From 43147112fcfd5161ba770e86c2bc9cb4cda6ede8 Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 15:31:29 +0700 Subject: [PATCH 1/7] Setup LDAP auth for Outline through Dex app --- conf/.env | 16 ++++++++-------- doc/DISCLAIMER.md | 18 ++++-------------- manifest.json | 21 +++++++++++++-------- scripts/backup | 7 +++++-- scripts/change_url | 7 +++++-- scripts/install | 22 ++++++++++++++++++---- scripts/remove | 9 +++++---- scripts/restore | 7 +++++-- scripts/upgrade | 7 +++++-- 9 files changed, 68 insertions(+), 46 deletions(-) diff --git a/conf/.env b/conf/.env index f5279ed..6f0d7d4 100644 --- a/conf/.env +++ b/conf/.env @@ -54,8 +54,8 @@ AWS_S3_ACL=private # # When configuring the Client ID, add a redirect URL under "OAuth & Permissions": # https:///auth/slack.callback -SLACK_KEY=__SLACK_KEY__ -SLACK_SECRET=__SLACK_SECRET__ +SLACK_KEY= +SLACK_SECRET= # To configure Google auth, you'll need to create an OAuth Client ID at # => https://console.cloud.google.com/apis/credentials @@ -75,18 +75,18 @@ AZURE_RESOURCE_APP_ID= # To configure generic OIDC auth, you'll need some kind of identity provider. # See documentation for whichever IdP you use to acquire the following info: # Redirect URI is https:///auth/oidc.callback -OIDC_CLIENT_ID= -OIDC_CLIENT_SECRET= -OIDC_AUTH_URI= -OIDC_TOKEN_URI= -OIDC_USERINFO_URI= +OIDC_CLIENT_ID=__OIDC_NAME__ +OIDC_CLIENT_SECRET=__OIDC_SECRET__ +OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__/auth +OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__/token +OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__/userinfo # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload OIDC_USERNAME_CLAIM=preferred_username # Display name for OIDC authentication -OIDC_DISPLAY_NAME=OpenID +OIDC_DISPLAY_NAME=Yunohost # Space separated auth scopes. OIDC_SCOPES="openid profile email" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index d406a37..8bca22d 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -2,22 +2,12 @@ 1. Because this app can't yet run in the CI server, its integration level is unkonwn at the moment and standard Yunohost packages testing couldn't run yet. **Please don't use it on a prod server** 2. The app requires MinIO app to be installed (MinIO installation is automatic, though) -3. The app is requiring two full dedicated domains (one for MinIO server, one for Outline) +3. The app is requiring three domains including two fully dedicated (one for MinIO server, one for Dex, one for Outline) 4. ARM architectures are not supported (and may never be as Outline was built for AMD64) -5. Not yet working Yunohost SSO integration (for now it requires a Slack account and Slack app - see below) 6. Because it's built from sources, the app requires an important amount of RAM, disk and time to install properly -### How to create a "Slack app" and get your "Client ID" and "Signing Secret" +### How to create an admin user -You should perform all below steps before starting the package installation on Yunohost : -1. Visit https://api.slack.com/apps -2. Sign in into a Slack workspace -3. Create a new app from scratch -4. Give it a name and associate it to your workspace - -![image](https://user-images.githubusercontent.com/24638389/134668089-3b1a73f2-dbca-47c4-8e57-1ee26d1c034a.png) - -6. In the basic information tab, you'll find a "Client ID" and a "Signing Secret" - keep both as you'll need them to run the package installation -7. Go to "Features" then "OAuth & Permissions" -8. Add a new redirect URL. Use https://example.mydomain.fr/auth/slack.callback (assuming https://example.mydomain.fr is the domain on which you will install outline package) \ No newline at end of file +The first user to login will automatically be granted admin rights +You can then change the user rights by default and/or change the admin user afterwards from the Outline settings page \ No newline at end of file diff --git a/manifest.json b/manifest.json index 460181d..5f544c2 100644 --- a/manifest.json +++ b/manifest.json @@ -31,7 +31,9 @@ "install" : [ { "name": "domain", - "type": "domain" + "type": "domain", + "example": "wiki.domain.tld", + "ask": "Domain for Outline app. This will be the main domain to access the wiki. Outline has to be installed at the root" }, { "name": "is_public", @@ -49,19 +51,22 @@ "default": "en" }, { - "name": "slack_key", - "type": "string", - "ask": "Slack Client ID (from https://api.slack.com/apps)" + "name": "dex_domain", + "type": "domain", + "example": "auth.domain.tld", + "ask": "Domain for authentification. It can't be the same domain as above. Dex app will be installed and used for the authentification mechanism" }, { - "name": "slack_secret", - "type": "string", - "ask": "Slack Client Secret (from https://api.slack.com/apps)" + "name": "dex_path", + "type": "path", + "example": "/example", + "default": "/example" }, { "name": "minio_domain", "type": "domain", - "ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app" + "example": "docs.domain.tld", + "ask": "Domain for Minio app, used for images and attachements storage. If not yet installed, it will automatically be. Minio has to be installed at the root" } ] } diff --git a/scripts/backup b/scripts/backup index aa826ad..ffe6481 100755 --- a/scripts/backup +++ b/scripts/backup @@ -34,13 +34,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP diff --git a/scripts/change_url b/scripts/change_url index 84a524e..40cc62b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -33,13 +33,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP diff --git a/scripts/install b/scripts/install index 05b8ba6..104297a 100755 --- a/scripts/install +++ b/scripts/install @@ -41,9 +41,6 @@ fi secret_key=$(ynh_hex_32_random) utils_secret=$(ynh_hex_32_random) -slack_key=$YNH_APP_ARG_SLACK_KEY -slack_secret=$YNH_APP_ARG_SLACK_SECRET - app=$YNH_APP_INSTANCE_NAME #================================================= @@ -64,6 +61,19 @@ minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +#================================================= +# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT +#================================================= +ynh_script_progression --message="Installing Dex..." --weight=18 + +dex_domain=$YNH_APP_ARG_DEX_DOMAIN +dex_path=$YNH_APP_ARG_DEX_PATH +oidc_secret=$(ynh_hex_32_random) +oidc_name="Outline" +oidc_callback="$domain/auth/oidc.callback" + +yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -88,7 +98,11 @@ ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret ynh_app_setting_set --app=$app --key=language_key --value=$language_key - +ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain +ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path +ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name +ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret +ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback #================================================= # STANDARD MODIFICATIONS diff --git a/scripts/remove b/scripts/remove index 7fc17c9..7a3b163 100755 --- a/scripts/remove +++ b/scripts/remove @@ -21,15 +21,16 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path_url) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) - - minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # STANDARD REMOVE diff --git a/scripts/restore b/scripts/restore index 6f6687c..53c19ba 100755 --- a/scripts/restore +++ b/scripts/restore @@ -43,13 +43,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # CHECK IF THE APP CAN BE RESTORED diff --git a/scripts/upgrade b/scripts/upgrade index 14abc17..2f9759a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,13 +22,16 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) port=$(ynh_app_setting_get --app=$app --key=port) db_name=$(ynh_app_setting_get --app=$app --key=db_name) language_key=$(ynh_app_setting_get --app=$app --key=language_key) -slack_key=$(ynh_app_setting_get --app=$app --key=slack_key) -slack_secret=$(ynh_app_setting_get --app=$app --key=slack_secret) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) utils_secret=$(ynh_app_setting_get --app=$app --key=utils_secret) minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) mc_path=$(ynh_app_setting_get --app="minio" --key=mc_path) +dex_domain=$(ynh_app_setting_get --app="minio" --key=dex_domain) +dex_path=$(ynh_app_setting_get --app="minio" --key=dex_path) +oidc_secret=$(ynh_app_setting_get --app="minio" --key=oidc_secret) +oidc_name=$(ynh_app_setting_get --app="minio" --key=oidc_name) +oidc_callback=$(ynh_app_setting_get --app="minio" --key=oidc_callback) #================================================= # CHECK VERSION From 7b2befd8ca41d4e21acdd6c87df50e147aee2661 Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 15:54:17 +0700 Subject: [PATCH 2/7] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index 104297a..43749a0 100755 --- a/scripts/install +++ b/scripts/install @@ -72,6 +72,7 @@ oidc_secret=$(ynh_hex_32_random) oidc_name="Outline" oidc_callback="$domain/auth/oidc.callback" +unset GOPATH yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" #================================================= From 162897258b84259dfc47186a4574b5ead1153522 Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 21:20:35 +0700 Subject: [PATCH 3/7] Update install --- scripts/install | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/install b/scripts/install index 43749a0..104297a 100755 --- a/scripts/install +++ b/scripts/install @@ -72,7 +72,6 @@ oidc_secret=$(ynh_hex_32_random) oidc_name="Outline" oidc_callback="$domain/auth/oidc.callback" -unset GOPATH yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" #================================================= From a592303e78b36548d772f67052072a55501424ae Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 21:24:10 +0700 Subject: [PATCH 4/7] Update install --- scripts/install | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/install b/scripts/install index 104297a..68416f3 100755 --- a/scripts/install +++ b/scripts/install @@ -95,8 +95,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret -ynh_app_setting_set --app=$app --key=slack_key --value=$slack_key -ynh_app_setting_set --app=$app --key=slack_secret --value=$slack_secret ynh_app_setting_set --app=$app --key=language_key --value=$language_key ynh_app_setting_set --app=$app --key=dex_domain --value=$dex_domain ynh_app_setting_set --app=$app --key=dex_path --value=$dex_path From 8dbaf2904f6131bdf2d4ae61117fd7e88d409b0a Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 21:26:38 +0700 Subject: [PATCH 5/7] Update install --- scripts/install | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install b/scripts/install index 68416f3..b533def 100755 --- a/scripts/install +++ b/scripts/install @@ -72,6 +72,10 @@ oidc_secret=$(ynh_hex_32_random) oidc_name="Outline" oidc_callback="$domain/auth/oidc.callback" +if yunohost app list | grep -q "$YNH_APP_ARG_DEX_DOMAIN"; then + ynh_die "The domain provided for Dex is already used by another app. Please chose another one !" +fi + yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" #================================================= From e1d13050e4d892778e6959ed8e221f1bdd18a90a Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 21:41:32 +0700 Subject: [PATCH 6/7] Update .env --- conf/.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/.env b/conf/.env index 6f0d7d4..713c162 100644 --- a/conf/.env +++ b/conf/.env @@ -77,9 +77,9 @@ AZURE_RESOURCE_APP_ID= # Redirect URI is https:///auth/oidc.callback OIDC_CLIENT_ID=__OIDC_NAME__ OIDC_CLIENT_SECRET=__OIDC_SECRET__ -OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__/auth -OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__/token -OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__/userinfo +OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__auth +OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__token +OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__userinfo # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload From aff218a2c3102b1abb85c62d112451d9ff4b2394 Mon Sep 17 00:00:00 2001 From: Limezy Date: Thu, 24 Mar 2022 21:44:20 +0700 Subject: [PATCH 7/7] Update .env --- conf/.env | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/.env b/conf/.env index 713c162..911b979 100644 --- a/conf/.env +++ b/conf/.env @@ -77,9 +77,9 @@ AZURE_RESOURCE_APP_ID= # Redirect URI is https:///auth/oidc.callback OIDC_CLIENT_ID=__OIDC_NAME__ OIDC_CLIENT_SECRET=__OIDC_SECRET__ -OIDC_AUTH_URI=__DEX_DOMAIN____DEX_PATH__auth -OIDC_TOKEN_URI=__DEX_DOMAIN____DEX_PATH__token -OIDC_USERINFO_URI=__DEX_DOMAIN____DEX_PATH__userinfo +OIDC_AUTH_URI=https://__DEX_DOMAIN____DEX_PATH__auth +OIDC_TOKEN_URI=https://__DEX_DOMAIN____DEX_PATH__token +OIDC_USERINFO_URI=https://__DEX_DOMAIN____DEX_PATH__userinfo # Specify which claims to derive user information from # Supports any valid JSON path with the JWT payload