From 9a3fef2efffab8f59f4100328a90e446aac039c1 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Thu, 25 Mar 2021 17:37:29 +0100 Subject: [PATCH 1/6] Add LDAP integration --- README.md | 2 +- README_fr.md | 2 +- check_process | 7 +++++-- manifest.json | 2 +- scripts/_common.sh | 2 ++ scripts/install | 10 ++++++++++ scripts/upgrade | 5 +++++ sources/patches/app-00-ldap-include.patch | 12 ++++++++++++ 8 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 sources/patches/app-00-ldap-include.patch diff --git a/README.md b/README.md index bee3128..b52d8d4 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ This app can be configured via its admin panel, available at `https://mydomain/m #### Multi-user support -This app supports multiuser, but is not integrated via LDAP nor SSO. +This app supports multiuser and LDAP, but is not integrated via SSO. The admin page is protected by SSOwat. #### Supported architectures diff --git a/README_fr.md b/README_fr.md index a820331..1803224 100644 --- a/README_fr.md +++ b/README_fr.md @@ -34,7 +34,7 @@ Cette application se configure via son interface administrateur, accessible sur #### Support multi-utilisateur -Cette application supporte le multiutilisateur, mais n'est pas intégrée avec le LDAP ni le SSO. +Cette application supporte le multiutilisateur et LDAP, mais n'est pas intégrée avec le SSO. Les pages d'administration sont protégées par SSOwat. #### Architectures supportées diff --git a/check_process b/check_process index 425f8a0..ddd27a7 100644 --- a/check_process +++ b/check_process @@ -6,7 +6,7 @@ is_public=1 (PUBLIC|public=1|private=0) q2a_name="ATestQ2ASite" admin="john" (USER) - password="pass" + password="password" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -15,8 +15,11 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=0 from_commit=61a8347e52d061269e83a0db50b21cd66039f453 + upgrade=1 from_commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e backup_restore=1 multi_instance=1 port_already_use=0 change_url=1 +;;; Upgrade options + ; commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e + manifest_arg=domain=DOMAIN&path=PATH&language=fr&is_public=1&q2a_name=ATestQ2ASite&admin=USER&password=password& diff --git a/manifest.json b/manifest.json index 6c1df63..6385cb2 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Platform for Question&Answer sites.", "fr": "Plateforme de Question/Réponses." }, - "version": "1.8.5~ynh1", + "version": "1.8.5~ynh2", "url": "https://www.question2answer.org/", "license": "GPL-2.0-or-later", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 748c116..7fecaea 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,8 @@ # COMMON VARIABLES #================================================= +ldap_login_commit=857ad8bf3ca891cb33fa6e8816ed0d3e198c1afc + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index 3786fe2..1fce781 100755 --- a/scripts/install +++ b/scripts/install @@ -110,6 +110,16 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +#================================================= +# DOWNLOAD AND UNPACK LDAP PLUGIN +#================================================= +ynh_script_progression --message="Setting up LDAP plugin..." --weight=3 + +wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_login_commit.zip 2>&1 + +unzip qa-ldap-login.zip -d $final_path/qa-plugin +mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login + #================================================= # NGINX CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5d490a5..c3e4833 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -84,6 +84,11 @@ then # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" + + # Setup LDAP + wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_login_commit.zip 2>&1 + unzip qa-ldap-login.zip -d $final_path/qa-plugin + mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login fi #================================================= diff --git a/sources/patches/app-00-ldap-include.patch b/sources/patches/app-00-ldap-include.patch new file mode 100644 index 0000000..d3d19e6 --- /dev/null +++ b/sources/patches/app-00-ldap-include.patch @@ -0,0 +1,12 @@ +diff --git a/qa-include/pages/login.php b/qa-include/pages/login.php +index 12946ec..7983a34 100644 +--- a/qa-include/pages/login.php ++++ b/qa-include/pages/login.php +@@ -57,6 +57,7 @@ if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) { + if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { + require_once QA_INCLUDE_DIR . 'db/users.php'; + require_once QA_INCLUDE_DIR . 'db/selects.php'; ++ require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php'; + + if (!qa_check_form_security_code('login', qa_post_text('code'))) { + $pageerror = qa_lang_html('misc/form_security_again'); From ab9068ab2a5939c1f8ff01b3d5191c018ce35664 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 26 Mar 2021 11:22:22 +0100 Subject: [PATCH 2/6] Use ynh_replace_string instead of patch --- scripts/install | 5 +++++ scripts/upgrade | 5 +++++ sources/patches/app-00-ldap-include.patch | 12 ------------ 3 files changed, 10 insertions(+), 12 deletions(-) delete mode 100644 sources/patches/app-00-ldap-include.patch diff --git a/scripts/install b/scripts/install index 1fce781..c38527c 100755 --- a/scripts/install +++ b/scripts/install @@ -120,6 +120,11 @@ wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_ unzip qa-ldap-login.zip -d $final_path/qa-plugin mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login +ynh_replace_string\ + --match_string="require_once QA_INCLUDE_DIR . 'db/selects.php';"\ + --replace_string="require_once QA_INCLUDE_DIR . 'db/selects.php';\r\n require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php';"\ + --target_file="$final_path/qa-include/pages/login.php" + #================================================= # NGINX CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c3e4833..9824e1f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -89,6 +89,11 @@ then wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_login_commit.zip 2>&1 unzip qa-ldap-login.zip -d $final_path/qa-plugin mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login + + ynh_replace_string\ + --match_string="require_once QA_INCLUDE_DIR . 'db/selects.php';"\ + --replace_string="require_once QA_INCLUDE_DIR . 'db/selects.php';\r\n require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php';"\ + --target_file="$final_path/qa-include/pages/login.php" fi #================================================= diff --git a/sources/patches/app-00-ldap-include.patch b/sources/patches/app-00-ldap-include.patch deleted file mode 100644 index d3d19e6..0000000 --- a/sources/patches/app-00-ldap-include.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff --git a/qa-include/pages/login.php b/qa-include/pages/login.php -index 12946ec..7983a34 100644 ---- a/qa-include/pages/login.php -+++ b/qa-include/pages/login.php -@@ -57,6 +57,7 @@ if (qa_clicked('dologin') && (strlen($inemailhandle) || strlen($inpassword))) { - if (qa_user_limits_remaining(QA_LIMIT_LOGINS)) { - require_once QA_INCLUDE_DIR . 'db/users.php'; - require_once QA_INCLUDE_DIR . 'db/selects.php'; -+ require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php'; - - if (!qa_check_form_security_code('login', qa_post_text('code'))) { - $pageerror = qa_lang_html('misc/form_security_again'); From 1622f13c134134b9ef98982cce93b97baa8625bb Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 26 Mar 2021 18:13:57 +0100 Subject: [PATCH 3/6] Use SQL to configure the LDAP plugin cURL is too complicated, and we already have to use SQL to update the user Also remove the need to ask for a password --- conf/ldap.sql | 32 ++++++++++++++++++++++++++++++++ manifest.json | 5 ----- scripts/install | 8 ++++++-- scripts/upgrade | 8 ++++++++ 4 files changed, 46 insertions(+), 7 deletions(-) create mode 100644 conf/ldap.sql diff --git a/conf/ldap.sql b/conf/ldap.sql new file mode 100644 index 0000000..2c35f17 --- /dev/null +++ b/conf/ldap.sql @@ -0,0 +1,32 @@ +BEGIN; + +DELETE FROM `qa_options` WHERE `title` IN ( + 'ldap_authentication_attribute', + 'ldap_login_ad', + 'ldap_login_allow_normal', + 'ldap_login_filter', + 'ldap_login_fname', + 'ldap_login_generic_search', + 'ldap_login_hostname', + 'ldap_login_mail', + 'ldap_login_port', + 'ldap_login_sname' +); + +INSERT INTO `qa_options` (`title`, `content`) VALUES +('ldap_authentication_attribute', 'uid'), +('ldap_login_ad', ''), +('ldap_login_allow_normal', ''), +('ldap_login_filter', '(objectClass=mailAccount)'), +('ldap_login_fname', 'givenname'), +('ldap_login_generic_search', 'uid=USERNAME,ou=users,dc=yunohost,dc=org/mail=USERNAME,ou=users,dc=yunohost,dc=org'), +('ldap_login_hostname', 'ldap://localhost'), +('ldap_login_mail', 'mail'), +('ldap_login_port', '389'), +('ldap_login_sname', 'sn'); + +UPDATE `qa_users` SET `sessionsource` = 'ldap'; +INSERT INTO `qa_userlogins` (`userid`, `source`, `identifier`, `identifiermd5`) VALUES +((SELECT userid FROM `qa_users` WHERE `handle` = '__ADMIN__'), 'ldap', '__ADMIN_EMAIL__', UNHEX(MD5('__ADMIN_EMAIL__'))); + +COMMIT; diff --git a/manifest.json b/manifest.json index 6385cb2..bf873be 100644 --- a/manifest.json +++ b/manifest.json @@ -67,11 +67,6 @@ "name": "admin", "type": "user", "example": "johndoe" - }, - { - "name": "password", - "type": "password", - "example": "Choose a password" } ] } diff --git a/scripts/install b/scripts/install index c38527c..9480c70 100755 --- a/scripts/install +++ b/scripts/install @@ -30,7 +30,6 @@ admin=$YNH_APP_ARG_ADMIN email=`ynh_user_get_info "$admin" 'mail'` is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE -password=$YNH_APP_ARG_PASSWORD q2a_name=${YNH_APP_ARG_Q2A_NAME// /%20} ### If it's a multi-instance app, meaning it can be installed several times independently @@ -202,8 +201,10 @@ ynh_systemd_action --service_name=nginx --action=reload # Installation with curl ynh_script_progression --message="Finalizing installation..." --weight=4 +admin_temp_pass=$(ynh_string_random 10) + ynh_local_curl "/index.php?qa=install" "create=Set+up+the+Database+including+User+Management" -ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$password" "email=$email" "super=Set+up+the+Super+Administrator" +ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$admin_temp_pass" "email=$email" "super=Set+up+the+Super+Administrator" ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general"\ "option_site_title=$q2a_name"\ "option_site_url=https%3A%2F%2F$domain$path_url"\ @@ -216,6 +217,9 @@ ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general"\ "dosaveoptions=1"\ "has_js=0" +ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/ldap.sql" +ynh_replace_string --match_string="__ADMIN_EMAIL__" --replace_string="$email" --target_file="../conf/ldap.sql" +mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql # Remove the public access ynh_permission_update --permission="main" --remove="visitors" diff --git a/scripts/upgrade b/scripts/upgrade index 9824e1f..bfcc721 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -78,6 +78,14 @@ ynh_abort_if_errors # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +if grep 'qa-ldap-login' "$final_path/qa-include/pages/login.php" +then + has_ldap=1 +else + has_ldap=0 + ynh_print_warn "The LDAP plugin will be installed, but not configured, you'll have to do it in the Question2Answer admin" +fi + if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --time --weight=1 From ae4ad4ca83fe9c12bb224b84346194e2fb8d30ff Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 26 Mar 2021 18:20:59 +0100 Subject: [PATCH 4/6] URLencode the q2a_name --- scripts/_common.sh | 15 +++++++++++++++ scripts/install | 6 +++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 7fecaea..87bc987 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -55,6 +55,21 @@ ynh_local_curl_csrf () { curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile } +#Convert --data to --data-urlencode before ynh_local_curl +myynh_urlencode() { + local data + if [[ $# != 1 ]]; then + echo "Usage: $0 string-to-urlencode" + return 1 + fi + data="$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")" + if [[ $? != 3 ]]; then + echo "Unexpected error" 1>&2 + return 2 + fi + echo "${data##/?}" + return 0 +} #================================================= # FUTURE OFFICIAL HELPERS diff --git a/scripts/install b/scripts/install index 9480c70..f8ce2cb 100755 --- a/scripts/install +++ b/scripts/install @@ -30,7 +30,7 @@ admin=$YNH_APP_ARG_ADMIN email=`ynh_user_get_info "$admin" 'mail'` is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE -q2a_name=${YNH_APP_ARG_Q2A_NAME// /%20} +q2a_name=$YNH_APP_ARG_Q2A_NAME ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID @@ -206,8 +206,8 @@ admin_temp_pass=$(ynh_string_random 10) ynh_local_curl "/index.php?qa=install" "create=Set+up+the+Database+including+User+Management" ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$admin_temp_pass" "email=$email" "super=Set+up+the+Super+Administrator" ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general"\ - "option_site_title=$q2a_name"\ - "option_site_url=https%3A%2F%2F$domain$path_url"\ + `myynh_urlencode "option_site_title=$q2a_name"`\ + `myynh_urlencode "option_site_url=https://$domain$path_url"`\ "option_neat_urls=0"\ "option_site_language=$language"\ "option_site_theme=SnowFlat"\ From e0966b90a6bc085d7b70091dd2d0e7c0a5505fd1 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 26 Mar 2021 18:24:58 +0100 Subject: [PATCH 5/6] Remove prints to stderr from git --- scripts/install | 4 +--- scripts/upgrade | 8 ++------ 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/scripts/install b/scripts/install index f8ce2cb..3e72ba4 100755 --- a/scripts/install +++ b/scripts/install @@ -160,9 +160,7 @@ ynh_script_progression --message="Installing Translations..." --weight=6 ### French if [ $language == "fr" ]; then - ynh_print_OFF - git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr - ynh_print_ON + git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr 2>&1 fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index bfcc721..f9d5a47 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -137,14 +137,10 @@ ynh_script_progression --message="Upgrading Translations..." --time --weight=1 if [ $language == "fr" ]; then if [ -e $final_path/qa-lang/fr ]; then cd $final_path/qa-lang/fr - ynh_print_OFF - git pull - ynh_print_ON + git pull 2>&1 cd - else - ynh_print_OFF - git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr - ynh_print_ON + git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr 2>&1 fi fi From 2b963dbe548751067d0559798facfa7b54e2affa Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Mon, 29 Mar 2021 13:03:37 +0200 Subject: [PATCH 6/6] Remove unneeded part of the upgrade script --- scripts/upgrade | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index f9d5a47..75b78a8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -144,19 +144,6 @@ if [ $language == "fr" ]; then fi fi -#================================================= -# MODIFY A CONFIG FILE -#================================================= - -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE" - -#ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE" - -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/CONFIG_FILE" - #================================================= # GENERIC FINALIZATION #=================================================