YunoHost-Apps/humhub_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/humhub_ynh.git synced 2024-09-03 19:26:11 +02:00
Code Issues Activity Actions 1

Merge pull request #9 from YunoHost-Apps/1.8.1

Browse source 
1.8.1
This commit is contained in:
Éric Gaspar 2021-03-17 10:18:42 +01:00 committed by GitHub
commit f9274c4dbf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 557 additions and 1007 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -11,15 +11,15 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
HumHub is a feature rich and highly flexible OpenSource Social Network Kit written in PHP. HumHub is a feature rich and highly flexible OpenSource Social Network Kit written in PHP.
**Shipped version:** 1.0 **Shipped version:** 1.8.1
## Screenshots ## Screenshots
![](Link to a screenshot of this app.) ![](https://www.humhub.com/static/img/enterprise/app_small.png)
## Demo ## Demo
* [Official demo](Link to a demo site for this app.) * [Official demo](https://www.humhub.com/en)
## Configuration ## Configuration
@ -27,7 +27,7 @@ How to configure this app: From an admin panel, a plain file with SSH, or any ot
## Documentation ## Documentation
* Official documentation: Link to the official documentation of this app * Official documentation: https://docs.humhub.org
* YunoHost documentation: If specific documentation is needed, feel free to contribute. * YunoHost documentation: If specific documentation is needed, feel free to contribute.
## YunoHost specific features ## YunoHost specific features
@ -57,7 +57,7 @@ https://yunohost.org/packaging_apps
* Report a bug: https://github.com/YunoHost-Apps/humhub_ynh/issues * Report a bug: https://github.com/YunoHost-Apps/humhub_ynh/issues
* App website: https://www.humhub.org/ * App website: https://www.humhub.org/
* Upstream app repository: Link to the official repository of the upstream app. * Upstream app repository: https://github.com/humhub/humhub
* YunoHost website: https://yunohost.org/ * YunoHost website: https://yunohost.org/
--- ---

76
README_fr.md Normal file
View file

@ -0,0 +1,76 @@
# HumHub pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/humhub.svg)](https://dash.yunohost.org/appci/app/humhub) ![](https://ci-apps.yunohost.org/ci/badges/humhub.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/humhub.maintain.svg)
[![Installer humhub avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=humhub)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer HumHub rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
## Vue d'ensemble
HumHub est un logiciel libre de réseau social fait pour faciliter la communication et la collaboration.
Il est léger, puissant et possède une interface agréable. Avec HumHub, vous pouvez créer votre propre réseau social personnalisé.
**Version incluse :** 1.8.1
## Captures d'écran
![](https://www.humhub.com/static/img/enterprise/app_small.png)
## Démo
* [Démo officielle](https://www.humhub.com/en)
## Configuration
Comment configurer cette application : via le panneau d'administration, un fichier brut en SSH ou tout autre moyen.
## Documentation
* Documentation officielle : https://docs.humhub.org
* Documentation YunoHost : Si une documentation spécifique est nécessaire, n'hésitez pas à contribuer.
## Caractéristiques spécifiques YunoHost
#### Support multi-utilisateur
* L'authentification LDAP et HTTP est-elle prise en charge ?
* L'application peut-elle être utilisée par plusieurs utilisateurs ?
#### Architectures supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/humhub/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/humhub/)
## Limitations
* Limitations connues.
## Informations additionnelles
* Autres informations que vous souhaitez ajouter sur cette application.
**Plus d'informations sur la page de documentation :**
https://yunohost.org/packaging_apps
## Liens
* Signaler un bug : https://github.com/YunoHost-Apps/humhub_ynh/issues
* Site de l'application : https://www.humhub.org/
* Dépôt de l'application principale : https://github.com/humhub/humhub
* Site web YunoHost : https://yunohost.org/
---
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/humhub_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug
ou
sudo yunohost app upgrade humhub -u https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug
```

4
check_process
View file

@ -12,11 +12,11 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=CommitHash upgrade=0 from_commit=CommitHash
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
port_already_use=0 port_already_use=0
change_url=1 change_url=0
;;; Options ;;; Options
Email= Email=
Notification=none Notification=none

8
conf/app.src
View file

@ -1,7 +1,9 @@
SOURCE_URL=https://github.com/humhub/humhub/archive/v1.7.2.tar.gz SOURCE_URL=https://www.humhub.com/download/package/humhub-1.8.1.tar.gz
SOURCE_SUM=dd02b47f995bace4e03aff4750772abaab205769c75ef9f22904171b7649c689 SOURCE_SUM=2eca1561506bfa06f8e36358659a0ec0f72497547d949d2232a85dc788ad4758
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true
SOURCE_FILENAME= SOURCE_FILENAME=humhub-1.8.1.tar.gz
SOURCE_EXTRACT=true SOURCE_EXTRACT=true

2
conf/cron
View file

@ -1,2 +1,2 @@
* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii queue/run >/dev/null 2>&1 * * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii queue/run >/dev/null 2>&1
* * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii cron/run >/dev/null 2>&1 * * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/protected/yii cron/run >/dev/null 2>&1

36
conf/ldap.sql
View file

@ -1,18 +1,28 @@
REPLACE INTO setting (`name`, `value`, `module_id`) VALUES BEGIN;
('auth.ldap.enabled', '1', 'user'),
('auth.ldap.hostname', 'localhost', 'user'), DELETE FROM setting WHERE
('auth.ldap.port', '389', 'user'), (`name` = 'auth.anonymousRegistration') OR
('auth.ldap.encryption', '', 'user'), (`name` = 'auth.allowGuestAccess') OR
('auth.ldap.username', '', 'user'), (`name` = 'auth.internalUsersCanInvite');
('auth.ldap.password', '', 'user'),
('auth.ldap.baseDn', 'ou=users,dc=yunohost,dc=org', 'user'), INSERT INTO setting (`name`, `value`, `module_id`) VALUES
('auth.ldap.loginFilter', '(uid=%s)', 'user'), ('enabled', '1', 'ldap'),
('auth.ldap.userFilter', 'objectClass=mailAccount', 'user'), ('hostname', 'localhost', 'ldap'),
('auth.ldap.emailAttribute', 'mail', 'user'), ('port', '389', 'ldap'),
('auth.ldap.usernameAttribute', 'uid', 'user'), ('encryption', '', 'ldap'),
('auth.ldap.refreshUsers', '1', 'user'), ('username', '', 'ldap'),
('password', '', 'ldap'),
('baseDn', 'ou=users,dc=yunohost,dc=org', 'ldap'),
('loginFilter', '(uid=%s)', 'ldap'),
('userFilter', 'objectClass=mailAccount', 'ldap'),
('emailAttribute', 'mail', 'ldap'),
('usernameAttribute', 'uid', 'ldap'),
('idAttribute', 'uid', 'ldap'),
('refreshUsers', '1', 'ldap'),
('auth.anonymousRegistration', '0', 'user'), ('auth.anonymousRegistration', '0', 'user'),
('auth.allowGuestAccess', '0', 'user'), ('auth.allowGuestAccess', '0', 'user'),
('auth.internalUsersCanInvite', '0', 'user'); ('auth.internalUsersCanInvite', '0', 'user');
UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = '__ADMIN__'; UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = '__ADMIN__';
COMMIT;

33
conf/nginx.conf
View file

@ -2,7 +2,7 @@
location __PATH__/ { location __PATH__/ {
# Path to source # Path to source
alias __FINALPATH__/ ; alias __FINALPATH__/ ;
index index.php; index index.php;
@ -10,28 +10,29 @@ location __PATH__/ {
location ~ [^/]\.php(/|$) { location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock;
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php; fastcgi_index index.php;
include fastcgi_params; include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $document_root$fsn;
} }
location ~ ^__PATH__/(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ { location ~ ^__PATH__/(assets|static|themes|uploads) {
access_log off; access_log off;
expires 30d; expires 10d;
add_header Pragma public; more_set_headers "Cache-Control: public, no-transform";
add_header Cache-Control "public, mustrevalidate, proxy-revalidate"; }
}
location = __PATH__/protected { location ~ ^__PATH__/(protected|framework|themes/\w+/views|\.|uploads/file) {
deny all; deny all;
} }
location = __PATH__/uploads/file {
deny all;
}
# Include SSOWAT user panel. # Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;

25
manifest.json
View file

@ -7,13 +7,14 @@
"fr": "Réseau Social d'Entreprise." "fr": "Réseau Social d'Entreprise."
}, },
"url": "https://www.humhub.org", "url": "https://www.humhub.org",
"license": "free", "license": "AGPL-3.0-only",
"maintainer": { "maintainer": {
"name": "Scith", "name": "Nils Van Zuijlen",
"url": "https://github.com/scith" "url": "https://github.com/nils-van-zuijlen"
}, },
"version": "1.8.1~ynh1",
"requirements": { "requirements": {
"yunohost": ">= 4.0.0" "yunohost": ">= 4.1.7"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
@ -26,38 +27,22 @@
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain",
"ask": {
"en": "Choose a domain name for HumHub",
"fr": "Choisissez un nom de domaine pour HumHub"
},
"example": "example.com" "example": "example.com"
}, },
{ {
"name": "path", "name": "path",
"type": "path", "type": "path",
"ask": {
"en": "Choose a path for HumHub",
"fr": "Choisissez un chemin pour HumHub"
},
"example": "/humhub", "example": "/humhub",
"default": "/humhub" "default": "/humhub"
}, },
{ {
"name": "admin", "name": "admin",
"type": "user", "type": "user",
"ask": {
"en": "Choose an admin user",
"fr": "Choisissez ladministrateur"
},
"example": "johndoe" "example": "johndoe"
}, },
{ {
"name": "is_public", "name": "is_public",
"type": "boolean", "type": "boolean",
"ask": {
"en": "Is it a public site?",
"fr": "Est-ce un site public ?"
},
"default": false "default": false
} }
] ]

79
scripts/_common.sh Normal file
View file

@ -0,0 +1,79 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap"
#=================================================
# PERSONAL HELPERS
#=================================================
local_curl_csrf () {
# Define url of page to curl
local local_page=$(ynh_normalize_url_path $1)
local full_path=$path_url$local_page
if [ "${path_url}" == "/" ]; then
full_path=$local_page
fi
local full_page_url=https://localhost$full_path
# Concatenate all other arguments with '&' to prepare POST data
local POST_data=""
local arg=""
for arg in "${@:2}"
do
POST_data="${POST_data}${arg}&"
done
if [ -n "$POST_data" ]
then
# Add --data arg and remove the last character, which is an unecessary '&'
POST_data="--data ${POST_data::-1}"
fi
# Wait untils nginx has fully reloaded (avoid curl fail with http2)
sleep 2
local cookiefile=/tmp/ynh-$app-cookie.txt
touch $cookiefile
chown root $cookiefile
chmod 700 $cookiefile
# Curl the URL for the CSRF token
local token_line=`curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile | grep 'meta name="csrf-token"'`
token_line=${token_line##*content=\"}
local csrf=${token_line%%\">*}
POST_data="${POST_data}&_csrf=${csrf}"
curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
}
#Convert --data to --data-urlencode before ynh_local_curl
myynh_urlencode() {
local data
if [[ $# != 1 ]]; then
echo "Usage: $0 string-to-urlencode"
return 1
fi
data="$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")"
if [[ $? != 3 ]]; then
echo "Unexpected error" 1>&2
return 2
fi
echo "${data##/?}"
return 0
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

21
scripts/_commons.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap"
#=================================================
# PERSONAL HELPERS
#=================================================
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

6
scripts/backup
View file

@ -58,12 +58,6 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#================================================= #=================================================
# SPECIFIC BACKUP # SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
#================================================= #=================================================
# BACKUP VARIOUS FILES # BACKUP VARIOUS FILES
#================================================= #=================================================

226
scripts/install
View file

@ -34,7 +34,7 @@ app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
ynh_script_progression --message="Validating installation parameters..." --time --weight=1 ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder" test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -45,7 +45,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#================================================= #=================================================
# STORE SETTINGS FROM MANIFEST # STORE SETTINGS FROM MANIFEST
#================================================= #=================================================
ynh_script_progression --message="Storing installation settings..." --time --weight=1 ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -53,26 +53,10 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --time --weight=1
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --time --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# CREATE A MYSQL DATABASE # CREATE A MYSQL DATABASE
#================================================= #=================================================
ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 ynh_script_progression --message="Creating a MySQL database..." --weight=1
db_name=$(ynh_sanitize_dbid --db_name=$app) db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name db_user=$db_name
@ -82,7 +66,7 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --time --weight=1 ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
@ -91,7 +75,7 @@ ynh_setup_source --dest_dir="$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=4
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
@ -99,7 +83,7 @@ ynh_add_nginx_config
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Configuring system user..." --time --weight=1 ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user # Create a system user
ynh_system_user_create --username=$app ynh_system_user_create --username=$app
@ -107,7 +91,7 @@ ynh_system_user_create --username=$app
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
# Create a dedicated PHP-FPM config # Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config --package="$extra_php_dependencies"
@ -116,23 +100,31 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#================================================= #=================================================
# ... # SETUP SQL CREDENTIALS
#================================================= #=================================================
ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php"
#=================================================
# DEACTIVATE DEBUG MODE
#=================================================
ynh_replace_string --match_string="defined('YII_DEBUG') or define('YII_DEBUG', true);"\
--replace_string="// defined('YII_DEBUG') or define('YII_DEBUG', true);"\
--target_file="$final_path/index.php"
ynh_replace_string --match_string="defined('YII_ENV') or define('YII_ENV', 'dev');"\
--replace_string="// defined('YII_ENV') or define('YII_ENV', 'dev');"\
--target_file="$final_path/index.php"
#================================================= #=================================================
# SETUP APPLICATION WITH CURL # SETUP APPLICATION WITH CURL
#================================================= #=================================================
### Use these lines only if the app installation needs to be finalized through
### web forms. We generally don't want to ask the final user,
### so we're going to use curl to automatically fill the fields and submit the
### forms.
# Set right permissions for curl install # Set right permissions for curl install
chown -R $app: $final_path chown -R $app: $final_path
# Set the app as temporarily public for curl call # Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 ynh_script_progression --message="Configuring SSOwat..." --weight=30
# Making the app public for curl # Making the app public for curl
ynh_permission_update --permission="main" --add="visitors" ynh_permission_update --permission="main" --add="visitors"
# Reload SSOwat config # Reload SSOwat config
@ -142,8 +134,37 @@ yunohost app ssowatconf
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
# Installation with curl # Installation with curl
ynh_script_progression --message="Finalizing installation..." --time --weight=1 ynh_script_progression --message="Finalizing installation..." --weight=2
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
admin_temp_pass=$(ynh_string_random 6)
admin_email=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail)
admin_firstname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname)
admin_lastname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname)
ynh_local_curl "/index.php?r=installer/index/go"
local_curl_csrf "/index.php?r=installer/config/basic" \
"ConfigBasicForm[name]=YunoHost"
local_curl_csrf "/index.php?r=installer/config/use-case" \
"UseCaseForm[useCase]=" \
"UseCaseForm[useCase]=other"
local_curl_csrf "/index.php?r=installer/config/admin" \
`myynh_urlencode "User[username]=$admin"` \
`myynh_urlencode "User[email]=$admin_email"` \
`myynh_urlencode "Password[newPassword]=$admin_temp_pass"` \
`myynh_urlencode "Password[newPasswordConfirm]=$admin_temp_pass"` \
`myynh_urlencode "Profile[firstname]=${admin_firstname}"` \
`myynh_urlencode "Profile[lastname]=${admin_lastname}"` \
"save"
local_curl_csrf "/index.php?r=installer/config/sample-data" \
"SampleDataForm[sampleData]=0"
# Populate the LDAP parameters
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/ldap.sql"
mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql
# Remove the public access # Remove the public access
ynh_permission_update --permission="main" --remove="visitors" ynh_permission_update --permission="main" --remove="visitors"
@ -152,10 +173,6 @@ ynh_permission_update --permission="main" --remove="visitors"
# MODIFY A CONFIG FILE # MODIFY A CONFIG FILE
#================================================= #=================================================
ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php"
ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
#================================================= #=================================================
# STORE THE CONFIG FILE CHECKSUM # STORE THE CONFIG FILE CHECKSUM
#================================================= #=================================================
@ -165,7 +182,7 @@ ynh_replace_string --match_string="match_string" --replace_string="replace_strin
### you can make a backup of this file before modifying it again if the admin had modified it. ### you can make a backup of this file before modifying it again if the admin had modified it.
# Calculate and store the config file checksum into the app settings # Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/CONFIG_FILE" ynh_store_file_checksum --file="$final_path/protected/config/common.php"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -174,75 +191,24 @@ ynh_store_file_checksum --file="$final_path/CONFIG_FILE"
#================================================= #=================================================
# Set permissions to app files # Set permissions to app files
chown -R www-data: $final_path chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#================================================= #=================================================
# SETUP LOGROTATE # SETUP CRON CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring log rotation..." --time --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
### Additional options starting with 3.8:
###
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
### which will then be checked by YunoHost's diagnosis system
### (N.B. DO NOT USE THIS is the port is only internal!!!)
###
### --test_status "some command" a custom command to check the status of the service
### (only relevant if 'systemctl status' doesn't do a good job)
###
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
###
### Re-calling 'yunohost service add' during the upgrade script is the right way
### to proceed if you later realize that you need to enable some flags that
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service
### If you're not using these lines:
### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
### - As well as the section "START SYSTEMD SERVICE" in the restore script
### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." --time --weight=1 ynh_script_progression --message="Configuring permissions..." --weight=35
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
@ -253,7 +219,7 @@ fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --weight=2
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
@ -262,65 +228,3 @@ ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
ynh_script_progression --message="Installation of $app completed" --last ynh_script_progression --message="Installation of $app completed" --last
# Hotfixes
# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949
sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php
# Fix to allow passwordless LDAP login
sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php
sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php
sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php
# Set permissions to app files
sudo chown -R www-data: $src_path
# Cron
echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron
echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron
sudo mv cron /etc/cron.d/${app}
sudo chown root /etc/cron.d/${app}
# Install
# Disable SSO
ynh_app_setting_set "$app" unprotected_uris "/"
sudo yunohost app ssowatconf
# Install with CURL
admin_temp_pass=$(ynh_string_random 6)
admin_email=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail)
admin_firstname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname)
admin_lastname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname)
ynh_local_curl "/index.php?r=installer/index/go" "go"
ynh_local_curl "/index.php?r=installer/config/basic" \
"ConfigBasicForm[name]=YunoHost"
ynh_local_curl "/index.php?r=installer/config/use-case" \
"UseCaseForm[useCase]=" \
"UseCaseForm[useCase]=other"
ynh_local_curl "/index.php?r=installer/config/admin" \
"User[username]=$admin" \
"User[email]=$admin_email" \
"Password[newPassword]=$admin_temp_pass" \
"Password[newPasswordConfirm]=$admin_temp_pass" \
"Profile[firstname]=$admin_firstname" \
"Profile[lastname]=$admin_lastname" \
"save"
ynh_local_curl "/index.php?r=installer/config/sample-data" \
"SampleDataForm[sampleData]=0"
# Populate the LDAP parameters
sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/ldap.sql
mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql

31
scripts/remove
View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1 ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -24,21 +24,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --time --weight=1
yunohost service remove $app
fi
#================================================= #=================================================
# REMOVE THE MYSQL DATABASE # REMOVE THE MYSQL DATABASE
#================================================= #=================================================
ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 ynh_script_progression --message="Removing the MySQL database..." --weight=1
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
@ -46,7 +35,7 @@ ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#================================================= #=================================================
# REMOVE DEPENDENCIES # REMOVE DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Removing dependencies..." --time --weight=1 ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies # Remove metapackage and its dependencies
ynh_remove_app_dependencies ynh_remove_app_dependencies
@ -54,7 +43,7 @@ ynh_remove_app_dependencies
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Removing app main directory..." --time --weight=1 ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove --file="$final_path" ynh_secure_remove --file="$final_path"
@ -62,7 +51,7 @@ ynh_secure_remove --file="$final_path"
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=2
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
@ -70,7 +59,7 @@ ynh_remove_nginx_config
#================================================= #=================================================
# REMOVE PHP-FPM CONFIGURATION # REMOVE PHP-FPM CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
# Remove the dedicated PHP-FPM config # Remove the dedicated PHP-FPM config
ynh_remove_fpm_config ynh_remove_fpm_config
@ -80,19 +69,17 @@ ynh_remove_fpm_config
#================================================= #=================================================
# REMOVE VARIOUS FILES # REMOVE VARIOUS FILES
#================================================= #=================================================
ynh_script_progression --message="Removing CRON configuration..." --weight=2
# Remove a cron file # Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app/"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# REMOVE DEDICATED USER # REMOVE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user # Delete a system user
ynh_system_user_delete --username=$app ynh_system_user_delete --username=$app
@ -101,4 +88,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Removal of $app completed" --time --last ynh_script_progression --message="Removal of $app completed" --last

138
scripts/restore
View file

@ -1,42 +1,122 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
# Source YunoHost helpers domain=$(ynh_app_setting_get --app=$app --key=domain)
source /usr/share/yunohost/helpers path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Retrieve old app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # CHECK IF THE APP CAN BE RESTORED
path=$(ynh_app_setting_get "$app" path) #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
# Check domain/path availability ynh_webpath_available --domain=$domain --path_url=$path_url \
sudo yunohost app checkurl "${domain}${path}" -a "$app" \ || ynh_die --message="Path not available: ${domain}${path_url}"
|| ynh_die "Path not available: ${domain}${path}" test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
# Restore sources & data #=================================================
src_path="/var/www/${app}" # STANDARD RESTORATION STEPS
sudo cp -a ./sources "$src_path" #=================================================
sudo cp -a ./cron "/etc/cron.d/${app}" # RESTORE THE NGINX CONFIGURATION
#=================================================
# Restore permissions to app files ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
sudo chown -R www-data: $src_path
# MySQL #=================================================
dbname=$app # RESTORE THE APP MAIN DIR
dbuser=$app #=================================================
dbpass=$(ynh_app_setting_get "$app" mysqlpwd) ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql
# Restore NGINX configuration ynh_restore_file --origin_path="$final_path"
sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Restore PHP-FPM configuration #=================================================
sudo cp -a ./php-fpm.conf "/etc/php5/fpm/pool.d/${app}.conf" # RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Restart services # Create the dedicated user (if not existing)
sudo service php5-fpm reload ynh_system_user_create --username=$app
sudo service nginx reload
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_add_fpm_config --package="$extra_php_dependencies"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=2
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

213
scripts/upgrade
View file

@ -1,83 +1,164 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
version=$(cat ../sources/version)
source='https://sourceforge.net/projects/humhub/files/'
# Source YunoHost helpers domain=$(ynh_app_setting_get --app=$app --key=domain)
source /usr/share/yunohost/helpers path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
# Retrieve app settings #=================================================
domain=$(ynh_app_setting_get "$app" domain) # CHECK VERSION
path=$(ynh_app_setting_get "$app" path) #=================================================
dbuser=$app
dbname=$app
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
src_path=/var/www/$app
# Correct path: puts a / at the start and nothing at the end upgrade_type=$(ynh_check_app_version_changed)
if [ "${path:0:1}" != "/" ]; then
path="/$path"
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then
path="${path:0:${#path}-1}"
fi
# Copy source files #=================================================
sudo mv "$src_path" "$src_path.old" # ENSURE DOWNWARD COMPATIBILITY
sudo mkdir -p $src_path #=================================================
sudo wget -q "${source}humhub-${version}.zip/download" -O humhub-${version}.zip ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
sudo unzip -qq humhub-${version}.zip
sudo cp -a humhub-$version/. $src_path
# Restore files # Cleaning legacy permissions
sudo cp -a "$src_path.old/uploads/." "$src_path/uploads/." if ynh_legacy_permissions_exists; then
sudo cp -a "$src_path.old/protected/runtime" "$src_path/protected/runtime" ynh_legacy_permissions_delete_all
sudo cp -a "$src_path.old/protected/config/." "$src_path/protected/config/"
sudo cp -a "$src_path.old/protected/modules/." "$src_path/protected/modules/"
sudo cp -a "$src_path.old/themes/." "$src_path/themes/"
# Hotfixes ynh_app_setting_delete --app=$app --key=is_public
# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949 fi
sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php
# Fix to allow passwordless LDAP login
sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php
sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php
sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php
# Set permissions to app files #=================================================
sudo chown -R www-data: $src_path # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Upgrade # Backup the current version of the app
sudo sudo -u www-data php $src_path/protected/yii migrate/up --includeModuleMigrations=1 --interactive=0 > /dev/null 2>&1 ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Upgrade cron #=================================================
echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron # STANDARD UPGRADE STEPS
echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron #=================================================
sudo mv cron /etc/cron.d/${app} # DOWNLOAD, CHECK AND UNPACK SOURCE
sudo chown root /etc/cron.d/${app} #=================================================
# Modify Nginx configuration file and copy it to Nginx conf directory # Deactivate cron jobs
nginx_conf=../conf/nginx.conf ynh_secure_remove --file="/etc/cron.d/$app"
sed -i "s@YNH_WWW_PATH@${path:-/}@g" $nginx_conf
sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf
sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf
sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf
# PHP if [ "$upgrade_type" == "UPGRADE_APP" ]
sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf then
sed -i "s@YNH_WWW_ALIAS@$src_path/@g" ../conf/php-fpm.conf ynh_script_progression --message="Upgrading source files..." --weight=1
finalphpconf=/etc/php5/fpm/pool.d/$app.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf
# Reload nginx service # Backup user contents
sudo service php5-fpm reload mv "$final_path" "$final_path.old"
sudo service nginx reload
# Delete old source # Download, check integrity, uncompress and patch the source from app.src
sudo rm -rf "$src_path.old" ynh_setup_source --dest_dir="$final_path"
# Restore user contents
cp -a "$final_path.old/uploads/." "$final_path/uploads/."
cp -a "$final_path.old/protected/runtime" "$final_path/protected/runtime"
cp -a "$final_path.old/protected/config/." "$final_path/protected/config/"
cp -a "$final_path.old/protected/modules/." "$final_path/protected/modules/"
cp -a "$final_path.old/themes/." "$final_path/themes/"
# Delete old source
ynh_secure_remove --file="$final_path.old"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# MIGRATE DATABASE
#=================================================
ynh_script_progression --message="Migrating database..." --weight=1
chown -R $app $final_path/
sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii migrate/up --includeModuleMigrations=1
#=================================================
# UPDATE MODULES
#=================================================
ynh_script_progression --message="Updating modules..." --weight=1
sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii module/update-all
#=================================================
# REINSTALL CRONTAB
#=================================================
ynh_script_progression --message="Upgrading crontab..." --weight=1
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions on app files
chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last

261
sources/fix/AuthClientHelpers.php
View file

@ -1,261 +0,0 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2016 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\user\authclient;
use Yii;
use yii\authclient\ClientInterface;
use humhub\modules\user\models\Auth;
use humhub\modules\user\models\User;
/**
* AuthClientHelper provides helper functions fo auth clients
*
* @since 1.1
* @author luke
*/
class AuthClientHelpers
{
/**
* Returns the user object which is linked against given authClient
*
* @param ClientInterface $authClient the authClient
* @return User the user model or null if not found
*/
public static function getUserByAuthClient(ClientInterface $authClient)
{
$attributes = $authClient->getUserAttributes();
if ($authClient instanceof interfaces\PrimaryClient) {
/**
* @var interfaces\PrimaryClient $authClient
*/
return User::findOne([
$authClient->getUserTableIdAttribute() => $attributes['id'],
'auth_mode' => $authClient->getId()
]);
}
$auth = Auth::find()->where(['source' => $authClient->getId(), 'source_id' => $attributes['id']])->one();
if ($auth !== null) {
return $auth->user;
}
}
/**
* Stores an authClient to an user record
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
*/
public static function storeAuthClientForUser(ClientInterface $authClient, User $user)
{
$attributes = $authClient->getUserAttributes();
if ($authClient instanceof interfaces\PrimaryClient) {
$user->auth_mode = $authClient->getId();
$user->save();
} else {
$auth = Auth::findOne(['source' => $authClient->getId(), 'source_id' => $attributes['id']]);
/**
* Make sure authClient is not double assigned
*/
if ($auth !== null && $auth->user_id != $user->id) {
$auth->delete();
$auth = null;
}
if ($auth === null) {
$auth = new \humhub\modules\user\models\Auth([
'user_id' => $user->id,
'source' => (string) $authClient->getId(),
'source_id' => (string) $attributes['id'],
]);
$auth->save();
}
}
}
/**
* Removes Authclient for a user
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
*/
public static function removeAuthClientForUser(ClientInterface $authClient, User $user)
{
Auth::deleteAll([
'user_id' => $user->id,
'source' => (string) $authClient->getId()
]);
}
/**
* Updates (or creates) a user in HumHub using AuthClients Attributes
* This method will be called after login or by cron sync.
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
* @return boolean succeed
*/
public static function updateUser(ClientInterface $authClient, User $user = null)
{
if ($user === null) {
$user = self::getUserByAuthClient($authClient);
if ($user === null) {
return false;
}
}
$authClient->trigger(BaseClient::EVENT_UPDATE_USER, new \yii\web\UserEvent(['identity' => $user]));
if ($authClient instanceof interfaces\SyncAttributes) {
$attributes = $authClient->getUserAttributes();
foreach ($authClient->getSyncAttributes() as $attributeName) {
if (isset($attributes[$attributeName])) {
if (in_array($attributeName, ['email', 'username'])) {
$user->setAttribute($attributeName, $attributes[$attributeName]);
} else {
$user->profile->setAttribute($attributeName, $attributes[$attributeName]);
}
} else {
if ($user->profile->hasAttribute($attributeName)) {
$user->profile->setAttribute($attributeName, '');
}
}
}
if (count($user->getDirtyAttributes()) !== 0 && !$user->save()) {
Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->getErrors(), 1));
return false;
}
if (count($user->profile->getDirtyAttributes()) !== 0 && !$user->profile->save()) {
Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->profile->getErrors(), 1));
return false;
}
}
return true;
}
/**
* Automatically creates user by auth client attributes
*
* @param \yii\authclient\BaseClient $authClient
* @return boolean success status
*/
public static function createUser(ClientInterface $authClient)
{
$attributes = $authClient->getUserAttributes();
if (!isset($attributes['id'])) {
return false;
}
// Hotfix for YunoHost. Select the first LDAP email address when there are several in the mail attribute. See https://github.com/humhub/humhub/issues/1949
if (is_array($attributes['mail'])) {
$attributes['mail'] = $attributes['mail'][0];
}
if (is_array($attributes['email'])) {
$attributes['email'] = $attributes['email'][0];
}
$registration = new \humhub\modules\user\models\forms\Registration();
$registration->enablePasswordForm = false;
$registration->enableEmailField = true;
if ($authClient instanceof interfaces\ApprovalBypass) {
$registration->enableUserApproval = false;
}
unset($attributes['id']);
$registration->getUser()->setAttributes($attributes, false);
$registration->getProfile()->setAttributes($attributes, false);
$registration->getGroupUser()->setAttributes($attributes, false);
if ($registration->validate() && $registration->register($authClient)) {
return $registration->getUser();
}
return null;
}
/**
* Returns all users which are using an given authclient
*
* @param ClientInterface $authClient
* @return \yii\db\ActiveQuery
*/
public static function getUsersByAuthClient(ClientInterface $authClient)
{
$query = User::find();
if ($authClient instanceof interfaces\PrimaryClient) {
$query->where([
'auth_mode' => $authClient->getId()
]);
} else {
$query->where(['user_auth.source' => $authClient->getId()]);
}
return $query;
}
/**
* Returns AuthClients used by given User
*
* @param User $user
* @return ClientInterface[] the users authclients
*/
public static function getAuthClientsByUser(User $user)
{
$authClients = [];
foreach (Yii::$app->authClientCollection->getClients() as $client) {
/**
* @var $client ClientInterface
*/
// Add primary authClient
if ($user->auth_mode == $client->getId()) {
$authClients[] = $client;
}
// Add additional authClient
foreach ($user->auths as $auth) {
if ($auth->source == $client->getId()) {
$authClients[] = $client;
}
}
}
return $authClients;
}
/**
* Returns a list of all synchornized user attributes
*
* @param User $user
* @return array attribute names
*/
public static function getSyncAttributesByUser(User $user)
{
$attributes = [];
foreach (self::getAuthClientsByUser($user) as $authClient) {
if ($authClient instanceof interfaces\SyncAttributes) {
$attributes = array_merge($attributes, $authClient->getSyncAttributes());
}
}
return $attributes;
}
}

380
sources/fix/ZendLdapClient.php
View file

@ -1,380 +0,0 @@
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace humhub\modules\user\authclient;
use Yii;
use Zend\Ldap\Ldap;
use Zend\Ldap\Node;
use Zend\Ldap\Exception\LdapException;
use humhub\modules\user\models\User;
use humhub\modules\user\models\ProfileField;
/**
* LDAP Authentication
*
* @todo create base ldap authentication, to bypass ApprovalByPass Interface
* @since 1.1
*/
class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, interfaces\SyncAttributes, interfaces\ApprovalBypass, interfaces\PrimaryClient
{
/**
* @var \Zend\Ldap\Ldap
*/
private $_ldap = null;
/**
* ID attribute to uniquely identify user
* If set to null, automatically a value email or objectguid will be used if available.
*
* @var string attribute name to identify node
*/
public $idAttribute = null;
/**
* @var string attribute name to user record
*/
public $userTableIdAttribute = 'guid';
/**
* @inheritdoc
*/
public $byPassApproval = true;
/**
* @inheritdoc
*/
public function getId()
{
return 'ldap';
}
/**
* @inheritdoc
*/
protected function defaultName()
{
return 'ldap';
}
/**
* @inheritdoc
*/
protected function defaultTitle()
{
return 'LDAP';
}
/**
* @inheritdoc
*/
public function getIdAttribute()
{
return $this->idAttribute;
}
/**
* @inheritdoc
*/
public function getUserTableIdAttribute()
{
return $this->userTableIdAttribute;
}
/**
* @inheritdoc
*/
public function auth()
{
$node = $this->getUserNode();
if ($node !== null) {
$this->setUserAttributes($node->getAttributes());
return true;
}
return false;
}
/**
* @inheritdoc
*/
protected function defaultNormalizeUserAttributeMap()
{
$map = [];
// Username field
$usernameAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.usernameAttribute');
if ($usernameAttribute == '') {
$usernameAttribute = 'sAMAccountName';
}
$map['username'] = strtolower($usernameAttribute);
// E-Mail field
$emailAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.emailAttribute');
if ($emailAttribute == '') {
$emailAttribute = 'mail';
}
$map['email'] = strtolower($emailAttribute);
// Profile Field Mapping
foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) {
$map[$profileField->internal_name] = strtolower($profileField->ldap_attribute);
}
return $map;
}
/**
* @inheritdoc
*/
protected function normalizeUserAttributes($attributes)
{
$normalized = [];
// Fix LDAP Attributes
foreach ($attributes as $name => $value) {
if (is_array($value) && count($value) == 1 && $name != 'memberof') {
$normalized[$name] = $value[0];
} else {
$normalized[$name] = $value;
}
}
if (isset($normalized['objectguid'])) {
$normalized['objectguid'] = \humhub\libs\StringHelper::binaryToGuid($normalized['objectguid']);
}
// Handle date fields (formats are specified in config)
foreach ($normalized as $name => $value) {
if (isset(Yii::$app->params['ldap']['dateFields'][$name]) && $value != '') {
$dateFormat = Yii::$app->params['ldap']['dateFields'][$name];
$date = \DateTime::createFromFormat($dateFormat, $value);
if ($date !== false) {
$normalized[$name] = $date->format('Y-m-d 00:00:00');
} else {
$normalized[$name] = "";
}
}
}
return parent::normalizeUserAttributes($normalized);
}
/**
* @return array list of user attributes
*/
public function getUserAttributes()
{
$attributes = parent::getUserAttributes();
// Try to automatically set id and usertable id attribute by available attributes
if ($this->getIdAttribute() === null || $this->getUserTableIdAttribute() === null) {
if (isset($attributes['objectguid'])) {
$this->idAttribute = 'objectguid';
$this->userTableIdAttribute = 'guid';
} elseif (isset($attributes['mail'])) {
$this->idAttribute = 'mail';
$this->userTableIdAttribute = 'email';
} else {
throw new \yii\base\Exception("Could not automatically determine unique user id from ldap node!");
}
}
// Make sure id attributes sits on id attribute key
if (isset($attributes[$this->getIdAttribute()])) {
$attributes['id'] = $attributes[$this->getIdAttribute()];
}
// Map usertable id attribute against ldap id attribute
$attributes[$this->getUserTableIdAttribute()] = $attributes[$this->getIdAttribute()];
return $attributes;
}
/**
* Returns Users LDAP Node
*
* @return Node the users ldap node
*/
protected function getUserNode()
{
$dn = $this->getUserDn();
if ($dn !== '') {
return $this->getLdap()->getNode($dn);
}
return null;
}
/**
* Returns the users LDAP DN
*
* @return string the user dn if found
*/
protected function getUserDn()
{
$userName = $this->login->username;
// Translate given e-mail to username
if (strpos($userName, '@') !== false) {
$user = User::findOne(['email' => $userName]);
if ($user !== null) {
$userName = $user->username;
}
}
try {
$this->getLdap()->bind($userName, $this->login->password);
return $this->getLdap()->getCanonicalAccountName($userName, Ldap::ACCTNAME_FORM_DN);
} catch (LdapException $ex) {
// User not found in LDAP
}
return '';
}
/**
* Returns Zend LDAP
*
* @return \Zend\Ldap\Ldap
*/
public function getLdap()
{
if ($this->_ldap === null) {
$options = array(
'host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'),
'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'),
//'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'),
//'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'),
'username' => '',
'password' => '',
'useStartTls' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls'),
'useSsl' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl'),
'bindRequiresDn' => true,
'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'),
'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter'),
);
$this->_ldap = new \Zend\Ldap\Ldap($options);
$this->_ldap->bind();
}
return $this->_ldap;
}
/**
* Sets an Zend LDAP Instance
*
* @param \Zend\Ldap\Ldap $ldap
*/
public function setLdap(\Zend\Ldap\Ldap $ldap)
{
$this->_ldap = $ldap;
}
/**
* @inheritdoc
*/
public function getSyncAttributes()
{
$attributes = ['username', 'email'];
foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) {
$attributes[] = $profileField->internal_name;
}
return $attributes;
}
/**
* Refresh ldap users
*
* New users (found in ldap) will be automatically created if all required fiélds are set.
* Profile fields which are bind to LDAP will automatically updated.
*/
public function syncUsers()
{
if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) {
return;
}
$userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter');
$baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn');
try {
$ldap = $this->getLdap();
$userCollection = $ldap->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB);
$authClient = null;
$ids = [];
foreach ($userCollection as $attributes) {
$authClient = clone $this;
$authClient->init();
$authClient->setUserAttributes($attributes);
$attributes = $authClient->getUserAttributes();
$user = AuthClientHelpers::getUserByAuthClient($authClient);
if ($user === null) {
if (!AuthClientHelpers::createUser($authClient)) {
Yii::warning('Could not automatically create LDAP user - check required attributes! (' . print_r($attributes, 1) . ')');
}
} else {
AuthClientHelpers::updateUser($authClient, $user);
}
$ids[] = $attributes['id'];
}
/**
* Since userTableAttribute can be automatically set on user attributes
* try to take it from initialized authclient instance.
*/
$userTableIdAttribute = $this->getUserTableIdAttribute();
if ($authClient !== null) {
$userTableIdAttribute = $authClient->getUserTableIdAttribute();
}
foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) {
$foundInLdap = in_array($user->getAttribute($userTableIdAttribute), $ids);
// Enable disabled users that have been found in ldap
if ($foundInLdap && $user->status === User::STATUS_DISABLED) {
$user->status = User::STATUS_ENABLED;
$user->save();
Yii::info('Enabled user' . $user->username . ' (' . $user->id . ') - found in LDAP!');
// Disable users that were not found in ldap
} elseif (!$foundInLdap && $user->status !== User::STATUS_DISABLED) {
$user->status = User::STATUS_DISABLED;
$user->save();
Yii::warning('Disabled user' . $user->username . ' (' . $user->id . ') - not found in LDAP!');
}
}
} catch (\Zend\Ldap\Exception\LdapException $ex) {
Yii::error('Could not connect to LDAP instance: ' . $ex->getMessage());
} catch (\Exception $ex) {
Yii::error('An error occurred while user sync: ' . $ex->getMessage());
}
}
/**
* Checks if LDAP is supported
*/
public static function isLdapAvailable()
{
if (!class_exists('Zend\Ldap\Ldap')) {
return false;
}
if (!function_exists('ldap_bind')) {
return false;
}
return true;
}
}

13
sources/patches/app-00-no-password-ldap.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/protected/humhub/modules/ldap/models/LdapSettings.php b/protected/humhub/modules/ldap/models/LdapSettings.php
index e6402e8b3..3b653d590 100644
--- a/protected/humhub/modules/ldap/models/LdapSettings.php
+++ b/protected/humhub/modules/ldap/models/LdapSettings.php
@@ -120,7 +120,7 @@ class LdapSettings extends Model
return [
[['enabled', 'refreshUsers', 'usernameAttribute', 'emailAttribute', 'username', 'passwordField', 'hostname', 'port', 'idAttribute'], 'string', 'max' => 255],
[['baseDn', 'loginFilter', 'userFilter'], 'string'],
- [['usernameAttribute', 'username', 'passwordField', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'],
+ [['usernameAttribute', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'],
['encryption', 'in', 'range' => ['', 'ssl', 'tls']],
];
}

2
sources/version
View file

@ -1 +1 @@
1.2.0 1.7.2