Implement ldap_enabled

Fix #220
2024-09-03 19:46:02 +02:00 · 2020-05-17 21:04:33 +02:00 · 2020-05-17 21:04:33 +02:00 · dc1f236e40
commit dc1f236e40
parent 6650cdd372
6 changed files with 74 additions and 62 deletions
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@ -170,7 +170,7 @@ STREAMING_CLUSTER_NUM=1
 # GID=1000

 # LDAP authentication (optional)
-LDAP_ENABLED=true
+LDAP_ENABLED=__LDAP_ENABLED__
 LDAP_HOST=localhost
 LDAP_PORT=389
 LDAP_METHOD=start_tls
--- a/manifest.json
+++ b/manifest.json
@ -67,6 +67,15 @@
 				},
 				"choices": ["en_EN", "fr_FR"],
 				"default": "fr_FR"
+			},
+            {
+                "name": "ldap_enabled",
+                "type": "boolean",
+                "ask": {
+                    "en": "Do you want to enable ldap authentication?",
+                    "fr": "Voulez vous activer l'authentification LDAP?"
+                },
+                "default": true
            }
 		]
 	}
--- a/scripts/install
+++ b/scripts/install
@ -35,6 +35,7 @@ path_url="/"
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
+ldap_enabled=$YNH_APP_ARG_LDAP_ENABLED

 admin_mail=$(ynh_user_get_info $admin 'mail')

@ -61,6 +62,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=language --value=$language
+ynh_app_setting_set --app=$app --key=ldap_enabled --value=$ldap_enabled

 #=================================================
 # STANDARD MODIFICATIONS
@ -162,26 +164,29 @@ ynh_install_ruby --ruby_version=2.6.5
 #=================================================
 ynh_script_progression --message="Modifying a config file..." --weight=2

-cp -f ../conf/.env.production.sample "$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail"        --target_file="${final_path}/live/.env.production"
+config="${final_path}/live/.env.production"
+cp -f ../conf/.env.production.sample "$config"
+ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$config"
+ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
+ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
+ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
+ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="$config"

 language="$(echo $language | head -c 2)"
-ynh_replace_string --match_string="__LANGUAGE__"      --replace_string="$language" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$config"
+
+ynh_replace_string --match_string="__LDAP_ENABLED__" --replace_string="$ldap_enabled" --target_file="$config"

 paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
-ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="${final_path}/live/.env.production"
+ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="$config"
 ynh_app_setting_set --app="$app" --key=paperclip_secret --value="$paperclip_secret"

 secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
-ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$config"
 ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base"

 otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
-ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$config"
 ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret"

 #=================================================
@ -195,7 +200,7 @@ pushd "$final_path/live"
 	ynh_use_nodejs
 	sudo -u "$app" env PATH=$PATH /opt/rbenv/versions/2.6.5/bin/bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test
 	sudo -u "$app" env PATH=$PATH yarn install --pure-lockfile
-	sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production
+	sudo -u "$app" echo "SAFETY_ASSURED=1">> $config
 	sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rails db:setup --quiet
 	sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rails assets:precompile --quiet
 	sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
@ -208,8 +213,8 @@ ynh_secure_remove --file="$final_path/live/acc.txt"
 vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt")
 vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt")

-ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key"        --target_file="${final_path}/live/.env.production"
-ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key"        --target_file="${final_path}/live/.env.production"
+ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key" --target_file="$config"
+ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key" --target_file="$config"

 ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key"
 ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key"
@ -244,7 +249,7 @@ ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming
 ynh_script_progression --message="Storing the config file checksum..." --weight=1

 # Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="${final_path}/live/.env.production"
+ynh_store_file_checksum --file="$config"

 #=================================================
 # GENERIC FINALIZATION
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -26,6 +26,7 @@ admin=$(ynh_app_setting_get --app=$app --key=admin)
 is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 language=$(ynh_app_setting_get --app=$app --key=language)
+ldap_enabled=$(ynh_app_setting_get --app=$app --key=ldap_enabled)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)

 db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
@ -51,6 +52,7 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 ynh_script_progression --message="Ensuring downward compatibility..." --weight=1

+config="${final_path}/live/.env.production"
 # If db_name doesn't exist, create it
 if [ -z "$db_name" ]; then
 	db_name="${app}_production"
@ -87,12 +89,12 @@ if [[ -z "$db_pwd" ]]; then
 	ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
 	ynh_psql_test_if_first_run
 	sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres
-	ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="${final_path}/live/.env.production"
+	ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config"
 fi

 # If paperclip_secret doesn't exist, retrieve it or create it
 if [[ -z "$paperclip_secret" ]]; then
-	paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" ${final_path}/live/.env.production)
+	paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" $config)
 	if [[ -z "$paperclip_secret" ]]; then
 	    paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
 	fi
@ -101,7 +103,7 @@ fi

 # If secret_key_base doesn't exist, retrieve it or create it
 if [[ -z "$secret_key_base" ]]; then
-	secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" ${final_path}/live/.env.production)
+	secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" $config)
 	if [[ -z "$secret_key_base" ]]; then
 	    secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
 	fi
@ -110,7 +112,7 @@ fi

 # If otp_secret doesn't exist, retrieve it or create it
 if [[ -z "$otp_secret" ]]; then
-	otp_secret=$(grep -oP "OTP_SECRET=\K\w+" ${final_path}/live/.env.production)
+	otp_secret=$(grep -oP "OTP_SECRET=\K\w+" $config)
 	if [[ -z "$otp_secret" ]]; then
 	    otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
 	fi
@ -119,12 +121,18 @@ fi

 # If vapid_private_key doesn't exist, retrieve it or create it
 if [[ -z "$vapid_private_key" ]]; then
-	vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" ${final_path}/live/.env.production)
-	vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" ${final_path}/live/.env.production)
+	vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" $config)
+	vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" $config)
 	ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
 	ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
 fi

+# If ldap_enabled doesn't exist, create it
+if [[ -z "$ldap_enabled" ]]; then
+	ldap_enabled=false
+	ynh_app_setting_set --app=$app --key=ldap_enabled --value=$ldap_enabled
+fi
+
 #Remove previous added repository
 ynh_remove_extra_repo

@ -181,7 +189,7 @@ then
    if [ -d "$final_path/live/public/system" ]; then
 	    rsync -a "$final_path/live/public/system" "$tmpdir/."
    fi
-    rsync -a "$final_path/live/.env.production" "$tmpdir/."
+    rsync -a "$config" "$tmpdir/."
    ynh_secure_remove --file="$final_path/live"
    ynh_setup_source --dest_dir="$final_path/live"

@ -256,25 +264,27 @@ ynh_install_ruby --ruby_version=2.6.5
 #=================================================
 ynh_script_progression --message="Modifying a config file..." --weight=1

-ynh_backup_if_checksum_is_different --file="$final_path/live/.env.production"
-cp -f ../conf/.env.production.sample "$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/live/.env.production"
-ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail"        --target_file="${final_path}/live/.env.production"
+ynh_backup_if_checksum_is_different --file="$config"
+cp -f ../conf/.env.production.sample "$config"
+ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$config"
+ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config"
+ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config"
+ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
+ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="$config"

 language="$(echo $language | head -c 2)"
-ynh_replace_string --match_string="__LANGUAGE__"      --replace_string="$language" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$config"

-ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="${final_path}/live/.env.production"
+ynh_replace_string --match_string="__LDAP_ENABLED__" --replace_string="$ldap_enabled" --target_file="$config"

-ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="$config"

-ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$final_path/live/.env.production"
+ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$config"

-ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key"        "$final_path/live/.env.production"
-ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key"        "$final_path/live/.env.production"
+ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$config"
+
+ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key" --target_file="$config"
+ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key" --target_file="$config"

 #=================================================
 # UPGRADE MASTODON
@ -293,20 +303,8 @@ pushd "$final_path/live"
    sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl cache clear
 popd

-# If vapid_private_key doesn't exist, retrieve it or create it
-#if [[ -z "$vapid_private_key" ]]; then
-#	sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
-#	vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt")
-#	vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt")
-#	ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key"
-#	ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key"
-#	ynh_secure_remove "$final_path/live/key.txt"
-#    ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key"        "${final_path}/live/.env.production"
-#    ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key"        "${final_path}/live/.env.production"
-#fi
-
 # Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="${final_path}/live/.env.production"
+ynh_store_file_checksum --file="$config"

 #=================================================
 # SETUP CRON JOB FOR REMOVING CACHE