From 4ec8de1ff4c8f36d3861e217ab2cbff859d42739 Mon Sep 17 00:00:00 2001
From: Jimmy Monin <jimmy@monin.net>
Date: Sat, 29 Feb 2020 21:56:40 +0100
Subject: [PATCH] Update LDAP plugin and use WS API for activation

---
 conf/data.dat           |  1 -
 conf/ldap_plugin.src    |  4 ++--
 manifest.json           |  2 +-
 scripts/_ynh_local_curl | 45 +++++++++++++++++++++++++++++++++++++++++
 scripts/install         | 26 ++++++++++++++++++++----
 scripts/upgrade         | 28 +++++++++++++++++++++----
 6 files changed, 94 insertions(+), 12 deletions(-)
 delete mode 100644 conf/data.dat
 create mode 100644 scripts/_ynh_local_curl

diff --git a/conf/data.dat b/conf/data.dat
deleted file mode 100644
index 6f792d7..0000000
--- a/conf/data.dat
+++ /dev/null
@@ -1 +0,0 @@
-a:17:{s:10:"forgot_url";N;s:4:"host";s:0:"";s:6:"basedn";s:27:"ou=users,dc=yunohost,dc=org";s:4:"port";s:0:"";s:9:"ld_server";N;s:7:"ld_attr";s:3:"uid";s:8:"ld_group";s:0:"";s:14:"ld_group_class";N;s:22:"ld_group_member_attrib";N;s:9:"ld_binddn";s:0:"";s:9:"ld_bindpw";s:0:"";s:10:"ldap_debug";b:0;s:11:"ld_anonbind";b:0;s:10:"ld_use_ssl";b:0;s:14:"allow_newusers";b:1;s:28:"advertise_admin_new_ldapuser";b:1;s:26:"send_password_by_mail_ldap";b:1;}
diff --git a/conf/ldap_plugin.src b/conf/ldap_plugin.src
index fbf5976..153525a 100644
--- a/conf/ldap_plugin.src
+++ b/conf/ldap_plugin.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/VSLCatena/ldap_login/archive/92fa2fc1abc7cd18e8005583855e468b57689616.zip
-SOURCE_SUM=9fe8d2fe3be234939a5dd3a92836202400a38a6d8b8a9b4250a8a522fe53d437
+SOURCE_URL=https://piwigo.org/ext/download.php?rid=7036
+SOURCE_SUM=3c22652f6c0653aaeebe239435796748ee57612ad44e8e5f2553277545d36e5e
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=zip
 SOURCE_IN_SUBDIR=true
diff --git a/manifest.json b/manifest.json
index 87408c6..0b82713 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "photo gallery",
         "fr": "Galerie photo"
     },
-    "version": "2.10.1~ynh1",
+    "version": "2.10.1~ynh2",
     "url": "http://piwigo.org",
     "license": "GPL-2.0",
     "maintainer": {
diff --git a/scripts/_ynh_local_curl b/scripts/_ynh_local_curl
new file mode 100644
index 0000000..ad0d1f7
--- /dev/null
+++ b/scripts/_ynh_local_curl
@@ -0,0 +1,45 @@
+#!/bin/bash
+# Curl abstraction to help with POST requests to local pages (such as installation forms)
+# For multiple calls, cookies are persisted between each call for the same app
+#
+# $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?))
+#
+# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
+#
+# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
+# | arg: page_uri    - Path (relative to $path_url) of the page where POST data will be sent
+# | arg: key1=value1 - (Optionnal) POST key and corresponding value
+# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
+# | arg: ...         - (Optionnal) More POST keys and values
+#
+# Requires YunoHost version 2.6.4 or higher.
+ynh_local_curl () {
+    # Define url of page to curl
+    local local_page=$(ynh_normalize_url_path $1)
+    local full_path=$path_url$local_page
+
+    if [ "${path_url}" == "/" ]; then
+        full_path=$local_page
+    fi
+
+    local full_page_url=https://localhost$full_path
+
+    # Concatenate all other arguments with '&' to prepare POST data
+    local POST_data=""
+    local arg=""
+    for arg in "${@:2}"
+    do
+        POST_data="${POST_data}${arg}&"
+    done
+    if [ -n "$POST_data" ]
+    then
+        # Add --data arg and remove the last character, which is an unecessary '&'
+        POST_data="--data ${POST_data::-1}"
+    fi
+
+    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
+    sleep 2
+
+    # Curl the URL
+    curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar /tmp/ynh-$app-cookie.txt --cookie /tmp/ynh-$app-cookie.txt
+}
diff --git a/scripts/install b/scripts/install
index b0fe7ff..b9a029e 100644
--- a/scripts/install
+++ b/scripts/install
@@ -8,6 +8,7 @@
 
 source _common.sh
 source /usr/share/yunohost/helpers
+source _ynh_local_curl
 
 #=================================================
 # MANAGE SCRIPT FAILURE
@@ -190,13 +191,30 @@ cp ../conf/database.inc.php $final_path/local/config/database.inc.php
 ynh_store_file_checksum --file="$final_path/local/config/database.inc.php"
 
 #=================================================
-# ADD LDAP PLUGINS
+# ADD LDAP PLUGIN
 #=================================================
 ynh_script_progression --message="Configuring LDAP plugin..."
 
-# Configure and activate LDAP plugin
-ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
-cp ../conf/data.dat $final_path/plugins/Ldap_Login
+# Activate the LDAP plugin using the WS API
+
+# Login with admin account
+ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$adm_pwd"
+# Get session token
+status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus")
+pwg_token=$(jq --raw-output .result.pwg_token <<< $status)
+# Install the Ldap_Login plugin
+ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=install" "plugin=Ldap_Login" "pwg_token=$pwg_token"
+# Activate the Ldap_Login plugin
+ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token"
+# Log out
+ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout"
+
+# Edit Ldap_Login plugin configuration
+ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn';
+UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr';
+UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn';
+UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users';
+UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';"
 
 #=================================================
 # CONFIGURE FAIL2BAN
diff --git a/scripts/upgrade b/scripts/upgrade
index 7c3f91b..8fc0cec 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -8,6 +8,7 @@
 
 source _common.sh
 source /usr/share/yunohost/helpers
+source _ynh_local_curl
 
 #=================================================
 # LOAD SETTINGS
@@ -232,13 +233,32 @@ cp ../conf/database.inc.php $final_path/local/config/database.inc.php
 ynh_store_file_checksum --file="$final_path/local/config/database.inc.php"
 
 #=================================================
-# ADD LDAP PLUGINS
+# CONFIGURE LDAP PLUGIN
 #=================================================
 ynh_script_progression --message="Configuring LDAP plugin..."
 
-# Configure and activate LDAP plugin
-ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
-cp ../conf/data.dat $final_path/plugins/Ldap_Login
+# Activate the LDAP plugin using the WS API
+
+# Login with admin account
+ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$admin_pwd"
+# Get session token
+status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus")
+pwg_token=$(jq --raw-output .result.pwg_token <<< $status)
+# Activate the Ldap_Login plugin
+ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token"
+# Log out
+ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout"
+
+# Edit Ldap_Login plugin configuration
+ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn';
+UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr';
+UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn';
+UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users';
+UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';"
+# Remove configuration file for older plugin version
+if [ -f $final_path/plugins/Ldap_Login/data.dat ] ; then
+	ynh_secure_remove --file=$final_path/plugins/Ldap_Login/data.dat
+fi
 
 #=================================================
 # UPGRADE FAIL2BAN