From b39398fb039fcfd3f3467aa523a566b4de4b4b38 Mon Sep 17 00:00:00 2001
From: Xavier ROOT <soyouz@src386.org>
Date: Wed, 16 Dec 2015 13:53:46 +0100
Subject: [PATCH] Initial SSO implementation

---
 CHANGELOG       |  1 +
 manifest.json   |  6 +++---
 notes           |  2 ++
 scripts/install | 20 +++++++++++---------
 scripts/upgrade | 22 ++++++++++++++--------
 5 files changed, 31 insertions(+), 20 deletions(-)
 create mode 100644 notes

diff --git a/CHANGELOG b/CHANGELOG
index f41c123..52787b0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,6 +2,7 @@
 
 1.4 ?
 - Changelog is now on a separate file
+- Yunohost SSO support !
 
 1.3 2015-12-15
 - Update to Movim 0.9 git2015-12-15
diff --git a/manifest.json b/manifest.json
index 43c4144..fe646c9 100644
--- a/manifest.json
+++ b/manifest.json
@@ -60,10 +60,10 @@
                 "default" : "en"
             },
             {
-                "name": "public_site",
+                "name": "ssoenabled",
                 "ask": {
-                    "en": "Public pod ? (see README on github)",
-		    "fr": "Pod public ? (voir README sur github)"
+                    "en": "Enable SSO (autologin) ?",
+		    "fr": "Activer le SSO (connexin auto) ?"
                 },
                 "choices": ["Yes", "No"],
                 "default": "No"
diff --git a/notes b/notes
new file mode 100644
index 0000000..8c70e8f
--- /dev/null
+++ b/notes
@@ -0,0 +1,2 @@
+protected_urls -v "/"
+supprimer le skipped url restant
diff --git a/scripts/install b/scripts/install
index 81a33bc..5a8efe0 100644
--- a/scripts/install
+++ b/scripts/install
@@ -6,7 +6,7 @@ path=$2
 admin=$3
 password=$4
 language=$5
-public_site=$6
+ssoenabled=$6
 port=$7
 timezone=`cat /etc/timezone`
 
@@ -50,7 +50,7 @@ fi
 
 # Save parameters
 sudo yunohost app setting movim admin -v $admin
-sudo yunohost app setting movim public_site -v $public_site
+sudo yunohost app setting movim ssoenabled -v $ssoenabled
 sudo yunohost app setting movim port -v $port
 sudo yunohost app setting movim path -v $path
 
@@ -94,11 +94,6 @@ sudo su -c "cd $final_path && php mud.php config environment:production" movim
 sudo su -c "cd $final_path && php mud.php config timezone:$timezone" movim
 sudo su -c "cd $final_path && php mud.php config username:$admin" movim
 sudo su -c "cd $final_path && php mud.php config password:`echo -n $password | sha1sum | awk '{print $1}'`" movim
-if [ $public_site = "No" ]; 
-then
-        sudo su -c "cd $final_path && php mud.php config xmppwhitelist:$domain" movim
-fi
-sudo yunohost app addaccess movim -u $admin
 
 # Copy init script or systemd service
 sudo sed -i "s@YHURL@$domain$path@g" ../conf/movim.{service,init}
@@ -129,8 +124,15 @@ sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate /
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf
 
 # SSOwat Configuration
-sudo yunohost app setting movim skipped_uris -v "/"  
-sudo yunohost app ssowatconf
+if [ $ssoenabled = "No" ];
+then
+	sudo yunohost app setting movim skipped_uris -v "/"  
+	sudo yunohost app ssowatconf
+	sudo su -c "cd $final_path && php mud.php config xmppwhitelist:$domain" movim
+else
+	sudo yunohost app setting movim unprotected_uris -v "/"
+	sudo yunohost app ssowatconf
+fi
 
 # Start Movim
 sudo service php5-fpm restart
diff --git a/scripts/upgrade b/scripts/upgrade
index 7c0c702..59a2a0e 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -5,6 +5,7 @@ path=$(sudo yunohost app setting movim path)
 domain=$(sudo yunohost app setting movim domain)
 port=$(sudo yunohost app setting movim port)
 public_site=$(sudo yunohost app setting movim public_site)
+ssoenabled=$(sudo yunohost app setting movim ssoenabled)
 timezone=`cat /etc/timezone`
 
 # Check timezone
@@ -40,14 +41,20 @@ sudo sed -i "s@/ws/@$path/ws/@g" $final_path/app/assets/js/movim_websocket.js
 # Upgrade db if necessary
 sudo su -c "cd $final_path && php mud.php db set" movim
 
-# Update xmppwhitelist if private
-if [ $public_site = "No" ];
-then
-        sudo su -c "cd $final_path && php mud.php config xmppwhitelist:$domain" movim
-fi
-
-# Delete obsolete SSO conf
+# Reset SSO parameters
 sudo yunohost app setting movim protected_uris -d
+sudo yunohost app setting movim skipped_uris -d
+
+# SSOwat Configuration
+if [ $ssoenabled = "No" ] || [ $public_site = "No" ];
+then
+        sudo yunohost app setting movim skipped_uris -v "/"
+        sudo yunohost app ssowatconf
+        sudo su -c "cd $final_path && php mud.php config xmppwhitelist:$domain" movim
+else
+        sudo yunohost app setting movim unprotected_uris -v "/"
+        sudo yunohost app ssowatconf
+fi
 
 # Update init scripts
 sudo sed -i "s@YHURL@$domain$path@g" ../conf/movim.{service,init}
@@ -79,7 +86,6 @@ sed -i "s@//ws/@/ws/@g" ../conf/nginx.conf # Avoid duplicate /
 sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/movim.conf
 
 # Reload
-sudo yunohost app ssowatconf
 sudo service movim restart
 sudo service php5-fpm restart
 sudo service nginx reload