From ba80089c71346c82943b20a71a6d572c21e764d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Sat, 10 Jul 2021 22:32:23 +0200
Subject: [PATCH] 5.1.1 (#114)

* 5.1.1
---
 conf/config.inc.php | 10 ++++----
 conf/create_db.sql  | 12 ++++-----
 scripts/_common.sh  | 60 +++++++--------------------------------------
 scripts/install     | 43 ++++++++++++++------------------
 scripts/restore     | 23 ++++++++---------
 scripts/upgrade     | 46 +++++++++++-----------------------
 6 files changed, 65 insertions(+), 129 deletions(-)

diff --git a/conf/config.inc.php b/conf/config.inc.php
index b42cffd..647750e 100644
--- a/conf/config.inc.php
+++ b/conf/config.inc.php
@@ -28,8 +28,8 @@ $i = 0;
 $i++;
 /* Authentication type */
 $cfg['Servers'][$i]['auth_type'] = 'config';
-$cfg['Servers'][$i]['user'] = '__YNH_PMA_ADMIN_USER__';
-$cfg['Servers'][$i]['password'] = '__YNH_PMA_ADMIN_PASSWORD__';
+$cfg['Servers'][$i]['user'] = '__DB_ADMIN_USER__';
+$cfg['Servers'][$i]['password'] = '__DB_ADMIN_PWD__';
 /* Server parameters */
 /*
 $cfg['Servers'][$i]['host'] = 'localhost';
@@ -49,11 +49,11 @@ $cfg['Servers'][$i]['AllowNoPassword'] = false;
 /* User used to manipulate with storage */
 // $cfg['Servers'][$i]['controlhost'] = '';
 // $cfg['Servers'][$i]['controlport'] = '';
-$cfg['Servers'][$i]['controluser'] = '__YNH_PMA_USER__';
-$cfg['Servers'][$i]['controlpass'] = '__YNH_PMA_PASSWORD__';
+$cfg['Servers'][$i]['controluser'] = '__DB_USER__';
+$cfg['Servers'][$i]['controlpass'] = '__DB_PWD__';
 
 /* Storage database and tables */
-$cfg['Servers'][$i]['pmadb'] = '__YNH_PMA_USER__';
+$cfg['Servers'][$i]['pmadb'] = '__DB_USER__';
 $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
 $cfg['Servers'][$i]['relation'] = 'pma__relation';
 $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
diff --git a/conf/create_db.sql b/conf/create_db.sql
index d603e62..ed1ef72 100644
--- a/conf/create_db.sql
+++ b/conf/create_db.sql
@@ -14,14 +14,14 @@
 
 -- --------------------------------------------------------
 
-DROP DATABASE `__YNH_PMA_USER__`;
+DROP DATABASE `__DB_USER__`;
 
 -- 
--- Database : `__YNH_PMA_USER__`
+-- Database : `__DB_USER__`
 -- 
-CREATE DATABASE IF NOT EXISTS `__YNH_PMA_USER__`
+CREATE DATABASE IF NOT EXISTS `__DB_USER__`
   DEFAULT CHARACTER SET utf8 COLLATE utf8_bin;
-USE __YNH_PMA_USER__;
+USE __DB_USER__;
 
-GRANT SELECT, INSERT, DELETE, UPDATE ON `__YNH_PMA_USER__`.* TO
-   '__YNH_PMA_USER__'@localhost;
+GRANT SELECT, INSERT, DELETE, UPDATE ON `__DB_USER__`.* TO
+   '__DB_USER__'@localhost;
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 10b2191..45d51fa 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -8,58 +8,16 @@ YNH_PHP_VERSION="7.3"
 
 extra_php_dependencies="php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-mbstring"
 
+YNH_COMPOSER_VERSION=2.0.14
+
+#=================================================
+# PERSONAL HELPERS
+#=================================================
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
 
-# Execute a command with Composer
-#
-# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands"
-# | arg: -v, --phpversion - PHP version to use with composer
-# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
-# | arg: -c, --commands - Commands to execute.
-ynh_composer_exec () {
-	# Declare an array to define the options of this helper.
-	local legacy_args=vwc
-	declare -Ar args_array=( [v]=phpversion= [w]=workdir= [c]=commands= )
-	local phpversion
-	local workdir
-	local commands
-	# Manage arguments with getopts
-	ynh_handle_getopts_args "$@"
-	workdir="${workdir:-$final_path}"
-	phpversion="${phpversion:-$YNH_PHP_VERSION}"
-
-	COMPOSER_HOME="$workdir/.composer" \
-		php${phpversion} "$workdir/composer.phar" $commands \
-		-d "$workdir" --quiet --no-interaction
-}
-
-# Install and initialize Composer in the given directory
-#
-# usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"]
-# | arg: -v, --phpversion - PHP version to use with composer
-# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
-# | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include
-ynh_install_composer () {
-	# Declare an array to define the options of this helper.
-	local legacy_args=vwa
-	declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args=)
-	local phpversion
-	local workdir
-	local install_args
-	# Manage arguments with getopts
-	ynh_handle_getopts_args "$@"
-	workdir="${workdir:-$final_path}"
-	phpversion="${phpversion:-$YNH_PHP_VERSION}"
-	install_args="${install_args:-}"
-
-	curl -sS https://getcomposer.org/installer \
-		| COMPOSER_HOME="$workdir/.composer" \
-		php${phpversion} -- --quiet --install-dir="$workdir" \
-		|| ynh_die "Unable to install Composer."
-
-	# update dependencies to create composer.lock
-	ynh_composer_exec --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \
-		|| ynh_die "Unable to update core dependencies with Composer."
-}
\ No newline at end of file
+#=================================================
+# FUTURE OFFICIAL HELPERS
+#=================================================
diff --git a/scripts/install b/scripts/install
index a2c7a0c..cf28515 100644
--- a/scripts/install
+++ b/scripts/install
@@ -54,6 +54,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_script_progression --message="Creating a MySQL database..."
 
 db_name=$(ynh_sanitize_dbid --db_name=$app)
+db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name
 
@@ -70,6 +71,14 @@ then
   FLUSH PRIVILEGES;" --database=mysql
 fi
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=3
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -79,6 +88,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -87,14 +100,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=3
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=3
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -110,7 +115,7 @@ ynh_add_fpm_config --package="$extra_php_dependencies"
 #=================================================
 ynh_script_progression --message="Filling database..." --weight=3
 
-ynh_replace_string --match_string="__YNH_PMA_USER__" --replace_string="$db_name" --target_file=../conf/create_db.sql
+ynh_replace_string --match_string="__DB_USER__" --replace_string="$db_name" --target_file=../conf/create_db.sql
 ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" \
     < ../conf/create_db.sql
 ynh_replace_string --match_string="phpmyadmin" --replace_string="$db_name" --target_file=$final_path/sql/create_tables.sql
@@ -122,15 +127,10 @@ ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name
 #=================================================
 ynh_script_progression --message="Configuring phpMyAdmin..."
 
-ynh_replace_string --match_string="__YNH_PMA_ADMIN_USER__" --replace_string="$db_admin_user" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_ADMIN_PASSWORD__" --replace_string="$db_admin_pwd" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_USER__" --replace_string="$db_name" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_PASSWORD__" --replace_string="$db_pwd" --target_file=../conf/config.inc.php
-
-cp ../conf/config.inc.php $final_path
-
-# Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="$final_path/config.inc.php"
+ynh_add_config --template="../conf/config.inc.php" --destination="$final_path/config.inc.php"
+# config.inc.php contains sensitive data, restrict its access
+chown $app: $final_path/config.inc.php
+chmod 640 $final_path/config.inc.php
 
 #=================================================
 # INSTALL DEPENDENCIES WITH COMPOSER
@@ -150,11 +150,6 @@ ynh_composer_exec --commands="update --no-dev"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to app files
-chown -R root: $final_path
-# config.inc.php contains sensitive data, restrict its access
-chown root:$app $final_path/config.inc.php
-chmod 640 $final_path/config.inc.php
 # Setup phpMyAdmin temporary folder
 mkdir -p $final_path/tmp
 chown $app: $final_path/tmp
@@ -165,7 +160,7 @@ chown $app: $final_path/tmp
 ynh_script_progression --message="Configuring permissions..." --weight=3
 
 # Restrict access to admin only
-ynh_permission_update --permission="main" --add=$admin --remove="all_users"
+ynh_permission_update --permission="main" --remove="all_users" --add=$admin
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/restore b/scripts/restore
index 49ff202..4a7311d 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -47,6 +47,14 @@ test ! -d $final_path \
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@@ -54,6 +62,10 @@ ynh_script_progression --message="Restoring phpMyAdmin main directory..."
 
 ynh_restore_file --origin_path="$final_path"
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
@@ -74,21 +86,10 @@ then
   FLUSH PRIVILEGES;" --database=mysql
 fi
 
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
 
-# config.inc.php contains sensitive data, restrict its access
-chown root:$app $final_path/config.inc.php
-
 chown $app: $final_path/tmp
 
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 7f20b44..38435b5 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -21,6 +21,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
 db_admin_user=$(ynh_app_setting_get --app=$app --key=db_admin_user)
 db_admin_pwd=$(ynh_app_setting_get --app=$app --key=db_admin_pwd)
 
@@ -90,6 +91,14 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@@ -101,9 +110,13 @@ then
 	ynh_script_progression --message="Upgrading source files..." --weight=5
 
 	# Download, check integrity, uncompress and patch the source from app.src
-	ynh_setup_source --dest_dir="$final_path"
+	ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config.inc.php"
 fi
 
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:www-data "$final_path"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -112,14 +125,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -156,35 +161,12 @@ then
 		< $final_path/sql/create_tables.sql
 fi
 
-#=================================================
-# CONFIGURE PHPMYADMIN
-#=================================================
-ynh_script_progression --message="Reconfiguring phpMyAdmin..."
-
-# Verify the checksum and backup the file if it's different
-ynh_backup_if_checksum_is_different --file="$final_path/config.inc.php"
-
-ynh_replace_string --match_string="__YNH_PMA_ADMIN_USER__" --replace_string="$db_admin_user" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_ADMIN_PASSWORD__" --replace_string="$db_admin_pwd" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_USER__" --replace_string="$db_name" --target_file=../conf/config.inc.php
-ynh_replace_string --match_string="__YNH_PMA_PASSWORD__" --replace_string="$db_pwd" --target_file=../conf/config.inc.php
-
-cp ../conf/config.inc.php $final_path
-
-# Recalculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="$final_path/config.inc.php"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to app files
-chown -R root: $final_path
-# config.inc.php contains sensitive data, restrict its access
-chown root:$app $final_path/config.inc.php
-chmod 640 $final_path/config.inc.php
 # Setup phpMyAdmin temporary folder
 mkdir -p $final_path/tmp
 chown -R $app: $final_path/tmp