YunoHost-Apps/limesurvey_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/limesurvey_ynh.git synced 2024-09-03 19:36:32 +02:00
Code Issues Activity Actions

[fix] LDAP authentication + datadir

Browse source
This commit is contained in:
ljf 2022-01-14 01:29:27 +01:00
parent 1d5b844d41
commit 2f352da687
10 changed files with 236 additions and 92 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
conf/config.php
View file

@ -63,7 +63,8 @@ return array(
'debugsql'=>0, // Set this to 1 to enanble sql logging, only active when debug = 2
// 'force_xmlsettings_for_survey_rendering' => true, // Uncomment if you want to force the use of the XML file rather than DB (for easy theme development)
// 'use_asset_manager'=>true, // Uncomment if you want to use debug mode and asset manager at the same time
'enableLdap'=>true
'enableLdap'=>true,
'uploaddir'=>'__DATADIR__'
)
);
/* End of file config.php */

68
conf/data.sql
View file

@ -1,45 +1,41 @@
INSERT INTO `lime_plugins` (`id`, `name`, `active`) VALUES
(2,'AuditLog',0),
(3,'oldUrlCompat',0),
(4,'ExportR',0),
(5,'Authwebserver',1),
(6,'extendedStartPage',0),
(7,'ExportSTATAxml',0),
(8,'QuickMenu',0),
(9,'AuthLDAP',0);
UPDATE lime_plugins SET active=1 WHERE name="AuthLDAP";
INSERT INTO `lime_permissions` (`id`, `entity`, `entity_id`, `uid`, `permission`, `create_p`, `read_p`, `update_p`, `delete_p`, `import_p`, `export_p`) VALUES
(2,'global',0,2,'auth_ldap',0,1,0,0,0,0),
(3,'global',0,2,'surveys',1,0,0,0,0,0);
INSERT INTO `lime_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES
(1,9,NULL,NULL,'server','\"ldap:\\/\\/localhost\"'),
(2,9,NULL,NULL,'ldapport','\"\"'),
(3,9,NULL,NULL,'ldapversion','\"3\"'),
(4,9,NULL,NULL,'ldapoptreferrals','\"1\"'),
(5,9,NULL,NULL,'ldaptls','\"0\"'),
(6,9,NULL,NULL,'ldapmode','\"searchandbind\"'),
(7,9,NULL,NULL,'userprefix','null'),
(8,9,NULL,NULL,'domainsuffix','null'),
(9,9,NULL,NULL,'searchuserattribute','\"uid\"'),
(10,9,NULL,NULL,'usersearchbase','\"ou=users,dc=yunohost,dc=org\"'),
(11,9,NULL,NULL,'extrauserfilter','\"(objectClass=inetOrgPerson)\"'),
(12,9,NULL,NULL,'binddn','\"\"'),
(13,9,NULL,NULL,'bindpwd','\"\"'),
(14,9,NULL,NULL,'mailattribute','\"mail\"'),
(15,9,NULL,NULL,'fullnameattribute','\"displayName\"'),
(16,9,NULL,NULL,'is_default','\"0\"'),
(17,9,NULL,NULL,'autocreate','\"1\"'),
(18,9,NULL,NULL,'automaticsurveycreation','\"1\"');
INSERT INTO `lime_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES
(19, 5, NULL, NULL, 'strip_domain', 'null'),
(20, 5, NULL, NULL, 'serverkey', '"REMOTE_USER"'),
(21, 5,NULL,NULL,'is_default','\"1\"');
(2, 5, NULL, NULL, 'server', '\"ldap:\\/\\/localhost\"'),
(3, 5, NULL, NULL, 'ldapport', '\"\"'),
(4, 5, NULL, NULL, 'ldapversion', '\"3\"'),
(5, 5, NULL, NULL, 'ldapoptreferrals', '\"1\"'),
(6, 5, NULL, NULL, 'ldaptls', '\"0\"'),
(7, 5, NULL, NULL, 'ldapmode', '\"searchandbind\"'),
(8, 5, NULL, NULL, 'userprefix', 'null'),
(9, 5, NULL, NULL, 'domainsuffix', 'null'),
(10, 5, NULL, NULL, 'searchuserattribute', '\"uid\"'),
(11, 5, NULL, NULL, 'usersearchbase', '\"ou=users,dc=yunohost,dc=org\"'),
(12, 5, NULL, NULL, 'extrauserfilter', '\"(&(|(objectclass=posixAccount))(uid=%uid)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))\"'),
(13, 5, NULL, NULL, 'binddn', '\"\"'),
(14, 5, NULL, NULL, 'bindpwd', '\"\"'),
(15, 5, NULL, NULL, 'mailattribute', '\"mail\"'),
(16, 5, NULL, NULL, 'fullnameattribute', '\"displayName\"'),
(17, 5, NULL, NULL, 'is_default', '\"\"'),
(18, 5, NULL, NULL, 'autocreate', '\"1\"'),
(19, 5, NULL, NULL, 'automaticsurveycreation', '\"1\"'),
(20, 5, NULL, NULL, 'groupsearchbase', '\"ou=groups,dc=yunohost,dc=org\"'),
(21, 5, NULL, NULL, 'groupsearchfilter', '\"(&(objectclass=top)(memberUid=*))\"'),
(22, 5, NULL, NULL, 'allowInitialUser', '\"1\"');
INSERT INTO `lime_settings_global` VALUES ('defaultlang','__LANGUAGE__'),('AssetsVersion','2620');
{% if __IS_PUBLIC__ == "1" %}
UPDATE `lime_plugin_settings` SET value='\"0\"' WHERE `id`=21;
{% endif %}
#INSERT INTO `lime_plugin_settings` (`id`, `plugin_id`, `model`, `model_id`, `key`, `value`) VALUES
#(23, 7, NULL, NULL, 'strip_domain', 'null'),
#(24, 7, NULL, NULL, 'serverkey', '"REMOTE_USER"'),
#(25, 7,NULL,NULL,'is_default','\"1\"');
INSERT INTO `lime_settings_global` VALUESi
('defaultlang','__LANGUAGE__'),
('AssetsVersion','30214'),
('DBVersion', 449);

1
conf/libreform.src
View file

@ -1,3 +1,4 @@
SOURCE_URL=https://github.com/zamentur/libreform/archive/40fad776c33271ecc028b9260fb7f9e300998e5f.tar.gz
SOURCE_SUM=4c0a96d610c6740ff7467cf1916a923949bf4c00e99a3cd33509335f884e138b
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=libreform-40fad776c33271ecc028b9260fb7f9e300998e5f.tar.gz

117
manifest.json
View file

@ -12,6 +12,7 @@
"license": "GPL-2.0+",
"website": "https://www.limesurvey.org",
"admindoc": "https://manual.limesurvey.org/LimeSurvey_Manual/fr",
"userdoc": "https://help.limesurvey.org",
"code": "https://github.com/LimeSurvey/LimeSurvey"
},
"license": "GPL-2.0+",
@ -21,7 +22,7 @@
"url": "https://reflexlibre.net"
},
"requirements": {
"yunohost": ">= 4.2.4"
"yunohost": ">= 4.3.0"
},
"multi_instance": true,
"services": [
@ -52,7 +53,119 @@
"en": "Choose the default language of this LimeSurvey",
"fr": "Choisissez la langue par défault de LimeSurvey"
},
"choices": ["de", "en", "es", "fr", "it"],
"choices": [
"af",
"am",
"ar",
"az",
"be",
"bg",
"bn",
"bs",
"ca",
"ca-valencia",
"ceb",
"ckb",
"cnr",
"cs",
"cs-informal",
"cy",
"da",
"de",
"de-easy",
"de-informal",
"el",
"en",
"eo",
"es",
"es-AR",
"es-AR-informal",
"es-CL",
"es-CO",
"es-MX",
"et",
"eu",
"fa",
"fi",
"fil",
"fr",
"ful",
"ga",
"gl",
"gu",
"he",
"hi",
"hil",
"hr",
"hu",
"hy",
"id",
"ilo",
"is",
"it",
"it-informal",
"ja",
"ka",
"kal",
"kk",
"kmr",
"ko",
"ky",
"lb",
"lt",
"lv",
"mk",
"ml",
"mn",
"mr",
"ms",
"mt",
"mya",
"nb",
"nl",
"nl-informal",
"nn",
"ny",
"oc",
"pa",
"pap-CW",
"pl",
"pl-informal",
"prs",
"ps",
"pt",
"pt-BR",
"ro",
"roh",
"ru",
"run",
"rw",
"sah",
"si",
"sk",
"sl",
"smi",
"so",
"sq",
"sr",
"sr-Latn",
"sv",
"swh",
"ta",
"tg",
"th",
"ti",
"tl",
"tr",
"uk",
"ur",
"vi",
"xho",
"zh-Hans",
"zh-Hant-HK",
"zh-Hant-TW",
"zu"
],
"default": "en"
},
{

8
scripts/_common.sh
View file

@ -14,14 +14,6 @@ pkg_dependencies="php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mysql php${YNH
# SPECIFIC HELPERS
#=================================================
ynh_configure () {
local TEMPLATE=$1
local DEST=$2
type j2 2>/dev/null || pip3 install j2cli
j2 "${PKG_DIR}/conf/$TEMPLATE.j2" > "${PKG_DIR}/conf/$TEMPLATE"
sudo cp "${PKG_DIR}/conf/$TEMPLATE" "$DEST"
}
#=================================================
# COMMON HELPERS
#=================================================

8
scripts/backup
View file

@ -29,6 +29,7 @@ ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
@ -63,6 +64,13 @@ ynh_print_info --message="Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" > db.sql
#=================================================
# BACKUP THE DATA DIRECTORY
#=================================================
ynh_print_info --message="Backing up data directory..."
ynh_backup --src_path="$datadir" --is_big
#=================================================
# END OF SCRIPT
#=================================================

80
scripts/install
View file

@ -1,7 +1,7 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
@ -10,7 +10,7 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE FAILURE OF THE SCRIPT
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
@ -30,7 +30,7 @@ password=$YNH_APP_ARG_PASSWORD
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
@ -59,6 +59,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --time --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
@ -69,14 +77,6 @@ db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -89,16 +89,16 @@ ynh_setup_source --dest_dir="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod 755 "$final_path/tmp"
chmod 755 "$final_path/upload"
chmod 755 "$final_path/application/config/"
chmod 750 "$final_path/tmp"
chmod 750 "$data_dir/upload"
chmod 750 "$final_path/application/config/"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated nginx config
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
@ -106,7 +106,7 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
# Create a dedicated php-fpm config
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
@ -114,9 +114,22 @@ ynh_add_fpm_config
#=================================================
# CONFIGURE
#=================================================
ynh_script_progression --message="Configuring Limesurvey..." --weight=1
ynh_add_config --template="../conf/config.php" --destination="$final_path/application/config/config.php"
#=================================================
# CREATE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
datadir=/home/yunohost.app/limesurvey
ynh_app_setting_set --app=$app --key=datadir --value=$datadir/upload
mkdir -p $datadir
mv "$final_path/upload" $datadir/upload
chown -R $app:www-data "$datadir"
chmod -R o-rwx "$datadir"
#=================================================
# INSTALL
#=================================================
@ -135,55 +148,42 @@ ynh_exec_as "$app" php $ls_cli install "$admin" "$password" "$fullname" "$mail"
#=================================================
# LOAD SQL SPECIFIC CONFIG
#=================================================
ynh_add_config --template="../conf/data.sql" --destination="./data.sql"
ynh_configure data.sql ./data.sql
mysql -u $db_user -p$db_pwd $db_user < ./data.sql
ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./data.sql
#ynh_add_config --template="../conf/data.sql" --destination="$final_path/data.sql"
#ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < $final_path/data.sql
#ynh_secure_remove --file=$final_path/data.sql
#if [ $is_public -eq 1 ]
#then
# ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" <<< "UPDATE `lime_plugin_settings` SET value='\"0\"' WHERE `id`=21;"
#fi
ynh_secure_remove --file=./data.sql
#=================================================
# Add nice themes
#=================================================
#ynh_setup_source "$final_path/upload/templates/libreform" libreform
ynh_setup_source "$final_path/upload/templates/libreform" libreform
#ynh_setup_source "$final_path/upload/templates/librepoll" librepoll
#=================================================
# SETUP FAIL2BAN
#=================================================
# ynh_script_progression --message="Configuring fail2ban..." --time --weight=1
#ynh_script_progression --message="Configuring fail2ban..." --weight=1
#ynh_add_fail2ban_config "/var/log/nginx/${domain}-error.log" "PHP message: Leed: wrong login for .* client: <HOST>" 5
# No message in logs and the apps contains already a 10 minutes ban policy
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission="main" --add="visitors"
allowed_groups="visitors"
else
allowed_groups="$admin"
fi
ynh_permission_update --permission="main" --url="/admin" --allowed="$allowed_groups"
# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
ynh_permission_create --permission="answer" --url="/" --allowed="visitors" --show_tile="false"
#ynh_script_progression --message="Configuring SSOwat..." --weight=1
#yunohost app addaccess $app -u $admin
#ynh_sso_access "/index.php?r=admin,/index.php?r=plugins,/scripts"
#=================================================
# RELOAD NGINX
#=================================================

12
scripts/remove
View file

@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# STANDARD REMOVE
@ -47,7 +48,16 @@ ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#ynh_secure_remove --file="/home/yunohost.app/$app"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
ynh_secure_remove --file="$datadir"
fi
#=================================================
# REMOVE THE NGINX CONFIGURATION

13
scripts/restore
View file

@ -72,7 +72,6 @@ chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod 755 "$final_path/tmp"
chmod 755 "$final_path/upload"
chmod 755 "$final_path/application/config/"
#=================================================
@ -101,6 +100,18 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring data directory..." --weight=2
# Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup.
ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p "$datadir"
chown -R $app:www-data "$datadir"
chmod -R o-rwx "$datadir"
#=================================================
# GENERIC FINALIZATION
#=================================================

18
scripts/upgrade
View file

@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
@ -63,6 +64,16 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# If datadir doesn't exist, create it
if [ -z "$datadir" ]; then
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir/upload
mkdir -p $datadir
mv "$final_path/upload" $datadir/upload
chown -R $app:www-data "$datadir"
chmod -R o-rwx "$datadir"
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
@ -105,9 +116,10 @@ fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod 755 "$final_path/tmp"
chmod 755 "$final_path/upload"
chmod 755 "$final_path/application/config/"
chmod 750 "$final_path/tmp"
chmod 750 "$final_path/application/config/"
chown -R $app:www-data "$datadir"
chmod 750 $datadir
#=================================================
# NGINX CONFIGURATION