YunoHost-Apps/humhub_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/humhub_ynh.git synced 2024-09-03 19:26:11 +02:00
Code Issues Activity Actions 1

Merge pull request #9 from YunoHost-Apps/1.8.1

Browse source 
1.8.1
This commit is contained in:
Éric Gaspar 2021-03-17 10:18:42 +01:00 committed by GitHub
commit f9274c4dbf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
19 changed files with 557 additions and 1007 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -11,15 +11,15 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview
HumHub is a feature rich and highly flexible OpenSource Social Network Kit written in PHP.
**Shipped version:** 1.0
**Shipped version:** 1.8.1
## Screenshots
![](Link to a screenshot of this app.)
![](https://www.humhub.com/static/img/enterprise/app_small.png)
## Demo
* [Official demo](Link to a demo site for this app.)
* [Official demo](https://www.humhub.com/en)
## Configuration
@ -27,7 +27,7 @@ How to configure this app: From an admin panel, a plain file with SSH, or any ot
## Documentation
* Official documentation: Link to the official documentation of this app
* Official documentation: https://docs.humhub.org
* YunoHost documentation: If specific documentation is needed, feel free to contribute.
## YunoHost specific features
@ -57,7 +57,7 @@ https://yunohost.org/packaging_apps
* Report a bug: https://github.com/YunoHost-Apps/humhub_ynh/issues
* App website: https://www.humhub.org/
* Upstream app repository: Link to the official repository of the upstream app.
* Upstream app repository: https://github.com/humhub/humhub
* YunoHost website: https://yunohost.org/
---

76
README_fr.md Normal file
View file

@ -0,0 +1,76 @@
# HumHub pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/humhub.svg)](https://dash.yunohost.org/appci/app/humhub) ![](https://ci-apps.yunohost.org/ci/badges/humhub.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/humhub.maintain.svg)
[![Installer humhub avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=humhub)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer HumHub rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
## Vue d'ensemble
HumHub est un logiciel libre de réseau social fait pour faciliter la communication et la collaboration.
Il est léger, puissant et possède une interface agréable. Avec HumHub, vous pouvez créer votre propre réseau social personnalisé.
**Version incluse :** 1.8.1
## Captures d'écran
![](https://www.humhub.com/static/img/enterprise/app_small.png)
## Démo
* [Démo officielle](https://www.humhub.com/en)
## Configuration
Comment configurer cette application : via le panneau d'administration, un fichier brut en SSH ou tout autre moyen.
## Documentation
* Documentation officielle : https://docs.humhub.org
* Documentation YunoHost : Si une documentation spécifique est nécessaire, n'hésitez pas à contribuer.
## Caractéristiques spécifiques YunoHost
#### Support multi-utilisateur
* L'authentification LDAP et HTTP est-elle prise en charge ?
* L'application peut-elle être utilisée par plusieurs utilisateurs ?
#### Architectures supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/humhub/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/humhub%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/humhub/)
## Limitations
* Limitations connues.
## Informations additionnelles
* Autres informations que vous souhaitez ajouter sur cette application.
**Plus d'informations sur la page de documentation :**
https://yunohost.org/packaging_apps
## Liens
* Signaler un bug : https://github.com/YunoHost-Apps/humhub_ynh/issues
* Site de l'application : https://www.humhub.org/
* Dépôt de l'application principale : https://github.com/humhub/humhub
* Site web YunoHost : https://yunohost.org/
---
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/humhub_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug
ou
sudo yunohost app upgrade humhub -u https://github.com/YunoHost-Apps/humhub_ynh/tree/testing --debug
```

4
check_process
View file

@ -12,11 +12,11 @@
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=CommitHash
upgrade=0 from_commit=CommitHash
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
change_url=0
;;; Options
Email=
Notification=none

8
conf/app.src
View file

@ -1,7 +1,9 @@
SOURCE_URL=https://github.com/humhub/humhub/archive/v1.7.2.tar.gz
SOURCE_SUM=dd02b47f995bace4e03aff4750772abaab205769c75ef9f22904171b7649c689
SOURCE_URL=https://www.humhub.com/download/package/humhub-1.8.1.tar.gz
SOURCE_SUM=2eca1561506bfa06f8e36358659a0ec0f72497547d949d2232a85dc788ad4758
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_FILENAME=humhub-1.8.1.tar.gz
SOURCE_EXTRACT=true

36
conf/ldap.sql
View file

@ -1,18 +1,28 @@
REPLACE INTO setting (`name`, `value`, `module_id`) VALUES
('auth.ldap.enabled', '1', 'user'),
('auth.ldap.hostname', 'localhost', 'user'),
('auth.ldap.port', '389', 'user'),
('auth.ldap.encryption', '', 'user'),
('auth.ldap.username', '', 'user'),
('auth.ldap.password', '', 'user'),
('auth.ldap.baseDn', 'ou=users,dc=yunohost,dc=org', 'user'),
('auth.ldap.loginFilter', '(uid=%s)', 'user'),
('auth.ldap.userFilter', 'objectClass=mailAccount', 'user'),
('auth.ldap.emailAttribute', 'mail', 'user'),
('auth.ldap.usernameAttribute', 'uid', 'user'),
('auth.ldap.refreshUsers', '1', 'user'),
BEGIN;
DELETE FROM setting WHERE
(`name` = 'auth.anonymousRegistration') OR
(`name` = 'auth.allowGuestAccess') OR
(`name` = 'auth.internalUsersCanInvite');
INSERT INTO setting (`name`, `value`, `module_id`) VALUES
('enabled', '1', 'ldap'),
('hostname', 'localhost', 'ldap'),
('port', '389', 'ldap'),
('encryption', '', 'ldap'),
('username', '', 'ldap'),
('password', '', 'ldap'),
('baseDn', 'ou=users,dc=yunohost,dc=org', 'ldap'),
('loginFilter', '(uid=%s)', 'ldap'),
('userFilter', 'objectClass=mailAccount', 'ldap'),
('emailAttribute', 'mail', 'ldap'),
('usernameAttribute', 'uid', 'ldap'),
('idAttribute', 'uid', 'ldap'),
('refreshUsers', '1', 'ldap'),
('auth.anonymousRegistration', '0', 'user'),
('auth.allowGuestAccess', '0', 'user'),
('auth.internalUsersCanInvite', '0', 'user');
UPDATE `user` SET `auth_mode` = 'ldap' WHERE `user`.`username` = '__ADMIN__';
COMMIT;

33
conf/nginx.conf
View file

@ -2,7 +2,7 @@
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
alias __FINALPATH__/ ;
index index.php;
@ -10,28 +10,29 @@ location __PATH__/ {
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock;
set $fsn /index.php;
if (-f $document_root$fastcgi_script_name){
set $fsn $fastcgi_script_name;
}
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param SCRIPT_FILENAME $document_root$fsn;
}
location ~ ^__PATH__/(?:ico|css|js|gif|jpe?g|png|ttf|woff)$ {
access_log off;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, mustrevalidate, proxy-revalidate";
}
location ~ ^__PATH__/(assets|static|themes|uploads) {
access_log off;
expires 10d;
more_set_headers "Cache-Control: public, no-transform";
}
location = __PATH__/protected {
deny all;
}
location = __PATH__/uploads/file {
deny all;
}
location ~ ^__PATH__/(protected|framework|themes/\w+/views|\.|uploads/file) {
deny all;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;

25
manifest.json
View file

@ -7,13 +7,14 @@
"fr": "Réseau Social d'Entreprise."
},
"url": "https://www.humhub.org",
"license": "free",
"license": "AGPL-3.0-only",
"maintainer": {
"name": "Scith",
"url": "https://github.com/scith"
"name": "Nils Van Zuijlen",
"url": "https://github.com/nils-van-zuijlen"
},
"version": "1.8.1~ynh1",
"requirements": {
"yunohost": ">= 4.0.0"
"yunohost": ">= 4.1.7"
},
"multi_instance": true,
"services": [
@ -26,38 +27,22 @@
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain name for HumHub",
"fr": "Choisissez un nom de domaine pour HumHub"
},
"example": "example.com"
},
{
"name": "path",
"type": "path",
"ask": {
"en": "Choose a path for HumHub",
"fr": "Choisissez un chemin pour HumHub"
},
"example": "/humhub",
"default": "/humhub"
},
{
"name": "admin",
"type": "user",
"ask": {
"en": "Choose an admin user",
"fr": "Choisissez ladministrateur"
},
"example": "johndoe"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public site?",
"fr": "Est-ce un site public ?"
},
"default": false
}
]

79
scripts/_common.sh Normal file
View file

@ -0,0 +1,79 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap"
#=================================================
# PERSONAL HELPERS
#=================================================
local_curl_csrf () {
# Define url of page to curl
local local_page=$(ynh_normalize_url_path $1)
local full_path=$path_url$local_page
if [ "${path_url}" == "/" ]; then
full_path=$local_page
fi
local full_page_url=https://localhost$full_path
# Concatenate all other arguments with '&' to prepare POST data
local POST_data=""
local arg=""
for arg in "${@:2}"
do
POST_data="${POST_data}${arg}&"
done
if [ -n "$POST_data" ]
then
# Add --data arg and remove the last character, which is an unecessary '&'
POST_data="--data ${POST_data::-1}"
fi
# Wait untils nginx has fully reloaded (avoid curl fail with http2)
sleep 2
local cookiefile=/tmp/ynh-$app-cookie.txt
touch $cookiefile
chown root $cookiefile
chmod 700 $cookiefile
# Curl the URL for the CSRF token
local token_line=`curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile | grep 'meta name="csrf-token"'`
token_line=${token_line##*content=\"}
local csrf=${token_line%%\">*}
POST_data="${POST_data}&_csrf=${csrf}"
curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
}
#Convert --data to --data-urlencode before ynh_local_curl
myynh_urlencode() {
local data
if [[ $# != 1 ]]; then
echo "Usage: $0 string-to-urlencode"
return 1
fi
data="$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")"
if [[ $? != 3 ]]; then
echo "Unexpected error" 1>&2
return 2
fi
echo "${data##/?}"
return 0
}
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

21
scripts/_commons.sh
View file

@ -1,21 +0,0 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-apcu-bc php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-ldap"
#=================================================
# PERSONAL HELPERS
#=================================================
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

6
scripts/backup
View file

@ -58,12 +58,6 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# BACKUP VARIOUS FILES
#=================================================

226
scripts/install
View file

@ -34,7 +34,7 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -45,7 +45,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --time --weight=1
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -53,26 +53,10 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --time --weight=1
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --time --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression --message="Creating a MySQL database..." --time --weight=1
ynh_script_progression --message="Creating a MySQL database..." --weight=1
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
@ -82,7 +66,7 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --time --weight=1
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
@ -91,7 +75,7 @@ ynh_setup_source --dest_dir="$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
ynh_script_progression --message="Configuring NGINX web server..." --weight=4
# Create a dedicated NGINX config
ynh_add_nginx_config
@ -99,7 +83,7 @@ ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --time --weight=1
ynh_script_progression --message="Configuring system user..." --weight=2
# Create a system user
ynh_system_user_create --username=$app
@ -107,7 +91,7 @@ ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1
ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies"
@ -116,23 +100,31 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
# SETUP SQL CREDENTIALS
#=================================================
ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php"
#=================================================
# DEACTIVATE DEBUG MODE
#=================================================
ynh_replace_string --match_string="defined('YII_DEBUG') or define('YII_DEBUG', true);"\
--replace_string="// defined('YII_DEBUG') or define('YII_DEBUG', true);"\
--target_file="$final_path/index.php"
ynh_replace_string --match_string="defined('YII_ENV') or define('YII_ENV', 'dev');"\
--replace_string="// defined('YII_ENV') or define('YII_ENV', 'dev');"\
--target_file="$final_path/index.php"
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
### Use these lines only if the app installation needs to be finalized through
### web forms. We generally don't want to ask the final user,
### so we're going to use curl to automatically fill the fields and submit the
### forms.
# Set right permissions for curl install
chown -R $app: $final_path
# Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
ynh_script_progression --message="Configuring SSOwat..." --weight=30
# Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Reload SSOwat config
@ -142,8 +134,37 @@ yunohost app ssowatconf
ynh_systemd_action --service_name=nginx --action=reload
# Installation with curl
ynh_script_progression --message="Finalizing installation..." --time --weight=1
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
ynh_script_progression --message="Finalizing installation..." --weight=2
admin_temp_pass=$(ynh_string_random 6)
admin_email=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail)
admin_firstname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname)
admin_lastname=$(yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname)
ynh_local_curl "/index.php?r=installer/index/go"
local_curl_csrf "/index.php?r=installer/config/basic" \
"ConfigBasicForm[name]=YunoHost"
local_curl_csrf "/index.php?r=installer/config/use-case" \
"UseCaseForm[useCase]=" \
"UseCaseForm[useCase]=other"
local_curl_csrf "/index.php?r=installer/config/admin" \
`myynh_urlencode "User[username]=$admin"` \
`myynh_urlencode "User[email]=$admin_email"` \
`myynh_urlencode "Password[newPassword]=$admin_temp_pass"` \
`myynh_urlencode "Password[newPasswordConfirm]=$admin_temp_pass"` \
`myynh_urlencode "Profile[firstname]=${admin_firstname}"` \
`myynh_urlencode "Profile[lastname]=${admin_lastname}"` \
"save"
local_curl_csrf "/index.php?r=installer/config/sample-data" \
"SampleDataForm[sampleData]=0"
# Populate the LDAP parameters
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/ldap.sql"
mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql
# Remove the public access
ynh_permission_update --permission="main" --remove="visitors"
@ -152,10 +173,6 @@ ynh_permission_update --permission="main" --remove="visitors"
# MODIFY A CONFIG FILE
#=================================================
ynh_add_config --template="../conf/common.php" --destination="$final_path/protected/config/common.php"
ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
@ -165,7 +182,7 @@ ynh_replace_string --match_string="match_string" --replace_string="replace_strin
### you can make a backup of this file before modifying it again if the admin had modified it.
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/CONFIG_FILE"
ynh_store_file_checksum --file="$final_path/protected/config/common.php"
#=================================================
# GENERIC FINALIZATION
@ -174,75 +191,24 @@ ynh_store_file_checksum --file="$final_path/CONFIG_FILE"
#=================================================
# Set permissions to app files
chown -R www-data: $final_path
chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#=================================================
# SETUP LOGROTATE
# SETUP CRON CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring log rotation..." --time --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
### Additional options starting with 3.8:
###
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
### which will then be checked by YunoHost's diagnosis system
### (N.B. DO NOT USE THIS is the port is only internal!!!)
###
### --test_status "some command" a custom command to check the status of the service
### (only relevant if 'systemctl status' doesn't do a good job)
###
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
###
### Re-calling 'yunohost service add' during the upgrade script is the right way
### to proceed if you later realize that you need to enable some flags that
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service
### If you're not using these lines:
### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
### - As well as the section "START SYSTEMD SERVICE" in the restore script
### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --time --weight=1
ynh_script_progression --message="Configuring permissions..." --weight=35
# Make app public if necessary
if [ $is_public -eq 1 ]
@ -253,7 +219,7 @@ fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1
ynh_script_progression --message="Reloading NGINX web server..." --weight=2
ynh_systemd_action --service_name=nginx --action=reload
@ -262,65 +228,3 @@ ynh_systemd_action --service_name=nginx --action=reload
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
# Hotfixes
# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949
sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php
# Fix to allow passwordless LDAP login
sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php
sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php
sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php
# Set permissions to app files
sudo chown -R www-data: $src_path
# Cron
echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron
echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron
sudo mv cron /etc/cron.d/${app}
sudo chown root /etc/cron.d/${app}
# Install
# Disable SSO
ynh_app_setting_set "$app" unprotected_uris "/"
sudo yunohost app ssowatconf
# Install with CURL
admin_temp_pass=$(ynh_string_random 6)
admin_email=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key mail)
admin_firstname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key firstname)
admin_lastname=$(sudo yunohost user info "$admin" --output-as plain | ynh_get_plain_key lastname)
ynh_local_curl "/index.php?r=installer/index/go" "go"
ynh_local_curl "/index.php?r=installer/config/basic" \
"ConfigBasicForm[name]=YunoHost"
ynh_local_curl "/index.php?r=installer/config/use-case" \
"UseCaseForm[useCase]=" \
"UseCaseForm[useCase]=other"
ynh_local_curl "/index.php?r=installer/config/admin" \
"User[username]=$admin" \
"User[email]=$admin_email" \
"Password[newPassword]=$admin_temp_pass" \
"Password[newPasswordConfirm]=$admin_temp_pass" \
"Profile[firstname]=$admin_firstname" \
"Profile[lastname]=$admin_lastname" \
"save"
ynh_local_curl "/index.php?r=installer/config/sample-data" \
"SampleDataForm[sampleData]=0"
# Populate the LDAP parameters
sed -i "s@YNH_ADMIN_USER@$admin@g" ../conf/ldap.sql
mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql

31
scripts/remove
View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
@ -24,21 +24,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --time --weight=1
yunohost service remove $app
fi
#=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
ynh_script_progression --message="Removing the MySQL database..." --weight=1
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
@ -46,7 +35,7 @@ ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --time --weight=1
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
@ -54,7 +43,7 @@ ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --time --weight=1
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -62,7 +51,7 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=2
# Remove the dedicated NGINX config
ynh_remove_nginx_config
@ -70,7 +59,7 @@ ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
@ -80,19 +69,17 @@ ynh_remove_fpm_config
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing CRON configuration..." --weight=2
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app/"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
@ -101,4 +88,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --time --last
ynh_script_progression --message="Removal of $app completed" --last

138
scripts/restore
View file

@ -1,42 +1,122 @@
#!/bin/bash
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
# Source YunoHost helpers
source /usr/share/yunohost/helpers
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Retrieve old app settings
domain=$(ynh_app_setting_get "$app" domain)
path=$(ynh_app_setting_get "$app" path)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
# Check domain/path availability
sudo yunohost app checkurl "${domain}${path}" -a "$app" \
|| ynh_die "Path not available: ${domain}${path}"
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
# Restore sources & data
src_path="/var/www/${app}"
sudo cp -a ./sources "$src_path"
sudo cp -a ./cron "/etc/cron.d/${app}"
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
# Restore permissions to app files
sudo chown -R www-data: $src_path
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# MySQL
dbname=$app
dbuser=$app
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./dump.sql
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
# Restore NGINX configuration
sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_restore_file --origin_path="$final_path"
# Restore PHP-FPM configuration
sudo cp -a ./php-fpm.conf "/etc/php5/fpm/pool.d/${app}.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Restart services
sudo service php5-fpm reload
sudo service nginx reload
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_add_fpm_config --package="$extra_php_dependencies"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=2
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

213
scripts/upgrade
View file

@ -1,83 +1,164 @@
#!/bin/bash
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
version=$(cat ../sources/version)
source='https://sourceforge.net/projects/humhub/files/'
# Source YunoHost helpers
source /usr/share/yunohost/helpers
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
# Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain)
path=$(ynh_app_setting_get "$app" path)
dbuser=$app
dbname=$app
dbpass=$(ynh_app_setting_get "$app" mysqlpwd)
src_path=/var/www/$app
#=================================================
# CHECK VERSION
#=================================================
# Correct path: puts a / at the start and nothing at the end
if [ "${path:0:1}" != "/" ]; then
path="/$path"
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then
path="${path:0:${#path}-1}"
fi
upgrade_type=$(ynh_check_app_version_changed)
# Copy source files
sudo mv "$src_path" "$src_path.old"
sudo mkdir -p $src_path
sudo wget -q "${source}humhub-${version}.zip/download" -O humhub-${version}.zip
sudo unzip -qq humhub-${version}.zip
sudo cp -a humhub-$version/. $src_path
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# Restore files
sudo cp -a "$src_path.old/uploads/." "$src_path/uploads/."
sudo cp -a "$src_path.old/protected/runtime" "$src_path/protected/runtime"
sudo cp -a "$src_path.old/protected/config/." "$src_path/protected/config/"
sudo cp -a "$src_path.old/protected/modules/." "$src_path/protected/modules/"
sudo cp -a "$src_path.old/themes/." "$src_path/themes/"
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
# Hotfixes
# Fix LDAP email. See https://github.com/humhub/humhub/issues/1949
sudo cp -a ../sources/fix/AuthClientHelpers.php $src_path/protected/humhub/modules/user/authclient/AuthClientHelpers.php
# Fix to allow passwordless LDAP login
sudo cp -a ../sources/fix/ZendLdapClient.php $src_path/protected/humhub/modules/user/authclient/ZendLdapClient.php
sudo sed -i "s@defined('YII_DEBUG') or define('YII_DEBUG', true);@//defined('YII_DEBUG') or define('YII_DEBUG', true);@g" $src_path/index.php
sudo sed -i "s@defined('YII_ENV') or define('YII_ENV', 'dev');@//defined('YII_ENV') or define('YII_ENV', 'dev');@g" $src_path/index.php
ynh_app_setting_delete --app=$app --key=is_public
fi
# Set permissions to app files
sudo chown -R www-data: $src_path
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Upgrade
sudo sudo -u www-data php $src_path/protected/yii migrate/up --includeModuleMigrations=1 --interactive=0 > /dev/null 2>&1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Upgrade cron
echo "30 * * * * $src_path/protected/yii cron hourly >/dev/null 2>&1" > cron
echo "00 18 * * * $src_path/protected/yii cron daily >/dev/null 2>&1" > cron
sudo mv cron /etc/cron.d/${app}
sudo chown root /etc/cron.d/${app}
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Modify Nginx configuration file and copy it to Nginx conf directory
nginx_conf=../conf/nginx.conf
sed -i "s@YNH_WWW_PATH@${path:-/}@g" $nginx_conf
sed -i "s@YNH_WWW_ALIAS@$src_path/@g" $nginx_conf
sed -i "s@YNH_WWW_APP@$app@g" $nginx_conf
sudo cp $nginx_conf /etc/nginx/conf.d/$domain.d/$app.conf
# Deactivate cron jobs
ynh_secure_remove --file="/etc/cron.d/$app"
# PHP
sed -i "s@YNH_WWW_APP@$app@g" ../conf/php-fpm.conf
sed -i "s@YNH_WWW_ALIAS@$src_path/@g" ../conf/php-fpm.conf
finalphpconf=/etc/php5/fpm/pool.d/$app.conf
sudo cp ../conf/php-fpm.conf $finalphpconf
sudo chown root: $finalphpconf
sudo chmod 644 $finalphpconf
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Reload nginx service
sudo service php5-fpm reload
sudo service nginx reload
# Backup user contents
mv "$final_path" "$final_path.old"
# Delete old source
sudo rm -rf "$src_path.old"
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Restore user contents
cp -a "$final_path.old/uploads/." "$final_path/uploads/."
cp -a "$final_path.old/protected/runtime" "$final_path/protected/runtime"
cp -a "$final_path.old/protected/config/." "$final_path/protected/config/"
cp -a "$final_path.old/protected/modules/." "$final_path/protected/modules/"
cp -a "$final_path.old/themes/." "$final_path/themes/"
# Delete old source
ynh_secure_remove --file="$final_path.old"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# MIGRATE DATABASE
#=================================================
ynh_script_progression --message="Migrating database..." --weight=1
chown -R $app $final_path/
sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii migrate/up --includeModuleMigrations=1
#=================================================
# UPDATE MODULES
#=================================================
ynh_script_progression --message="Updating modules..." --weight=1
sudo -u $app /usr/bin/php$YNH_PHP_VERSION $final_path/protected/yii module/update-all
#=================================================
# REINSTALL CRONTAB
#=================================================
ynh_script_progression --message="Upgrading crontab..." --weight=1
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Set permissions on app files
chown -R root: $final_path
chown -R $app $final_path/assets
chown -R $app $final_path/protected/config
chown -R $app $final_path/protected/modules
chown -R $app $final_path/protected/runtime
chown -R $app $final_path/uploads/*
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last

261
sources/fix/AuthClientHelpers.php
View file

@ -1,261 +0,0 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2016 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*/
namespace humhub\modules\user\authclient;
use Yii;
use yii\authclient\ClientInterface;
use humhub\modules\user\models\Auth;
use humhub\modules\user\models\User;
/**
* AuthClientHelper provides helper functions fo auth clients
*
* @since 1.1
* @author luke
*/
class AuthClientHelpers
{
/**
* Returns the user object which is linked against given authClient
*
* @param ClientInterface $authClient the authClient
* @return User the user model or null if not found
*/
public static function getUserByAuthClient(ClientInterface $authClient)
{
$attributes = $authClient->getUserAttributes();
if ($authClient instanceof interfaces\PrimaryClient) {
/**
* @var interfaces\PrimaryClient $authClient
*/
return User::findOne([
$authClient->getUserTableIdAttribute() => $attributes['id'],
'auth_mode' => $authClient->getId()
]);
}
$auth = Auth::find()->where(['source' => $authClient->getId(), 'source_id' => $attributes['id']])->one();
if ($auth !== null) {
return $auth->user;
}
}
/**
* Stores an authClient to an user record
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
*/
public static function storeAuthClientForUser(ClientInterface $authClient, User $user)
{
$attributes = $authClient->getUserAttributes();
if ($authClient instanceof interfaces\PrimaryClient) {
$user->auth_mode = $authClient->getId();
$user->save();
} else {
$auth = Auth::findOne(['source' => $authClient->getId(), 'source_id' => $attributes['id']]);
/**
* Make sure authClient is not double assigned
*/
if ($auth !== null && $auth->user_id != $user->id) {
$auth->delete();
$auth = null;
}
if ($auth === null) {
$auth = new \humhub\modules\user\models\Auth([
'user_id' => $user->id,
'source' => (string) $authClient->getId(),
'source_id' => (string) $attributes['id'],
]);
$auth->save();
}
}
}
/**
* Removes Authclient for a user
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
*/
public static function removeAuthClientForUser(ClientInterface $authClient, User $user)
{
Auth::deleteAll([
'user_id' => $user->id,
'source' => (string) $authClient->getId()
]);
}
/**
* Updates (or creates) a user in HumHub using AuthClients Attributes
* This method will be called after login or by cron sync.
*
* @param \yii\authclient\BaseClient $authClient
* @param User $user
* @return boolean succeed
*/
public static function updateUser(ClientInterface $authClient, User $user = null)
{
if ($user === null) {
$user = self::getUserByAuthClient($authClient);
if ($user === null) {
return false;
}
}
$authClient->trigger(BaseClient::EVENT_UPDATE_USER, new \yii\web\UserEvent(['identity' => $user]));
if ($authClient instanceof interfaces\SyncAttributes) {
$attributes = $authClient->getUserAttributes();
foreach ($authClient->getSyncAttributes() as $attributeName) {
if (isset($attributes[$attributeName])) {
if (in_array($attributeName, ['email', 'username'])) {
$user->setAttribute($attributeName, $attributes[$attributeName]);
} else {
$user->profile->setAttribute($attributeName, $attributes[$attributeName]);
}
} else {
if ($user->profile->hasAttribute($attributeName)) {
$user->profile->setAttribute($attributeName, '');
}
}
}
if (count($user->getDirtyAttributes()) !== 0 && !$user->save()) {
Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->getErrors(), 1));
return false;
}
if (count($user->profile->getDirtyAttributes()) !== 0 && !$user->profile->save()) {
Yii::error('Could not update user attributes by AuthClient (UserId: ' . $user->id . ") - Error: " . print_r($user->profile->getErrors(), 1));
return false;
}
}
return true;
}
/**
* Automatically creates user by auth client attributes
*
* @param \yii\authclient\BaseClient $authClient
* @return boolean success status
*/
public static function createUser(ClientInterface $authClient)
{
$attributes = $authClient->getUserAttributes();
if (!isset($attributes['id'])) {
return false;
}
// Hotfix for YunoHost. Select the first LDAP email address when there are several in the mail attribute. See https://github.com/humhub/humhub/issues/1949
if (is_array($attributes['mail'])) {
$attributes['mail'] = $attributes['mail'][0];
}
if (is_array($attributes['email'])) {
$attributes['email'] = $attributes['email'][0];
}
$registration = new \humhub\modules\user\models\forms\Registration();
$registration->enablePasswordForm = false;
$registration->enableEmailField = true;
if ($authClient instanceof interfaces\ApprovalBypass) {
$registration->enableUserApproval = false;
}
unset($attributes['id']);
$registration->getUser()->setAttributes($attributes, false);
$registration->getProfile()->setAttributes($attributes, false);
$registration->getGroupUser()->setAttributes($attributes, false);
if ($registration->validate() && $registration->register($authClient)) {
return $registration->getUser();
}
return null;
}
/**
* Returns all users which are using an given authclient
*
* @param ClientInterface $authClient
* @return \yii\db\ActiveQuery
*/
public static function getUsersByAuthClient(ClientInterface $authClient)
{
$query = User::find();
if ($authClient instanceof interfaces\PrimaryClient) {
$query->where([
'auth_mode' => $authClient->getId()
]);
} else {
$query->where(['user_auth.source' => $authClient->getId()]);
}
return $query;
}
/**
* Returns AuthClients used by given User
*
* @param User $user
* @return ClientInterface[] the users authclients
*/
public static function getAuthClientsByUser(User $user)
{
$authClients = [];
foreach (Yii::$app->authClientCollection->getClients() as $client) {
/**
* @var $client ClientInterface
*/
// Add primary authClient
if ($user->auth_mode == $client->getId()) {
$authClients[] = $client;
}
// Add additional authClient
foreach ($user->auths as $auth) {
if ($auth->source == $client->getId()) {
$authClients[] = $client;
}
}
}
return $authClients;
}
/**
* Returns a list of all synchornized user attributes
*
* @param User $user
* @return array attribute names
*/
public static function getSyncAttributesByUser(User $user)
{
$attributes = [];
foreach (self::getAuthClientsByUser($user) as $authClient) {
if ($authClient instanceof interfaces\SyncAttributes) {
$attributes = array_merge($attributes, $authClient->getSyncAttributes());
}
}
return $attributes;
}
}

380
sources/fix/ZendLdapClient.php
View file

@ -1,380 +0,0 @@
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace humhub\modules\user\authclient;
use Yii;
use Zend\Ldap\Ldap;
use Zend\Ldap\Node;
use Zend\Ldap\Exception\LdapException;
use humhub\modules\user\models\User;
use humhub\modules\user\models\ProfileField;
/**
* LDAP Authentication
*
* @todo create base ldap authentication, to bypass ApprovalByPass Interface
* @since 1.1
*/
class ZendLdapClient extends BaseFormAuth implements interfaces\AutoSyncUsers, interfaces\SyncAttributes, interfaces\ApprovalBypass, interfaces\PrimaryClient
{
/**
* @var \Zend\Ldap\Ldap
*/
private $_ldap = null;
/**
* ID attribute to uniquely identify user
* If set to null, automatically a value email or objectguid will be used if available.
*
* @var string attribute name to identify node
*/
public $idAttribute = null;
/**
* @var string attribute name to user record
*/
public $userTableIdAttribute = 'guid';
/**
* @inheritdoc
*/
public $byPassApproval = true;
/**
* @inheritdoc
*/
public function getId()
{
return 'ldap';
}
/**
* @inheritdoc
*/
protected function defaultName()
{
return 'ldap';
}
/**
* @inheritdoc
*/
protected function defaultTitle()
{
return 'LDAP';
}
/**
* @inheritdoc
*/
public function getIdAttribute()
{
return $this->idAttribute;
}
/**
* @inheritdoc
*/
public function getUserTableIdAttribute()
{
return $this->userTableIdAttribute;
}
/**
* @inheritdoc
*/
public function auth()
{
$node = $this->getUserNode();
if ($node !== null) {
$this->setUserAttributes($node->getAttributes());
return true;
}
return false;
}
/**
* @inheritdoc
*/
protected function defaultNormalizeUserAttributeMap()
{
$map = [];
// Username field
$usernameAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.usernameAttribute');
if ($usernameAttribute == '') {
$usernameAttribute = 'sAMAccountName';
}
$map['username'] = strtolower($usernameAttribute);
// E-Mail field
$emailAttribute = Yii::$app->getModule('user')->settings->get('auth.ldap.emailAttribute');
if ($emailAttribute == '') {
$emailAttribute = 'mail';
}
$map['email'] = strtolower($emailAttribute);
// Profile Field Mapping
foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) {
$map[$profileField->internal_name] = strtolower($profileField->ldap_attribute);
}
return $map;
}
/**
* @inheritdoc
*/
protected function normalizeUserAttributes($attributes)
{
$normalized = [];
// Fix LDAP Attributes
foreach ($attributes as $name => $value) {
if (is_array($value) && count($value) == 1 && $name != 'memberof') {
$normalized[$name] = $value[0];
} else {
$normalized[$name] = $value;
}
}
if (isset($normalized['objectguid'])) {
$normalized['objectguid'] = \humhub\libs\StringHelper::binaryToGuid($normalized['objectguid']);
}
// Handle date fields (formats are specified in config)
foreach ($normalized as $name => $value) {
if (isset(Yii::$app->params['ldap']['dateFields'][$name]) && $value != '') {
$dateFormat = Yii::$app->params['ldap']['dateFields'][$name];
$date = \DateTime::createFromFormat($dateFormat, $value);
if ($date !== false) {
$normalized[$name] = $date->format('Y-m-d 00:00:00');
} else {
$normalized[$name] = "";
}
}
}
return parent::normalizeUserAttributes($normalized);
}
/**
* @return array list of user attributes
*/
public function getUserAttributes()
{
$attributes = parent::getUserAttributes();
// Try to automatically set id and usertable id attribute by available attributes
if ($this->getIdAttribute() === null || $this->getUserTableIdAttribute() === null) {
if (isset($attributes['objectguid'])) {
$this->idAttribute = 'objectguid';
$this->userTableIdAttribute = 'guid';
} elseif (isset($attributes['mail'])) {
$this->idAttribute = 'mail';
$this->userTableIdAttribute = 'email';
} else {
throw new \yii\base\Exception("Could not automatically determine unique user id from ldap node!");
}
}
// Make sure id attributes sits on id attribute key
if (isset($attributes[$this->getIdAttribute()])) {
$attributes['id'] = $attributes[$this->getIdAttribute()];
}
// Map usertable id attribute against ldap id attribute
$attributes[$this->getUserTableIdAttribute()] = $attributes[$this->getIdAttribute()];
return $attributes;
}
/**
* Returns Users LDAP Node
*
* @return Node the users ldap node
*/
protected function getUserNode()
{
$dn = $this->getUserDn();
if ($dn !== '') {
return $this->getLdap()->getNode($dn);
}
return null;
}
/**
* Returns the users LDAP DN
*
* @return string the user dn if found
*/
protected function getUserDn()
{
$userName = $this->login->username;
// Translate given e-mail to username
if (strpos($userName, '@') !== false) {
$user = User::findOne(['email' => $userName]);
if ($user !== null) {
$userName = $user->username;
}
}
try {
$this->getLdap()->bind($userName, $this->login->password);
return $this->getLdap()->getCanonicalAccountName($userName, Ldap::ACCTNAME_FORM_DN);
} catch (LdapException $ex) {
// User not found in LDAP
}
return '';
}
/**
* Returns Zend LDAP
*
* @return \Zend\Ldap\Ldap
*/
public function getLdap()
{
if ($this->_ldap === null) {
$options = array(
'host' => Yii::$app->getModule('user')->settings->get('auth.ldap.hostname'),
'port' => Yii::$app->getModule('user')->settings->get('auth.ldap.port'),
//'username' => Yii::$app->getModule('user')->settings->get('auth.ldap.username'),
//'password' => Yii::$app->getModule('user')->settings->get('auth.ldap.password'),
'username' => '',
'password' => '',
'useStartTls' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'tls'),
'useSsl' => (Yii::$app->getModule('user')->settings->get('auth.ldap.encryption') == 'ssl'),
'bindRequiresDn' => true,
'baseDn' => Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn'),
'accountFilterFormat' => Yii::$app->getModule('user')->settings->get('auth.ldap.loginFilter'),
);
$this->_ldap = new \Zend\Ldap\Ldap($options);
$this->_ldap->bind();
}
return $this->_ldap;
}
/**
* Sets an Zend LDAP Instance
*
* @param \Zend\Ldap\Ldap $ldap
*/
public function setLdap(\Zend\Ldap\Ldap $ldap)
{
$this->_ldap = $ldap;
}
/**
* @inheritdoc
*/
public function getSyncAttributes()
{
$attributes = ['username', 'email'];
foreach (ProfileField::find()->andWhere(['!=', 'ldap_attribute', ''])->all() as $profileField) {
$attributes[] = $profileField->internal_name;
}
return $attributes;
}
/**
* Refresh ldap users
*
* New users (found in ldap) will be automatically created if all required fiélds are set.
* Profile fields which are bind to LDAP will automatically updated.
*/
public function syncUsers()
{
if (!Yii::$app->getModule('user')->settings->get('auth.ldap.enabled') || !Yii::$app->getModule('user')->settings->get('auth.ldap.refreshUsers')) {
return;
}
$userFilter = Yii::$app->getModule('user')->settings->get('auth.ldap.userFilter');
$baseDn = Yii::$app->getModule('user')->settings->get('auth.ldap.baseDn');
try {
$ldap = $this->getLdap();
$userCollection = $ldap->search($userFilter, $baseDn, Ldap::SEARCH_SCOPE_SUB);
$authClient = null;
$ids = [];
foreach ($userCollection as $attributes) {
$authClient = clone $this;
$authClient->init();
$authClient->setUserAttributes($attributes);
$attributes = $authClient->getUserAttributes();
$user = AuthClientHelpers::getUserByAuthClient($authClient);
if ($user === null) {
if (!AuthClientHelpers::createUser($authClient)) {
Yii::warning('Could not automatically create LDAP user - check required attributes! (' . print_r($attributes, 1) . ')');
}
} else {
AuthClientHelpers::updateUser($authClient, $user);
}
$ids[] = $attributes['id'];
}
/**
* Since userTableAttribute can be automatically set on user attributes
* try to take it from initialized authclient instance.
*/
$userTableIdAttribute = $this->getUserTableIdAttribute();
if ($authClient !== null) {
$userTableIdAttribute = $authClient->getUserTableIdAttribute();
}
foreach (AuthClientHelpers::getUsersByAuthClient($this)->each() as $user) {
$foundInLdap = in_array($user->getAttribute($userTableIdAttribute), $ids);
// Enable disabled users that have been found in ldap
if ($foundInLdap && $user->status === User::STATUS_DISABLED) {
$user->status = User::STATUS_ENABLED;
$user->save();
Yii::info('Enabled user' . $user->username . ' (' . $user->id . ') - found in LDAP!');
// Disable users that were not found in ldap
} elseif (!$foundInLdap && $user->status !== User::STATUS_DISABLED) {
$user->status = User::STATUS_DISABLED;
$user->save();
Yii::warning('Disabled user' . $user->username . ' (' . $user->id . ') - not found in LDAP!');
}
}
} catch (\Zend\Ldap\Exception\LdapException $ex) {
Yii::error('Could not connect to LDAP instance: ' . $ex->getMessage());
} catch (\Exception $ex) {
Yii::error('An error occurred while user sync: ' . $ex->getMessage());
}
}
/**
* Checks if LDAP is supported
*/
public static function isLdapAvailable()
{
if (!class_exists('Zend\Ldap\Ldap')) {
return false;
}
if (!function_exists('ldap_bind')) {
return false;
}
return true;
}
}

13
sources/patches/app-00-no-password-ldap.patch Normal file
View file

@ -0,0 +1,13 @@
diff --git a/protected/humhub/modules/ldap/models/LdapSettings.php b/protected/humhub/modules/ldap/models/LdapSettings.php
index e6402e8b3..3b653d590 100644
--- a/protected/humhub/modules/ldap/models/LdapSettings.php
+++ b/protected/humhub/modules/ldap/models/LdapSettings.php
@@ -120,7 +120,7 @@ class LdapSettings extends Model
return [
[['enabled', 'refreshUsers', 'usernameAttribute', 'emailAttribute', 'username', 'passwordField', 'hostname', 'port', 'idAttribute'], 'string', 'max' => 255],
[['baseDn', 'loginFilter', 'userFilter'], 'string'],
- [['usernameAttribute', 'username', 'passwordField', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'],
+ [['usernameAttribute', 'hostname', 'port', 'baseDn', 'loginFilter', 'userFilter', 'idAttribute'], 'required'],
['encryption', 'in', 'range' => ['', 'ssl', 'tls']],
];
}

2
sources/version
View file

@ -1 +1 @@
1.2.0
1.7.2