1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lufi_ynh.git synced 2024-09-03 19:36:28 +02:00

Merge pull request #69 from tytan652/ldap_on_public

Allow LDAP on public and remove legacy permission and various fixes
This commit is contained in:
yalh76 2022-02-02 01:44:38 +01:00 committed by GitHub
commit 4aa0735fc8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 97 additions and 106 deletions

View file

@ -3,9 +3,9 @@
; Manifest ; Manifest
domain="domain.tld" domain="domain.tld"
path="/path" path="/path"
admin="john"
is_public=1 is_public=1
max_file_size=100 max_file_size=100
use_ldap=0
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1

View file

@ -59,7 +59,7 @@
# max file size, in octets # max file size, in octets
# you can write it 100*1024*1024 # you can write it 100*1024*1024
# optional, no default # optional, no default
max_file_size => __MAX_FILE_SIZE__*1024*1024, __MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
# if you want to have piwik statistics, provide a piwik image tracker # if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript # only the image tracker is allowed, no javascript
@ -199,20 +199,20 @@
# set `ldap` if you want that only authenticated users can upload files # set `ldap` if you want that only authenticated users can upload files
# please note that everybody can still download files # please note that everybody can still download files
# optional, no default # optional, no default
__IS_PUBLIC__ldap => { __LDAP__ldap => {
__IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI __LDAP__ uri => 'ldap://localhost:389', # server URI
__IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN __LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
__IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN __LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
__IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password __LDAP__ #bind_pwd => 'secr3t', # search bind password
__IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.) __LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
__IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.) __LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
__IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls __LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
__IS_PUBLIC__ # don't set or uncomment if you don't want to configure it __LDAP__ # don't set or uncomment if you don't want to configure it
__IS_PUBLIC__ #start_tls => { __LDAP__ #start_tls => {
__IS_PUBLIC__ # verify => 'optional', __LDAP__ # verify => 'optional',
__IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem' __LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
__IS_PUBLIC__ #} __LDAP__ #}
__IS_PUBLIC__}, __LDAP__},
# if you've set ldap above, the session will last `session_duration` seconds before # if you've set ldap above, the session will last `session_duration` seconds before
# the user needs to reauthenticate # the user needs to reauthenticate

View file

@ -6,7 +6,7 @@
"en": "Self hosting files and sharing anonymous application", "en": "Self hosting files and sharing anonymous application",
"fr": "Application d'hébergement et de partage de fichiers anonyme" "fr": "Application d'hébergement et de partage de fichiers anonyme"
}, },
"version": "0.05.16~ynh1", "version": "0.05.16~ynh2",
"url": "https://git.framasoft.org/luc/lufi", "url": "https://git.framasoft.org/luc/lufi",
"upstream": { "upstream": {
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
@ -52,6 +52,19 @@
}, },
"example": "100", "example": "100",
"default": "100" "default": "100"
},
{
"name": "use_ldap",
"type": "boolean",
"ask": {
"en": "Install Lufi with LDAP configuration?",
"fr": "Installer Lufi avec la configuration LDAP ?"
},
"help": {
"en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.",
"fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser."
},
"default": false
} }
] ]
} }

View file

@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application # Add settings here as needed by your application
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
db_user=$db_name db_user=$db_name
@ -119,49 +119,22 @@ ynh_script_progression --message="Configuring lufi..."
domain="$new_domain" domain="$new_domain"
path_url="$new_path" path_url="$new_path"
config=${final_path}/lufi.conf ldap="#"
ynh_backup_if_checksum_is_different --file="$config" if [ $use_ldap -eq 1 ];
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config"
max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf
#=================================================
# UPDATE SSOWAT
#=================================================
ynh_script_progression --message="Reconfiguring permissions..."
ynh_permission_update --permission="main" --add="visitors"
if [ $is_public -eq 0 ]
then
if [ "$path_url" == "/" ]; then
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION
#================================================= #=================================================

View file

@ -27,6 +27,7 @@ domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
use_ldap=$YNH_APP_ARG_USE_LDAP
secret=$(ynh_string_random --length=24) secret=$(ynh_string_random --length=24)
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -54,7 +55,7 @@ ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=use_ldap --value=$use_ldap
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
ynh_app_setting_set --app=$app --key=secret --value=$secret ynh_app_setting_set --app=$app --key=secret --value=$secret
@ -125,28 +126,18 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Configuring $app..." ynh_script_progression --message="Configuring $app..."
config=${final_path}/lufi.conf ldap="#"
cp ../conf/lufi.conf.template "$config" if [ $use_ldap -eq 1 ];
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config" max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf
@ -204,17 +195,9 @@ ynh_systemd_action --service_name=$app --action="start" --line_match="Creating p
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." ynh_script_progression --message="Configuring permissions..."
ynh_permission_update --permission="main" --add="visitors" if [ $is_public -eq 1 ]
if [ $is_public -eq 0 ]
then then
if [ "$path_url" == "/" ]; then ynh_permission_update --permission="main" --add="visitors"
# If the path is /, clear it to prevent any error with the regex.
path_url=""
fi
# Modify the domain to be used in a regex
domain_regex=$(echo "$domain" | sed 's@-@.@g')
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
fi fi
#================================================= #=================================================

View file

@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
secret=$(ynh_app_setting_get --app=$app --key=secret) secret=$(ynh_app_setting_get --app=$app --key=secret)
@ -80,6 +80,39 @@ if [ -z "$max_file_size" ]; then
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
fi fi
# Check if is_public settings exist and is set to true
was_public=$(ynh_app_setting_get --app=$app --key=is_public)
if [ $was_public -eq 1 ]
then
# Fix permissions if true
ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy public instance detected, allow visitors with new permission."
use_ldap=0
# Add new permission to allow visitors
ynh_permission_update --permission="main" --add="visitors"
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public
fi
# Check if legacy permissions exists (meanning that is_public was set to false)
if ynh_legacy_permissions_exists; then
ynh_print_info --message="Upgrading from legacy permission..."
ynh_print_info --message="Legacy private instance detected, keep LDAP enabled."
# Legacy private install have LDAP enabled
use_ldap=1
# Cleaning legacy permissions
ynh_print_info --message="Removing legacy permission..."
ynh_legacy_permissions_delete_all
# Remove deprecated is_public settings
ynh_app_setting_delete --app=$app --key=is_public
fi
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
@ -126,29 +159,18 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
ynh_script_progression --message="Configuring Lufi..." ynh_script_progression --message="Configuring Lufi..."
config=${final_path}/lufi.conf ldap="#"
ynh_backup_if_checksum_is_different --file="$config" if [ $use_ldap -eq 1 ];
cp ../conf/lufi.conf.template "$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
fi
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
if [ $is_public -eq 0 ];
then then
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config" ldap=""
else
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
fi fi
ynh_store_file_checksum --file="$config" max_size_set=""
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
max_size_set="#"
fi
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
chmod 600 $final_path/lufi.conf chmod 600 $final_path/lufi.conf
chown $app:$app $final_path/lufi.conf chown $app:$app $final_path/lufi.conf