7.2 + +## Captures d'écran + +![](Lien vers une capture d'écran de cette application.) + +## Démo + +* [Démo officielle](Lien vers un site de démonstration de cette application.) + +## Configuration + +Comment configurer cette application : via le panneau d'administration, un fichier brut en SSH ou tout autre moyen. + +## Documentation + + * Documentation officielle : https://docs.humhub.org + * Documentation YunoHost : Si une documentation spécifique est nécessaire, n'hésitez pas à contribuer. + +## Caractéristiques spécifiques YunoHost + +#### Support multi-utilisateur + +* L'authentification LDAP et HTTP est-elle prise en charge ? +* L'application peut-elle être utilisée par plusieurs utilisateurs ? + +#### Architectures supportées + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/humhub/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/humhub/) + +## Limitations + +* Limitations connues. + +## Informations additionnelles + +* Autres informations que vous souhaitez ajouter sur cette application. + +**Plus d'informations sur la page de documentation :** +https://yunohost.org/packaging_apps + +## Liens + + * Signaler un bug : https://github.com/YunoHost-Apps/humhub_ynh/issues + * Site de l'application : https://www.humhub.org/ + * Dépôt de l'application principale : https://github.com/humhub/humhub + * Site web YunoHost : https://yunohost.org/ + +--- + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/humhub_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug +ou +sudo yunohost app upgrade humhub -u https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug +``` From 05a4a5a9d3b31f78ca2c9c15b230c865d9b33066 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Mon, 1 Mar 2021 09:43:17 +0100 Subject: [PATCH 2/9] Make installation work - Use vendored source - Update LDAP settings - Update nginx config - Rename _common(s).sh - Use a CSRF aware local_curl - Remove/update old patches Also trim remove, restore, upgrade and backup scripts --- conf/app.src | 6 +- conf/cron | 2 +- conf/ldap.sql | 36 +- conf/nginx.conf | 33 +- scripts/_common.sh | 79 ++++ scripts/_commons.sh | 21 - scripts/backup | 6 - scripts/install | 199 +++------ scripts/remove | 15 +- scripts/restore | 164 ++++++-- scripts/upgrade | 281 ++++++++++--- sources/fix/AuthClientHelpers.php | 261 ------------ sources/fix/ZendLdapClient.php | 380 ------------------ sources/patches/app-00-no-password-ldap.patch | 13 + sources/version | 2 +- 15 files changed, 542 insertions(+), 956 deletions(-) create mode 100644 scripts/_common.sh delete mode 100644 scripts/_commons.sh delete mode 100644 sources/fix/AuthClientHelpers.php delete mode 100644 sources/fix/ZendLdapClient.php create mode 100644 sources/patches/app-00-no-password-ldap.patch diff --git a/conf/app.src b/conf/app.src index 0e8d690..6a1eea7 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ -SOURCE_URL=https://github.com/humhub/humhub/archive/v1.7.2.tar.gz -SOURCE_SUM=dd02b47f995bace4e03aff4750772abaab205769c75ef9f22904171b7649c689 +SOURCE_URL=https://www.humhub.com/download/package/humhub-1.7.2.tar.gz +SOURCE_SUM=e20e6f8d321a0d5c8907b00465846a4d57432fe386181ca6c73ad27a9967e83a SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=humhub-1.7.2.tar.gz SOURCE_EXTRACT=true diff --git a/conf/cron b/conf/cron index ac9af3a..a0bc207 100644 --- a/conf/cron +++ b/conf/cron @@ -1,2 +1,2 @@ * * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii queue/run >/dev/null 2>&1 -* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii cron/run >/dev/null 2>&1 \ No newline at end of file +* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii cron/run >/dev/null 2>&1 diff --git a/conf/ldap.sql b/conf/ldap.sql index 58820ec..53ff5e7 100644 --- a/conf/ldap.sql +++ b/conf/ldap.sql @@ -1,18 +1,28 @@ -REPLACE INTO setting (`name`, `value`, `module_id`) VALUES -('auth.ldap.enabled', '1', 'user'), -('auth.ldap.hostname', 'localhost', 'user'), -('auth.ldap.port', '389', 'user'), -('auth.ldap.encryption', '', 'user'), -('auth.ldap.username', '', 'user'), -('auth.ldap.password', '', 'user'), -('auth.ldap.baseDn', 'ou=users,dc=yunohost,dc=org', 'user'), -('auth.ldap.loginFilter', '(uid=%s)', 'user'), -('auth.ldap.userFilter', 'objectClass=mailAccount', 'user'), -('auth.ldap.emailAttribute', 'mail', 'user'), -('auth.ldap.usernameAttribute', 'uid', 'user'), -('auth.ldap.refreshUsers', '1', 'user'), +BEGIN; + +DELETE FROM setting WHERE +(`name` = 'auth.anonymousRegistration') OR +(`name` = 'auth.allowGuestAccess') OR +(`name` = 'auth.internalUsersCanInvite'); + +INSERT INTO setting (`name`, `value`, `module_id`) VALUES +('enabled', '1', 'ldap'), +('hostname', 'localhost', 'ldap'), +('port', '389', 'ldap'), +('encryption', '', 'ldap'), +('username', '', 'ldap'), +('password', '', 'ldap'), +('baseDn', 'ou=users,dc=yunohost,dc=org', 'ldap'), +('loginFilter', '(uid=%s)', 'ldap'), +('userFilter', 'objectClass=mailAccount', 'ldap'), +('emailAttribute', 'mail', 'ldap'), +('usernameAttribute', 'uid', 'ldap'), +('idAttribute', 'uid', 'ldap'), +('refreshUsers', '1', 'ldap'), ('auth.anonymousRegistration', '0', 'user'), ('auth.allowGuestAccess', '0', 'user'), ('auth.internalUsersCanInvite', '0', 'user'); UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = '__ADMIN__'; + +COMMIT; diff --git a/conf/nginx.conf b/conf/nginx.conf index 6333bd4..ebb051e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/ ; index index.php; @@ -10,28 +10,29 @@ location __PATH__/ { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock; + + set $fsn /index.php; + if (-f $document_root$fastcgi_script_name){ + set $fsn $fastcgi_script_name; + } + + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param SCRIPT_FILENAME $document_root$fsn; } - location ~ ^__PATH__/(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ { - access_log off; - expires 30d; - add_header Pragma public; - add_header Cache-Control "public, mustrevalidate, proxy-revalidate"; - } + location ~ ^__PATH__/(assets|static|themes|uploads) { + access_log off; + expires 10d; + add_header Cache-Control "public, no-transform"; + } - location = __PATH__/protected { - deny all; - } - - location = __PATH__/uploads/file { - deny all; - } + location ~ ^__PATH__/(protected|framework|themes/\w+/views|\.|uploads/file) { + deny all; + } # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..7123bfb --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,79 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +YNH_PHP_VERSION="7.3" + +extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap" + +#================================================= +# PERSONAL HELPERS +#================================================= + +local_curl_csrf () { + # Define url of page to curl + local local_page=$(ynh_normalize_url_path $1) + local full_path=$path_url$local_page + + if [ "${path_url}" == "/" ]; then + full_path=$local_page + fi + + local full_page_url=https://localhost$full_path + + # Concatenate all other arguments with '&' to prepare POST data + local POST_data="" + local arg="" + for arg in "${@:2}" + do + POST_data="${POST_data}${arg}&" + done + if [ -n "$POST_data" ] + then + # Add --data arg and remove the last character, which is an unecessary '&' + POST_data="--data ${POST_data::-1}" + fi + + # Wait untils nginx has fully reloaded (avoid curl fail with http2) + sleep 2 + + local cookiefile=/tmp/ynh-$app-cookie.txt + touch $cookiefile + chown root $cookiefile + chmod 700 $cookiefile + + # Curl the URL for the CSRF token + local token_line=`curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile | grep 'meta name="csrf-token"'` + + token_line=${token_line##*content=\"} + local csrf=${token_line%%\">*} + POST_data="${POST_data}&_csrf=${csrf}" + + curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile +} + +#Convert --data to --data-urlencode before ynh_local_curl +myynh_urlencode() { + local data + if [[ $# != 1 ]]; then + echo "Usage: $0 string-to-urlencode" + return 1 + fi + data="$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")" + if [[ $? != 3 ]]; then + echo "Unexpected error" 1>&2 + return 2 + fi + echo "${data##/?}" + return 0 +} + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/_commons.sh b/scripts/_commons.sh deleted file mode 100644 index e84d91c..0000000 --- a/scripts/_commons.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -#================================================= -# COMMON VARIABLES -#================================================= - -YNH_PHP_VERSION="7.3" - -extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap" - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/backup b/scripts/backup index 5ea23bb..d01a608 100644 --- a/scripts/backup +++ b/scripts/backup @@ -58,12 +58,6 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # SPECIFIC BACKUP -#================================================= -# BACKUP SYSTEMD -#================================================= - -ynh_backup --src_path="/etc/systemd/system/$app.service" - #================================================= # BACKUP VARIOUS FILES #================================================= diff --git a/scripts/install b/scripts/install index 4da467a..eb8abe1 100644 --- a/scripts/install +++ b/scripts/install @@ -53,22 +53,6 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --time --weight=1 - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --time --weight=1 - -ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE A MYSQL DATABASE #================================================= @@ -116,9 +100,22 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # SPECIFIC SETUP #================================================= -# ... +# SETUP SQL CREDENTIALS #================================================= +ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php" + +#================================================= +# DEACTIVATE DEBUG MODE +#================================================= + +ynh_replace_string --match_string="defined('YII_DEBUG') or define('YII_DEBUG', true);"\ + --replace_string="// defined('YII_DEBUG') or define('YII_DEBUG', true);"\ + --target_file="$final_path/index.php" +ynh_replace_string --match_string="defined('YII_ENV') or define('YII_ENV', 'dev');"\ + --replace_string="// defined('YII_ENV') or define('YII_ENV', 'dev');"\ + --target_file="$final_path/index.php" + #================================================= # SETUP APPLICATION WITH CURL #================================================= @@ -143,7 +140,36 @@ ynh_systemd_action --service_name=nginx --action=reload # Installation with curl ynh_script_progression --message="Finalizing installation..." --time --weight=1 -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" + +admin_temp_pass=$(ynh_string_random 6) +admin_email=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail) +admin_firstname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname) +admin_lastname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname) + +ynh_local_curl "/index.php?r=installer/index/go" + +local_curl_csrf "/index.php?r=installer/config/basic" \ + "ConfigBasicForm[name]=YunoHost" + +local_curl_csrf "/index.php?r=installer/config/use-case" \ + "UseCaseForm[useCase]=" \ + "UseCaseForm[useCase]=other" + +local_curl_csrf "/index.php?r=installer/config/admin" \ + `myynh_urlencode "User[username]=$admin"` \ + `myynh_urlencode "User[email]=$admin_email"` \ + `myynh_urlencode "Password[newPassword]=$admin_temp_pass"` \ + `myynh_urlencode "Password[newPasswordConfirm]=$admin_temp_pass"` \ + `myynh_urlencode "Profile[firstname]=${admin_firstname}"` \ + `myynh_urlencode "Profile[lastname]=${admin_lastname}"` \ + "save" + +local_curl_csrf "/index.php?r=installer/config/sample-data" \ + "SampleDataForm[sampleData]=0" + +# Populate the LDAP parameters +sed -i "s@__ADMIN__@$admin@g" ../conf/ldap.sql +mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql # Remove the public access ynh_permission_update --permission="main" --remove="visitors" @@ -152,10 +178,6 @@ ynh_permission_update --permission="main" --remove="visitors" # MODIFY A CONFIG FILE #================================================= -ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php" - -ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" - #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= @@ -165,7 +187,7 @@ ynh_replace_string --match_string="match_string" --replace_string="replace_strin ### you can make a backup of this file before modifying it again if the admin had modified it. # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$final_path/CONFIG_FILE" +ynh_store_file_checksum --file="$final_path/protected/config/common.php" #================================================= # GENERIC FINALIZATION @@ -174,70 +196,19 @@ ynh_store_file_checksum --file="$final_path/CONFIG_FILE" #================================================= # Set permissions to app files -chown -R www-data: $final_path +chown -R root: $final_path + +chown -R $app $final_path/assets +chown -R $app $final_path/protected/config +chown -R $app $final_path/protected/modules +chown -R $app $final_path/protected/runtime +chown -R $app $final_path/uploads/* #================================================= -# SETUP LOGROTATE +# SETUP CRON CONFIGURATION #================================================= -ynh_script_progression --message="Configuring log rotation..." --time --weight=1 -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 - -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -### Additional options starting with 3.8: -### -### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed -### which will then be checked by YunoHost's diagnosis system -### (N.B. DO NOT USE THIS is the port is only internal!!!) -### -### --test_status "some command" a custom command to check the status of the service -### (only relevant if 'systemctl status' doesn't do a good job) -### -### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service -### -### Re-calling 'yunohost service add' during the upgrade script is the right way -### to proceed if you later realize that you need to enable some flags that -### weren't enabled on old installs (be careful it'll override the existing -### service though so you should re-provide all relevant flags when doing so) - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 - -### `ynh_systemd_action` is used to start a systemd service for an app. -### Only needed if you have configure a systemd service -### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script - -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}" #================================================= # SETUP SSOWAT @@ -262,65 +233,3 @@ ynh_systemd_action --service_name=nginx --action=reload #================================================= ynh_script_progression --message="Installation of $app completed" --last - - - - - -# Hotfixes - # Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 - sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php - # Fix to allow passwordless LDAP login - sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php - sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php - sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php - - - -# Set permissions to app files - sudo chown -R www-data: $src_path - -# Cron - echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron - echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron - sudo mv cron /etc/cron.d/${app} - sudo chown root /etc/cron.d/${app} - - -# Install - # Disable SSO - ynh_app_setting_set "$app" unprotected_uris "/" - sudo yunohost app ssowatconf - - # Install with CURL - admin_temp_pass=$(ynh_string_random 6) - admin_email=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail) - admin_firstname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname) - admin_lastname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname) - - ynh_local_curl "/index.php?r=installer/index/go" "go" - - ynh_local_curl "/index.php?r=installer/config/basic" \ - "ConfigBasicForm[name]=YunoHost" - - ynh_local_curl "/index.php?r=installer/config/use-case" \ - "UseCaseForm[useCase]=" \ - "UseCaseForm[useCase]=other" - - ynh_local_curl "/index.php?r=installer/config/admin" \ - "User[username]=$admin" \ - "User[email]=$admin_email" \ - "Password[newPassword]=$admin_temp_pass" \ - "Password[newPasswordConfirm]=$admin_temp_pass" \ - "Profile[firstname]=$admin_firstname" \ - "Profile[lastname]=$admin_lastname" \ - "save" - - ynh_local_curl "/index.php?r=installer/config/sample-data" \ - "SampleDataForm[sampleData]=0" - - # Populate the LDAP parameters - sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/ldap.sql - mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql - - diff --git a/scripts/remove b/scripts/remove index 9b4acfd..618b90f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -24,17 +24,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST -#================================================= - -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." --time --weight=1 - yunohost service remove $app -fi - #================================================= # REMOVE THE MYSQL DATABASE #================================================= @@ -80,13 +69,11 @@ ynh_remove_fpm_config #================================================= # REMOVE VARIOUS FILES #================================================= +ynh_script_progression --message="Removing CRON configuration..." --time --weight=1 # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" -# Remove the log files -ynh_secure_remove --file="/var/log/$app/" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 9cc7bc9..d12fad9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,42 +1,148 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -# Source YunoHost helpers - source /usr/share/yunohost/helpers +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -# Retrieve old app settings - domain=$(ynh_app_setting_get "$app" domain) - path=$(ynh_app_setting_get "$app" path) +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -# Check domain/path availability - sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " -# Restore sources & data - src_path="/var/www/${app}" - sudo cp -a ./sources "$src_path" - sudo cp -a ./cron "/etc/cron.d/${app}" +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -# Restore permissions to app files - sudo chown -R www-data: $src_path +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -# MySQL - dbname=$app - dbuser=$app - dbpass=$(ynh_app_setting_get "$app" mysqlpwd) - ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" - ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 -# Restore NGINX configuration - sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_restore_file --origin_path="$final_path" -# Restore PHP-FPM configuration - sudo cp -a ./php-fpm.conf "/etc/php5/fpm/pool.d/${app}.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 -# Restart services - sudo service php5-fpm reload - sudo service nginx reload +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root: $final_path + +chown -R $app $final_path/assets +chown -R $app $final_path/protected/config +chown -R $app $final_path/protected/modules +chown -R $app $final_path/protected/runtime +chown -R $app $final_path/uploads/* + +# This file contains the db password +chmod g-rwx o-rwx $final_path/protected/config/dynamic.php + + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" + +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 + +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 + +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql + +#================================================= +# RESTORE VARIOUS FILES +#================================================= + +ynh_restore_file --origin_path="/etc/cron.d/$app" + +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 + +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --time --last diff --git a/scripts/upgrade b/scripts/upgrade index cf226ee..82dd48f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,83 +1,232 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -version=$(cat ../sources/version) -source='https://sourceforge.net/projects/humhub/files/' -# Source YunoHost helpers - source /usr/share/yunohost/helpers +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +language=$(ynh_app_setting_get --app=$app --key=language) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) -# Retrieve app settings - domain=$(ynh_app_setting_get "$app" domain) - path=$(ynh_app_setting_get "$app" path) - dbuser=$app - dbname=$app - dbpass=$(ynh_app_setting_get "$app" mysqlpwd) - src_path=/var/www/$app +#================================================= +# CHECK VERSION +#================================================= -# Correct path: puts a / at the start and nothing at the end - if [ "${path:0:1}" != "/" ]; then - path="/$path" - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then - path="${path:0:${#path}-1}" - fi +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. +upgrade_type=$(ynh_check_app_version_changed) -# Copy source files - sudo mv "$src_path" "$src_path.old" - sudo mkdir -p $src_path - sudo wget -q "${source}humhub-${version}.zip/download" -O humhub-${version}.zip - sudo unzip -qq humhub-${version}.zip - sudo cp -a humhub-$version/. $src_path +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 -# Restore files - sudo cp -a "$src_path.old/uploads/." "$src_path/uploads/." - sudo cp -a "$src_path.old/protected/runtime" "$src_path/protected/runtime" - sudo cp -a "$src_path.old/protected/config/." "$src_path/protected/config/" - sudo cp -a "$src_path.old/protected/modules/." "$src_path/protected/modules/" - sudo cp -a "$src_path.old/themes/." "$src_path/themes/" +# +# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* +# of what you may want to do in some cases (e.g. a setting was not defined on +# some legacy installs and you therefore want to initiaze stuff during upgrade) +# -# Hotfixes - # Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 - sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php - # Fix to allow passwordless LDAP login - sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php - sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php - sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php +# If db_name doesn't exist, create it +#if [ -z "$db_name" ]; then +# db_name=$(ynh_sanitize_dbid --db_name=$app) +# ynh_app_setting_set --app=$app --key=db_name --value=$db_name +#fi -# Set permissions to app files - sudo chown -R www-data: $src_path +# If final_path doesn't exist, create it +#if [ -z "$final_path" ]; then +# final_path=/var/www/$app +# ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#fi -# Upgrade - sudo sudo -u www-data php $src_path/protected/yii migrate/up --includeModuleMigrations=1 --interactive=0 > /dev/null 2>&1 +### If nobody installed your app before 4.1, +### then you may safely remove these lines -# Upgrade cron - echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron - echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron - sudo mv cron /etc/cron.d/${app} - sudo chown root /etc/cron.d/${app} +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all -# Modify Nginx configuration file and copy it to Nginx conf directory - nginx_conf=../conf/nginx.conf - sed -i "s@YNH_WWW_PATH@${path:-/}@g" $nginx_conf - sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf - sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf - sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf + ynh_app_setting_delete --app=$app --key=is_public +fi -# PHP - sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf - sed -i "s@YNH_WWW_ALIAS@$src_path/@g" ../conf/php-fpm.conf - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo chown root: $finalphpconf - sudo chmod 644 $finalphpconf +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +fi -# Reload nginx service - sudo service php5-fpm reload - sudo service nginx reload +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true" +fi -# Delete old source - sudo rm -rf "$src_path.old" +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Deactivate cron jobs +ynh_secure_remove --file="/etc/cron.d/$app" + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --time --weight=1 + + # Backup user contents + mv "$final_path" "$final_path.old" + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" + + # Restore user contents + cp -a "$final_path.old/uploads/." "$final_path/uploads/." + cp -a "$final_path.old/protected/runtime" "$final_path/protected/runtime" + cp -a "$final_path.old/protected/config/." "$final_path/protected/config/" + cp -a "$final_path.old/protected/modules/." "$final_path/protected/modules/" + cp -a "$final_path.old/themes/." "$final_path/themes/" + + # Delete old source + rm -rf "$final_path.old" +fi + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# APPLY LDAP PATCHES +#================================================= +ynh_script_progression --message="Applying LDAP patches..." --time --weight=1 + +# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 +# Fix to allow passwordless LDAP login + +#================================================= +# REINSTALL CRONTAB +#================================================= +ynh_script_progression --message="Upgrading crontab..." --time --weight=1 + +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}" + +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. +### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. +# ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" + +# ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" + +# Recalculate and store the checksum of the file for the next upgrade. +# ynh_store_file_checksum --file="$final_path/CONFIG_FILE" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions on app files +chown -R root: $final_path + +chown -R $app $final_path/assets +chown -R $app $final_path/protected/config +chown -R $app $final_path/protected/modules +chown -R $app $final_path/protected/runtime +chown -R $app $final_path/uploads/* + +# This file contains the db password +chmod g-rwx o-rwx $final_path/protected/config/dynamic.php + +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --time --last diff --git a/sources/fix/AuthClientHelpers.php b/sources/fix/AuthClientHelpers.php deleted file mode 100644 index 9e0766b..0000000 --- a/sources/fix/AuthClientHelpers.php +++ /dev/null @@ -1,261 +0,0 @@ -getUserAttributes(); - - if ($authClient instanceof interfaces\PrimaryClient) { - /** - * @var interfaces\PrimaryClient $authClient - */ - return User::findOne([ - $authClient->getUserTableIdAttribute() => $attributes['id'], - 'auth_mode' => $authClient->getId() - ]); - } - - $auth = Auth::find()->where(['source' => $authClient->getId(), 'source_id' => $attributes['id']])->one(); - if ($auth !== null) { - return $auth->user; - } - } - - /** - * Stores an authClient to an user record - * - * @param \yii\authclient\BaseClient $authClient - * @param User $user - */ - public static function storeAuthClientForUser(ClientInterface $authClient, User $user) - { - $attributes = $authClient->getUserAttributes(); - - if ($authClient instanceof interfaces\PrimaryClient) { - $user->auth_mode = $authClient->getId(); - $user->save(); - } else { - $auth = Auth::findOne(['source' => $authClient->getId(), 'source_id' => $attributes['id']]); - - /** - * Make sure authClient is not double assigned - */ - if ($auth !== null && $auth->user_id != $user->id) { - $auth->delete(); - $auth = null; - } - - - if ($auth === null) { - $auth = new \humhub\modules\user\models\Auth([ - 'user_id' => $user->id, - 'source' => (string) $authClient->getId(), - 'source_id' => (string) $attributes['id'], - ]); - - $auth->save(); - } - } - } - - /** - * Removes Authclient for a user - * - * @param \yii\authclient\BaseClient $authClient - * @param User $user - */ - public static function removeAuthClientForUser(ClientInterface $authClient, User $user) - { - Auth::deleteAll([ - 'user_id' => $user->id, - 'source' => (string) $authClient->getId() - ]); - } - - /** - * Updates (or creates) a user in HumHub using AuthClients Attributes - * This method will be called after login or by cron sync. - * - * @param \yii\authclient\BaseClient $authClient - * @param User $user - * @return boolean succeed - */ - public static function updateUser(ClientInterface $authClient, User $user = null) - { - if ($user === null) { - $user = self::getUserByAuthClient($authClient); - if ($user === null) { - return false; - } - } - - $authClient->trigger(BaseClient::EVENT_UPDATE_USER, new \yii\web\UserEvent(['identity' => $user])); - - if ($authClient instanceof interfaces\SyncAttributes) { - $attributes = $authClient->getUserAttributes(); - foreach ($authClient->getSyncAttributes() as $attributeName) { - if (isset($attributes[$attributeName])) { - if (in_array($attributeName, ['email', 'username'])) { - $user->setAttribute($attributeName, $attributes[$attributeName]); - } else { - $user->profile->setAttribute($attributeName, $attributes[$attributeName]); - } - } else { - if ($user->profile->hasAttribute($attributeName)) { - $user->profile->setAttribute($attributeName, ''); - } - } - } - - if (count($user->getDirtyAttributes()) !== 0 && !$user->save()) { - Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->getErrors(), 1)); - return false; - } - - if (count($user->profile->getDirtyAttributes()) !== 0 && !$user->profile->save()) { - Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->profile->getErrors(), 1)); - return false; - } - } - - return true; - } - - /** - * Automatically creates user by auth client attributes - * - * @param \yii\authclient\BaseClient $authClient - * @return boolean success status - */ - public static function createUser(ClientInterface $authClient) - { - $attributes = $authClient->getUserAttributes(); - - if (!isset($attributes['id'])) { - return false; - } - - // Hotfix for YunoHost. Select the first LDAP email address when there are several in the mail attribute. See https://github.com/humhub/humhub/issues/1949 - if (is_array($attributes['mail'])) { - $attributes['mail'] = $attributes['mail'][0]; - } - if (is_array($attributes['email'])) { - $attributes['email'] = $attributes['email'][0]; - } - - $registration = new \humhub\modules\user\models\forms\Registration(); - $registration->enablePasswordForm = false; - $registration->enableEmailField = true; - - if ($authClient instanceof interfaces\ApprovalBypass) { - $registration->enableUserApproval = false; - } - - unset($attributes['id']); - $registration->getUser()->setAttributes($attributes, false); - $registration->getProfile()->setAttributes($attributes, false); - $registration->getGroupUser()->setAttributes($attributes, false); - - if ($registration->validate() && $registration->register($authClient)) { - return $registration->getUser(); - } - - return null; - } - - /** - * Returns all users which are using an given authclient - * - * @param ClientInterface $authClient - * @return \yii\db\ActiveQuery - */ - public static function getUsersByAuthClient(ClientInterface $authClient) - { - $query = User::find(); - - if ($authClient instanceof interfaces\PrimaryClient) { - $query->where([ - 'auth_mode' => $authClient->getId() - ]); - } else { - $query->where(['user_auth.source' => $authClient->getId()]); - } - - return $query; - } - - /** - * Returns AuthClients used by given User - * - * @param User $user - * @return ClientInterface[] the users authclients - */ - public static function getAuthClientsByUser(User $user) - { - $authClients = []; - - foreach (Yii::$app->authClientCollection->getClients() as $client) { - /** - * @var $client ClientInterface - */ - // Add primary authClient - if ($user->auth_mode == $client->getId()) { - $authClients[] = $client; - } - - // Add additional authClient - foreach ($user->auths as $auth) { - if ($auth->source == $client->getId()) { - $authClients[] = $client; - } - } - } - - return $authClients; - } - - /** - * Returns a list of all synchornized user attributes - * - * @param User $user - * @return array attribute names - */ - public static function getSyncAttributesByUser(User $user) - { - $attributes = []; - foreach (self::getAuthClientsByUser($user) as $authClient) { - if ($authClient instanceof interfaces\SyncAttributes) { - $attributes = array_merge($attributes, $authClient->getSyncAttributes()); - } - } - return $attributes; - } - -} diff --git a/sources/fix/ZendLdapClient.php b/sources/fix/ZendLdapClient.php deleted file mode 100644 index 2e75f09..0000000 --- a/sources/fix/ZendLdapClient.php +++ /dev/null @@ -1,380 +0,0 @@ -idAttribute; - } - - /** - * @inheritdoc - */ - public function getUserTableIdAttribute() - { - return $this->userTableIdAttribute; - } - - /** - * @inheritdoc - */ - public function auth() - { - - $node = $this->getUserNode(); - if ($node !== null) { - $this->setUserAttributes($node->getAttributes()); - return true; - } - - return false; - } - - /** - * @inheritdoc - */ - protected function defaultNormalizeUserAttributeMap() - { - $map = []; - - // Username field - $usernameAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.usernameAttribute'); - if ($usernameAttribute == '') { - $usernameAttribute = 'sAMAccountName'; - } - $map['username'] = strtolower($usernameAttribute); - - // E-Mail field - $emailAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.emailAttribute'); - if ($emailAttribute == '') { - $emailAttribute = 'mail'; - } - $map['email'] = strtolower($emailAttribute); - - // Profile Field Mapping - foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) { - $map[$profileField->internal_name] = strtolower($profileField->ldap_attribute); - } - - return $map; - } - - /** - * @inheritdoc - */ - protected function normalizeUserAttributes($attributes) - { - $normalized = []; - - // Fix LDAP Attributes - foreach ($attributes as $name => $value) { - if (is_array($value) && count($value) == 1 && $name != 'memberof') { - $normalized[$name] = $value[0]; - } else { - $normalized[$name] = $value; - } - } - - if (isset($normalized['objectguid'])) { - $normalized['objectguid'] = \humhub\libs\StringHelper::binaryToGuid($normalized['objectguid']); - } - - // Handle date fields (formats are specified in config) - foreach ($normalized as $name => $value) { - if (isset(Yii::$app->params['ldap']['dateFields'][$name]) && $value != '') { - $dateFormat = Yii::$app->params['ldap']['dateFields'][$name]; - $date = \DateTime::createFromFormat($dateFormat, $value); - - if ($date !== false) { - $normalized[$name] = $date->format('Y-m-d 00:00:00'); - } else { - $normalized[$name] = ""; - } - } - } - return parent::normalizeUserAttributes($normalized); - } - - /** - * @return array list of user attributes - */ - public function getUserAttributes() - { - $attributes = parent::getUserAttributes(); - - // Try to automatically set id and usertable id attribute by available attributes - if ($this->getIdAttribute() === null || $this->getUserTableIdAttribute() === null) { - if (isset($attributes['objectguid'])) { - $this->idAttribute = 'objectguid'; - $this->userTableIdAttribute = 'guid'; - } elseif (isset($attributes['mail'])) { - $this->idAttribute = 'mail'; - $this->userTableIdAttribute = 'email'; - } else { - throw new \yii\base\Exception("Could not automatically determine unique user id from ldap node!"); - } - } - - // Make sure id attributes sits on id attribute key - if (isset($attributes[$this->getIdAttribute()])) { - $attributes['id'] = $attributes[$this->getIdAttribute()]; - } - - // Map usertable id attribute against ldap id attribute - $attributes[$this->getUserTableIdAttribute()] = $attributes[$this->getIdAttribute()]; - - return $attributes; - } - - /** - * Returns Users LDAP Node - * - * @return Node the users ldap node - */ - protected function getUserNode() - { - $dn = $this->getUserDn(); - if ($dn !== '') { - return $this->getLdap()->getNode($dn); - } - - return null; - } - - /** - * Returns the users LDAP DN - * - * @return string the user dn if found - */ - protected function getUserDn() - { - $userName = $this->login->username; - - // Translate given e-mail to username - if (strpos($userName, '@') !== false) { - $user = User::findOne(['email' => $userName]); - if ($user !== null) { - $userName = $user->username; - } - } - - try { - $this->getLdap()->bind($userName, $this->login->password); - return $this->getLdap()->getCanonicalAccountName($userName, Ldap::ACCTNAME_FORM_DN); - } catch (LdapException $ex) { - // User not found in LDAP - } - return ''; - } - - /** - * Returns Zend LDAP - * - * @return \Zend\Ldap\Ldap - */ - public function getLdap() - { - if ($this->_ldap === null) { - $options = array( - 'host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'), - 'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'), - //'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'), - //'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'), - 'username' => '', - 'password' => '', - 'useStartTls' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls'), - 'useSsl' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl'), - 'bindRequiresDn' => true, - 'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'), - 'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter'), - ); - - $this->_ldap = new \Zend\Ldap\Ldap($options); - $this->_ldap->bind(); - } - - return $this->_ldap; - } - - /** - * Sets an Zend LDAP Instance - * - * @param \Zend\Ldap\Ldap $ldap - */ - public function setLdap(\Zend\Ldap\Ldap $ldap) - { - $this->_ldap = $ldap; - } - - /** - * @inheritdoc - */ - public function getSyncAttributes() - { - $attributes = ['username', 'email']; - - foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) { - $attributes[] = $profileField->internal_name; - } - - return $attributes; - } - - /** - * Refresh ldap users - * - * New users (found in ldap) will be automatically created if all required fiélds are set. - * Profile fields which are bind to LDAP will automatically updated. - */ - public function syncUsers() - { - if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) { - return; - } - - $userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter'); - $baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'); - try { - $ldap = $this->getLdap(); - - $userCollection = $ldap->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB); - - $authClient = null; - $ids = []; - foreach ($userCollection as $attributes) { - $authClient = clone $this; - $authClient->init(); - $authClient->setUserAttributes($attributes); - $attributes = $authClient->getUserAttributes(); - - $user = AuthClientHelpers::getUserByAuthClient($authClient); - if ($user === null) { - if (!AuthClientHelpers::createUser($authClient)) { - Yii::warning('Could not automatically create LDAP user - check required attributes! (' . print_r($attributes, 1) . ')'); - } - } else { - AuthClientHelpers::updateUser($authClient, $user); - } - - $ids[] = $attributes['id']; - } - - /** - * Since userTableAttribute can be automatically set on user attributes - * try to take it from initialized authclient instance. - */ - $userTableIdAttribute = $this->getUserTableIdAttribute(); - if ($authClient !== null) { - $userTableIdAttribute = $authClient->getUserTableIdAttribute(); - } - - foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) { - $foundInLdap = in_array($user->getAttribute($userTableIdAttribute), $ids); - // Enable disabled users that have been found in ldap - if ($foundInLdap && $user->status === User::STATUS_DISABLED) { - $user->status = User::STATUS_ENABLED; - $user->save(); - Yii::info('Enabled user' . $user->username . ' (' . $user->id . ') - found in LDAP!'); - // Disable users that were not found in ldap - } elseif (!$foundInLdap && $user->status !== User::STATUS_DISABLED) { - $user->status = User::STATUS_DISABLED; - $user->save(); - Yii::warning('Disabled user' . $user->username . ' (' . $user->id . ') - not found in LDAP!'); - } - } - } catch (\Zend\Ldap\Exception\LdapException $ex) { - Yii::error('Could not connect to LDAP instance: ' . $ex->getMessage()); - } catch (\Exception $ex) { - Yii::error('An error occurred while user sync: ' . $ex->getMessage()); - } - } - - /** - * Checks if LDAP is supported - */ - public static function isLdapAvailable() - { - if (!class_exists('Zend\Ldap\Ldap')) { - return false; - } - - if (!function_exists('ldap_bind')) { - return false; - } - - return true; - } - -} diff --git a/sources/patches/app-00-no-password-ldap.patch b/sources/patches/app-00-no-password-ldap.patch new file mode 100644 index 0000000..645e65f --- /dev/null +++ b/sources/patches/app-00-no-password-ldap.patch @@ -0,0 +1,13 @@ +diff --git a/protected/humhub/modules/ldap/models/LdapSettings.php b/protected/humhub/modules/ldap/models/LdapSettings.php +index e6402e8b3..3b653d590 100644 +--- a/protected/humhub/modules/ldap/models/LdapSettings.php ++++ b/protected/humhub/modules/ldap/models/LdapSettings.php +@@ -120,7 +120,7 @@ class LdapSettings extends Model + return [ + [['enabled', 'refreshUsers', 'usernameAttribute', 'emailAttribute', 'username', 'passwordField', 'hostname', 'port', 'idAttribute'], 'string', 'max' => 255], + [['baseDn', 'loginFilter', 'userFilter'], 'string'], +- [['usernameAttribute', 'username', 'passwordField', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'], ++ [['usernameAttribute', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'], + ['encryption', 'in', 'range' => ['', 'ssl', 'tls']], + ]; + } diff --git a/sources/version b/sources/version index 26aaba0..f8a696c 100644 --- a/sources/version +++ b/sources/version @@ -1 +1 @@ -1.2.0 +1.7.2 From 90501d91e99976ee6e001813bde32f45bd82351a Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Thu, 4 Mar 2021 18:09:37 +0100 Subject: [PATCH 3/9] Update upgrade script Follows https://docs.humhub.org/docs/admin/updating --- scripts/upgrade | 46 ++++++++++------------------------------------ 1 file changed, 10 insertions(+), 36 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 82dd48f..9ce5687 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -157,12 +157,18 @@ ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= -# APPLY LDAP PATCHES +# MIGRATE DATABASE #================================================= -ynh_script_progression --message="Applying LDAP patches..." --time --weight=1 +ynh_script_progression --message="Migrating database..." --time --weight=1 -# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 -# Fix to allow passwordless LDAP login +sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii migrate/up --includeModuleMigrations=1 + +#================================================= +# UPDATE MODULES +#================================================= +ynh_script_progression --message="Updating modules..." --time --weight=1 + +sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii module/update-all #================================================= # REINSTALL CRONTAB @@ -171,19 +177,6 @@ ynh_script_progression --message="Upgrading crontab..." --time --weight=1 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}" -#================================================= -# MODIFY A CONFIG FILE -#================================================= - -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -# ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" - -# ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" - -# Recalculate and store the checksum of the file for the next upgrade. -# ynh_store_file_checksum --file="$final_path/CONFIG_FILE" - #================================================= # GENERIC FINALIZATION #================================================= @@ -199,25 +192,6 @@ chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/runtime chown -R $app $final_path/uploads/* -# This file contains the db password -chmod g-rwx o-rwx $final_path/protected/config/dynamic.php - -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 - -# Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --non-append - -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - #================================================= # RELOAD NGINX #================================================= From 429955d88aebe4b12961d3cecb447f406d662f07 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 12 Mar 2021 18:07:18 +0100 Subject: [PATCH 4/9] Apply CI suggested changes --- check_process | 4 ++-- conf/nginx.conf | 2 +- manifest.json | 5 +++-- scripts/install | 2 +- scripts/restore | 3 --- scripts/upgrade | 9 +-------- 6 files changed, 8 insertions(+), 17 deletions(-) diff --git a/check_process b/check_process index bede8fa..2bfd018 100644 --- a/check_process +++ b/check_process @@ -12,11 +12,11 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=CommitHash + upgrade=0 from_commit=CommitHash backup_restore=1 multi_instance=1 port_already_use=0 - change_url=1 + change_url=0 ;;; Options Email= Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index ebb051e..119f226 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -27,7 +27,7 @@ location __PATH__/ { location ~ ^__PATH__/(assets|static|themes|uploads) { access_log off; expires 10d; - add_header Cache-Control "public, no-transform"; + more_set_headers "Cache-Control: public, no-transform"; } location ~ ^__PATH__/(protected|framework|themes/\w+/views|\.|uploads/file) { diff --git a/manifest.json b/manifest.json index 4102b9f..6d68468 100644 --- a/manifest.json +++ b/manifest.json @@ -9,9 +9,10 @@ "url": "https://www.humhub.org", "license": "free", "maintainer": { - "name": "Scith", - "url": "https://github.com/scith" + "name": "Nils Van Zuijlen", + "url": "https://github.com/nils-van-zuijlen" }, + "version": "1.7.2~ynh1", "requirements": { "yunohost": ">= 4.0.0" }, diff --git a/scripts/install b/scripts/install index eb8abe1..4521373 100644 --- a/scripts/install +++ b/scripts/install @@ -168,7 +168,7 @@ local_curl_csrf "/index.php?r=installer/config/sample-data" \ "SampleDataForm[sampleData]=0" # Populate the LDAP parameters -sed -i "s@__ADMIN__@$admin@g" ../conf/ldap.sql +ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/ldap.sql" mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql # Remove the public access diff --git a/scripts/restore b/scripts/restore index d12fad9..f0f265c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -81,9 +81,6 @@ chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/runtime chown -R $app $final_path/uploads/* -# This file contains the db password -chmod g-rwx o-rwx $final_path/protected/config/dynamic.php - #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 9ce5687..075f907 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -120,7 +120,7 @@ then cp -a "$final_path.old/themes/." "$final_path/themes/" # Delete old source - rm -rf "$final_path.old" + ynh_secure_remove --file="$final_path.old" fi #================================================= @@ -131,13 +131,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 - -ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE DEDICATED USER #================================================= From b32cfb636a5d0999202fb1b1d08b06c1c286afa9 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Mon, 15 Mar 2021 09:45:20 +0100 Subject: [PATCH 5/9] Do not restore nonexisting files --- scripts/restore | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/scripts/restore b/scripts/restore index f0f265c..0bbb02b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -81,22 +81,12 @@ chown -R $app $final_path/protected/modules chown -R $app $final_path/protected/runtime chown -R $app $final_path/uploads/* - #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 - -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # SPECIFIC RESTORATION #================================================= @@ -122,12 +112,6 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ ynh_restore_file --origin_path="/etc/cron.d/$app" -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= From 5ddebe463f0eea90acab0ff625b586254184fd3a Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Mar 2021 23:14:42 +0100 Subject: [PATCH 6/9] Upgrade to 1.8.1 --- README.md | 6 ++--- README_fr.md | 6 ++--- conf/app.src | 8 ++++--- manifest.json | 20 ++-------------- scripts/install | 27 +++++++++------------- scripts/remove | 18 +++++++-------- scripts/restore | 16 ++++++------- scripts/upgrade | 61 ++++++++++--------------------------------------- 8 files changed, 53 insertions(+), 109 deletions(-) diff --git a/README.md b/README.md index a94a809..c6156e7 100644 --- a/README.md +++ b/README.md @@ -11,15 +11,15 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview HumHub is a feature rich and highly flexible OpenSource Social Network Kit written in PHP. -**Shipped version:** 1.7.2 +**Shipped version:** 1.8.1 ## Screenshots -![](Link to a screenshot of this app.) +![](https://www.humhub.com/static/img/enterprise/app_small.png) ## Demo -* [Official demo](Link to a demo site for this app.) +* [Official demo](https://www.humhub.com/en) ## Configuration diff --git a/README_fr.md b/README_fr.md index a38b1fc..d786cdd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,15 +13,15 @@ HumHub est un logiciel libre de réseau social fait pour faciliter la communicat Il est léger, puissant et possède une interface agréable. Avec HumHub, vous pouvez créer votre propre réseau social personnalisé. -**Version incluse :** 1.7.2 +**Version incluse :** 1.8.1 ## Captures d'écran -![](Lien vers une capture d'écran de cette application.) +![](https://www.humhub.com/static/img/enterprise/app_small.png) ## Démo -* [Démo officielle](Lien vers un site de démonstration de cette application.) +* [Démo officielle](https://www.humhub.com/en) ## Configuration diff --git a/conf/app.src b/conf/app.src index 6a1eea7..3a57f14 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,9 @@ -SOURCE_URL=https://www.humhub.com/download/package/humhub-1.7.2.tar.gz -SOURCE_SUM=e20e6f8d321a0d5c8907b00465846a4d57432fe386181ca6c73ad27a9967e83a +SOURCE_URL=https://www.humhub.com/download/package/humhub-1.8.1.tar.gz +SOURCE_SUM=2eca1561506bfa06f8e36358659a0ec0f72497547d949d2232a85dc788ad4758 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=humhub-1.7.2.tar.gz +SOURCE_FILENAME=humhub-1.8.1.tar.gz SOURCE_EXTRACT=true + + diff --git a/manifest.json b/manifest.json index 6d68468..44e9975 100644 --- a/manifest.json +++ b/manifest.json @@ -12,9 +12,9 @@ "name": "Nils Van Zuijlen", "url": "https://github.com/nils-van-zuijlen" }, - "version": "1.7.2~ynh1", + "version": "1.8.1~ynh1", "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.1.7" }, "multi_instance": true, "services": [ @@ -27,38 +27,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for HumHub", - "fr": "Choisissez un nom de domaine pour HumHub" - }, "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for HumHub", - "fr": "Choisissez un chemin pour HumHub" - }, "example": "/humhub", "default": "/humhub" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user", - "fr": "Choisissez l’administrateur" - }, "example": "johndoe" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public site?", - "fr": "Est-ce un site public ?" - }, "default": false } ] diff --git a/scripts/install b/scripts/install index 4521373..a5a402b 100644 --- a/scripts/install +++ b/scripts/install @@ -34,7 +34,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --time --weight=1 +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -45,7 +45,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --time --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -56,7 +56,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # CREATE A MYSQL DATABASE #================================================= -ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 +ynh_script_progression --message="Creating a MySQL database..." --weight=1 db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name @@ -66,7 +66,7 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --time --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src @@ -75,7 +75,7 @@ ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 +ynh_script_progression --message="Configuring NGINX web server..." --weight=4 # Create a dedicated NGINX config ynh_add_nginx_config @@ -83,7 +83,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --time --weight=1 +ynh_script_progression --message="Configuring system user..." --weight=2 # Create a system user ynh_system_user_create --username=$app @@ -91,7 +91,7 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 +ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" @@ -120,16 +120,11 @@ ynh_replace_string --match_string="defined('YII_ENV') or define('YII_ENV', 'dev' # SETUP APPLICATION WITH CURL #================================================= -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - # Set right permissions for curl install chown -R $app: $final_path # Set the app as temporarily public for curl call -ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 +ynh_script_progression --message="Configuring SSOwat..." --weight=30 # Making the app public for curl ynh_permission_update --permission="main" --add="visitors" # Reload SSOwat config @@ -139,7 +134,7 @@ yunohost app ssowatconf ynh_systemd_action --service_name=nginx --action=reload # Installation with curl -ynh_script_progression --message="Finalizing installation..." --time --weight=1 +ynh_script_progression --message="Finalizing installation..." --weight=2 admin_temp_pass=$(ynh_string_random 6) admin_email=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail) @@ -213,7 +208,7 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}" #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring permissions..." --time --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=35 # Make app public if necessary if [ $is_public -eq 1 ] @@ -224,7 +219,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 618b90f..124d7ca 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -27,7 +27,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 +ynh_script_progression --message="Removing the MySQL database..." --weight=1 # Remove a database if it exists, along with the associated user ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name @@ -35,7 +35,7 @@ ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." --time --weight=1 +ynh_script_progression --message="Removing dependencies..." --weight=1 # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -43,7 +43,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --time --weight=1 +ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -51,7 +51,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=2 # Remove the dedicated NGINX config ynh_remove_nginx_config @@ -59,7 +59,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 +ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config @@ -69,7 +69,7 @@ ynh_remove_fpm_config #================================================= # REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Removing CRON configuration..." --time --weight=1 +ynh_script_progression --message="Removing CRON configuration..." --weight=2 # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" @@ -79,7 +79,7 @@ ynh_secure_remove --file="/etc/cron.d/$app" #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user ynh_system_user_delete --username=$app @@ -88,4 +88,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --time --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 0bbb02b..6c39ff9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -24,7 +24,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -38,7 +38,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 +ynh_script_progression --message="Validating restoration parameters..." --weight=1 ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -56,14 +56,14 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 +ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) ynh_system_user_create --username=$app @@ -92,7 +92,7 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 +ynh_script_progression --message="Reinstalling dependencies..." --weight=2 # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies @@ -100,7 +100,7 @@ ynh_install_app_dependencies $pkg_dependencies #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 +ynh_script_progression --message="Restoring the MySQL database..." --weight=2 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd @@ -117,7 +117,7 @@ ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1 ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload @@ -126,4 +126,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --time --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 075f907..47be872 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -28,39 +28,12 @@ db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) # CHECK VERSION #================================================= -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 - -# -# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# - -# If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi - -# If final_path doesn't exist, create it -#if [ -z "$final_path" ]; then -# final_path=/var/www/$app -# ynh_app_setting_set --app=$app --key=final_path --value=$final_path -#fi - -### If nobody installed your app before 4.1, -### then you may safely remove these lines +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Cleaning legacy permissions if ynh_legacy_permissions_exists; then @@ -69,20 +42,10 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions - ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true" -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -104,7 +67,7 @@ ynh_secure_remove --file="/etc/cron.d/$app" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --time --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=1 # Backup user contents mv "$final_path" "$final_path.old" @@ -126,7 +89,7 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -134,7 +97,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app @@ -142,7 +105,7 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config @@ -152,21 +115,21 @@ ynh_add_fpm_config #================================================= # MIGRATE DATABASE #================================================= -ynh_script_progression --message="Migrating database..." --time --weight=1 +ynh_script_progression --message="Migrating database..." --weight=1 sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii migrate/up --includeModuleMigrations=1 #================================================= # UPDATE MODULES #================================================= -ynh_script_progression --message="Updating modules..." --time --weight=1 +ynh_script_progression --message="Updating modules..." --weight=1 sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii module/update-all #================================================= # REINSTALL CRONTAB #================================================= -ynh_script_progression --message="Upgrading crontab..." --time --weight=1 +ynh_script_progression --message="Upgrading crontab..." --weight=1 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}" @@ -188,7 +151,7 @@ chown -R $app $final_path/uploads/* #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -196,4 +159,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --time --last +ynh_script_progression --message="Upgrade of $app completed" --last From 214bded98ac0860342f3b6f50f0649073e21e069 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Mar 2021 23:17:07 +0100 Subject: [PATCH 7/9] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 44e9975..5356077 100644 --- a/manifest.json +++ b/manifest.json @@ -7,7 +7,7 @@ "fr": "Réseau Social d'Entreprise." }, "url": "https://www.humhub.org", - "license": "free", + "license": "AGPL-3.0-only", "maintainer": { "name": "Nils Van Zuijlen", "url": "https://github.com/nils-van-zuijlen" From cee92262b9780a488c1f94fd4c5686433ed486af Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Mar 2021 23:19:49 +0100 Subject: [PATCH 8/9] Update restore --- scripts/restore | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/scripts/restore b/scripts/restore index 6c39ff9..1e017c7 100644 --- a/scripts/restore +++ b/scripts/restore @@ -84,18 +84,11 @@ chown -R $app $final_path/uploads/* #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=2 - -# Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies +ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # RESTORE THE MYSQL DATABASE From 55dedf562f4232c9246a0cd36e82807b12af3fe7 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Mar 2021 23:29:36 +0100 Subject: [PATCH 9/9] Fix --- scripts/upgrade | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 47be872..085e671 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,7 +22,7 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) #================================================= # CHECK VERSION @@ -117,6 +117,8 @@ ynh_add_fpm_config #================================================= ynh_script_progression --message="Migrating database..." --weight=1 +chown -R $app $final_path/ + sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii migrate/up --includeModuleMigrations=1 #=================================================