mirror of
https://github.com/YunoHost-Apps/lufi_ynh.git
synced 2024-09-03 19:36:28 +02:00
Merge pull request #69 from tytan652/ldap_on_public
Allow LDAP on public and remove legacy permission and various fixes
This commit is contained in:
yalh76
GitHub
commit
4aa0735fc8
6 changed files with 97 additions and 106 deletions
|
|
@ -3,9 +3,9 @@
|
|||
; Manifest
|
||||
domain="domain.tld"
|
||||
path="/path"
|
||||
admin="john"
|
||||
is_public=1
|
||||
max_file_size=100
|
||||
use_ldap=0
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=1
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@
|
|||
# max file size, in octets
|
||||
# you can write it 100*1024*1024
|
||||
# optional, no default
|
||||
max_file_size => __MAX_FILE_SIZE__*1024*1024,
|
||||
__MAX_SIZE_SET__max_file_size => __MAX_FILE_SIZE__*1024*1024,
|
||||
|
||||
# if you want to have piwik statistics, provide a piwik image tracker
|
||||
# only the image tracker is allowed, no javascript
|
||||
|
|
@ -199,20 +199,20 @@
|
|||
# set `ldap` if you want that only authenticated users can upload files
|
||||
# please note that everybody can still download files
|
||||
# optional, no default
|
||||
__IS_PUBLIC__ldap => {
|
||||
__IS_PUBLIC__ uri => 'ldap://localhost:389', # server URI
|
||||
__IS_PUBLIC__ user_tree => 'dc=yunohost,dc=org', # search base DN
|
||||
__IS_PUBLIC__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
|
||||
__IS_PUBLIC__ #bind_pwd => 'secr3t', # search bind password
|
||||
__IS_PUBLIC__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
|
||||
__IS_PUBLIC__ #user_filter => '(!(uid=ldap_user))', # user filter (to exclude some users, etc.)
|
||||
__IS_PUBLIC__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
|
||||
__IS_PUBLIC__ # don't set or uncomment if you don't want to configure it
|
||||
__IS_PUBLIC__ #start_tls => {
|
||||
__IS_PUBLIC__ # verify => 'optional',
|
||||
__IS_PUBLIC__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
|
||||
__IS_PUBLIC__ #}
|
||||
__IS_PUBLIC__},
|
||||
__LDAP__ldap => {
|
||||
__LDAP__ uri => 'ldap://localhost:389', # server URI
|
||||
__LDAP__ user_tree => 'dc=yunohost,dc=org', # search base DN
|
||||
__LDAP__ bind_dn => 'ou=users,dc=yunohost,dc=org', # search bind DN
|
||||
__LDAP__ #bind_pwd => 'secr3t', # search bind password
|
||||
__LDAP__ user_attr => 'uid', # user attribute (uid, mail, sAMAccountName, etc.)
|
||||
__LDAP__ user_filter => '(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))', # user filter (to exclude some users, etc.)
|
||||
__LDAP__ # optional start_tls configuration. See https://metacpan.org/pod/distribution/perl-ldap/lib/Net/LDAP.pod#start_tls
|
||||
__LDAP__ # don't set or uncomment if you don't want to configure it
|
||||
__LDAP__ #start_tls => {
|
||||
__LDAP__ # verify => 'optional',
|
||||
__LDAP__ # clientcert => '/etc/ssl/certs/ca-bundle.pem'
|
||||
__LDAP__ #}
|
||||
__LDAP__},
|
||||
|
||||
# if you've set ldap above, the session will last `session_duration` seconds before
|
||||
# the user needs to reauthenticate
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@
|
|||
"en": "Self hosting files and sharing anonymous application",
|
||||
"fr": "Application d'hébergement et de partage de fichiers anonyme"
|
||||
},
|
||||
"version": "0.05.16~ynh1",
|
||||
"version": "0.05.16~ynh2",
|
||||
"url": "https://git.framasoft.org/luc/lufi",
|
||||
"upstream": {
|
||||
"license": "AGPL-3.0-or-later",
|
||||
|
|
@ -52,6 +52,19 @@
|
|||
},
|
||||
"example": "100",
|
||||
"default": "100"
|
||||
},
|
||||
{
|
||||
"name": "use_ldap",
|
||||
"type": "boolean",
|
||||
"ask": {
|
||||
"en": "Install Lufi with LDAP configuration?",
|
||||
"fr": "Installer Lufi avec la configuration LDAP ?"
|
||||
},
|
||||
"help": {
|
||||
"en": "A Lufi with LDAP enabled will allow only YunoHost users to upload.",
|
||||
"fr": "Un Lufi avec LDAP activé autorisera seulement les utilisateurs YunoHost à téléverser."
|
||||
},
|
||||
"default": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|||
|
||||
# Add settings here as needed by your application
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
||||
db_user=$db_name
|
||||
|
|
@ -119,49 +119,22 @@ ynh_script_progression --message="Configuring lufi..."
|
|||
domain="$new_domain"
|
||||
path_url="$new_path"
|
||||
|
||||
config=${final_path}/lufi.conf
|
||||
ynh_backup_if_checksum_is_different --file="$config"
|
||||
cp ../conf/lufi.conf.template "$config"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
|
||||
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
|
||||
fi
|
||||
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
|
||||
if [ $is_public -eq 0 ];
|
||||
ldap="#"
|
||||
if [ $use_ldap -eq 1 ];
|
||||
then
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
|
||||
else
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
|
||||
ldap=""
|
||||
fi
|
||||
ynh_store_file_checksum --file="$config"
|
||||
|
||||
max_size_set=""
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
max_size_set="#"
|
||||
fi
|
||||
|
||||
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
|
||||
|
||||
chmod 600 $final_path/lufi.conf
|
||||
chown $app:$app $final_path/lufi.conf
|
||||
|
||||
#=================================================
|
||||
# UPDATE SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring permissions..."
|
||||
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
|
||||
if [ $is_public -eq 0 ]
|
||||
then
|
||||
if [ "$path_url" == "/" ]; then
|
||||
# If the path is /, clear it to prevent any error with the regex.
|
||||
path_url=""
|
||||
fi
|
||||
# Modify the domain to be used in a regex
|
||||
domain_regex=$(echo "$domain" | sed 's@-@.@g')
|
||||
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALISATION
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ domain=$YNH_APP_ARG_DOMAIN
|
|||
path_url=$YNH_APP_ARG_PATH
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
max_file_size=$YNH_APP_ARG_MAX_FILE_SIZE
|
||||
use_ldap=$YNH_APP_ARG_USE_LDAP
|
||||
secret=$(ynh_string_random --length=24)
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
|
@ -54,7 +55,7 @@ ynh_script_progression --message="Storing installation settings..."
|
|||
|
||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||
ynh_app_setting_set --app=$app --key=use_ldap --value=$use_ldap
|
||||
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
|
||||
ynh_app_setting_set --app=$app --key=secret --value=$secret
|
||||
|
||||
|
|
@ -125,28 +126,18 @@ ynh_add_nginx_config
|
|||
#=================================================
|
||||
ynh_script_progression --message="Configuring $app..."
|
||||
|
||||
config=${final_path}/lufi.conf
|
||||
cp ../conf/lufi.conf.template "$config"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
|
||||
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
|
||||
fi
|
||||
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
|
||||
|
||||
if [ $is_public -eq 0 ];
|
||||
ldap="#"
|
||||
if [ $use_ldap -eq 1 ];
|
||||
then
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
|
||||
else
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
|
||||
ldap=""
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum --file="$config"
|
||||
max_size_set=""
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
max_size_set="#"
|
||||
fi
|
||||
|
||||
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
|
||||
|
||||
chmod 600 $final_path/lufi.conf
|
||||
chown $app:$app $final_path/lufi.conf
|
||||
|
|
@ -204,17 +195,9 @@ ynh_systemd_action --service_name=$app --action="start" --line_match="Creating p
|
|||
#=================================================
|
||||
ynh_script_progression --message="Configuring permissions..."
|
||||
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
|
||||
if [ $is_public -eq 0 ]
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
if [ "$path_url" == "/" ]; then
|
||||
# If the path is /, clear it to prevent any error with the regex.
|
||||
path_url=""
|
||||
fi
|
||||
# Modify the domain to be used in a regex
|
||||
domain_regex=$(echo "$domain" | sed 's@-@.@g')
|
||||
ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/stats$","$domain_regex$path_url/manifest.webapp$","$domain_regex$path_url/$","$domain_regex$path_url/d/.*$","$domain_regex$path_url/m/.*$"
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
use_ldap=$(ynh_app_setting_get --app=$app --key=use_ldap)
|
||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
secret=$(ynh_app_setting_get --app=$app --key=secret)
|
||||
|
|
@ -80,6 +80,39 @@ if [ -z "$max_file_size" ]; then
|
|||
ynh_app_setting_set --app=$app --key=max_file_size --value=$max_file_size
|
||||
fi
|
||||
|
||||
# Check if is_public settings exist and is set to true
|
||||
was_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
if [ $was_public -eq 1 ]
|
||||
then
|
||||
# Fix permissions if true
|
||||
ynh_print_info --message="Upgrading from legacy permission..."
|
||||
ynh_print_info --message="Legacy public instance detected, allow visitors with new permission."
|
||||
use_ldap=0
|
||||
|
||||
# Add new permission to allow visitors
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
|
||||
# Remove deprecated is_public settings
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
# Check if legacy permissions exists (meanning that is_public was set to false)
|
||||
if ynh_legacy_permissions_exists; then
|
||||
|
||||
ynh_print_info --message="Upgrading from legacy permission..."
|
||||
ynh_print_info --message="Legacy private instance detected, keep LDAP enabled."
|
||||
|
||||
# Legacy private install have LDAP enabled
|
||||
use_ldap=1
|
||||
|
||||
# Cleaning legacy permissions
|
||||
ynh_print_info --message="Removing legacy permission..."
|
||||
ynh_legacy_permissions_delete_all
|
||||
|
||||
# Remove deprecated is_public settings
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
|
|
@ -126,29 +159,18 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
|
|||
#=================================================
|
||||
ynh_script_progression --message="Configuring Lufi..."
|
||||
|
||||
config=${final_path}/lufi.conf
|
||||
ynh_backup_if_checksum_is_different --file="$config"
|
||||
cp ../conf/lufi.conf.template "$config"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$config"
|
||||
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_user" --target_file="$config"
|
||||
ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
|
||||
ynh_replace_string --match_string="__MAX_FILE_SIZE__" --replace_string="$max_file_size" --target_file="$config"
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
ynh_replace_string --match_string="max_file_size" --replace_string="#max_file_size" --target_file="$config"
|
||||
fi
|
||||
ynh_replace_string --match_string="__SECRET__" --replace_string="$secret" --target_file="$config"
|
||||
|
||||
if [ $is_public -eq 0 ];
|
||||
ldap="#"
|
||||
if [ $use_ldap -eq 1 ];
|
||||
then
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="" --target_file="$config"
|
||||
else
|
||||
ynh_replace_string --match_string="__IS_PUBLIC__" --replace_string="#" --target_file="$config"
|
||||
ldap=""
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum --file="$config"
|
||||
max_size_set=""
|
||||
if [ $max_file_size -eq 0 ]; then # Comment the limitation line if no limit
|
||||
max_size_set="#"
|
||||
fi
|
||||
|
||||
ynh_add_config --template="../conf/lufi.conf.template" --destination="$final_path/lufi.conf"
|
||||
|
||||
chmod 600 $final_path/lufi.conf
|
||||
chown $app:$app $final_path/lufi.conf
|
||||
|
|
|
|||
Loading…
Reference in a new issue