Merge pull request #3 from YunoHost-Apps/ldap

Ldap integration

README.md

@@ -34,7 +34,7 @@ This app can be configured via its admin panel, available at `https://mydomain/m
 
 #### Multi-user support
 
-This app supports multiuser, but is not integrated via LDAP nor SSO.
+This app supports multiuser and LDAP, but is not integrated via SSO.
 The admin page is protected by SSOwat.
 
 #### Supported architectures

README_fr.md

@@ -34,7 +34,7 @@ Cette application se configure via son interface administrateur, accessible sur
 
 #### Support multi-utilisateur
 
-Cette application supporte le multiutilisateur, mais n'est pas intégrée avec le LDAP ni le SSO.
+Cette application supporte le multiutilisateur et LDAP, mais n'est pas intégrée avec le SSO.
 Les pages d'administration sont protégées par SSOwat.
 
 #### Architectures supportées

check_process

@@ -6,7 +6,7 @@
 		is_public=1	(PUBLIC|public=1|private=0)
 		q2a_name="ATestQ2ASite"
 		admin="john"	(USER)
-		password="pass"
+		password="password"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
@@ -15,8 +15,11 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
-		upgrade=0	from_commit=61a8347e52d061269e83a0db50b21cd66039f453
+		upgrade=1	from_commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0
 		change_url=1
+;;; Upgrade options
+	; commit=928272bb6c3f68173d1f1fe8b11e48e3464c730e
+		manifest_arg=domain=DOMAIN&path=PATH&language=fr&is_public=1&q2a_name=ATestQ2ASite&admin=USER&password=password&

conf/ldap.sql

@@ -0,0 +1,32 @@
+BEGIN;
+
+DELETE FROM `qa_options` WHERE `title` IN (
+	'ldap_authentication_attribute',
+	'ldap_login_ad',
+	'ldap_login_allow_normal',
+	'ldap_login_filter',
+	'ldap_login_fname',
+	'ldap_login_generic_search',
+	'ldap_login_hostname',
+	'ldap_login_mail',
+	'ldap_login_port',
+	'ldap_login_sname'
+);
+
+INSERT INTO `qa_options` (`title`, `content`) VALUES
+('ldap_authentication_attribute', 'uid'),
+('ldap_login_ad', ''),
+('ldap_login_allow_normal', ''),
+('ldap_login_filter', '(objectClass=mailAccount)'),
+('ldap_login_fname', 'givenname'),
+('ldap_login_generic_search', 'uid=USERNAME,ou=users,dc=yunohost,dc=org/mail=USERNAME,ou=users,dc=yunohost,dc=org'),
+('ldap_login_hostname', 'ldap://localhost'),
+('ldap_login_mail', 'mail'),
+('ldap_login_port', '389'),
+('ldap_login_sname', 'sn');
+
+UPDATE `qa_users` SET `sessionsource` = 'ldap';
+INSERT INTO `qa_userlogins` (`userid`, `source`, `identifier`, `identifiermd5`) VALUES
+((SELECT userid FROM `qa_users` WHERE `handle` = '__ADMIN__'), 'ldap', '__ADMIN_EMAIL__', UNHEX(MD5('__ADMIN_EMAIL__')));
+
+COMMIT;

manifest.json

@@ -6,7 +6,7 @@
         "en": "Platform for Question&Answer sites.",
         "fr": "Plateforme de Question/Réponses."
     },
-    "version": "1.8.5~ynh1",
+    "version": "1.8.5~ynh2",
     "url": "https://www.question2answer.org/",
     "license": "GPL-2.0-or-later",
     "maintainer": {
@@ -67,11 +67,6 @@
                 "name": "admin",
                 "type": "user",
                 "example": "johndoe"
-            },
-            {
-                "name": "password",
-                "type": "password",
-                "example": "Choose a password"
             }
         ]
     }

scripts/_common.sh

@@ -4,6 +4,8 @@
 # COMMON VARIABLES
 #=================================================
 
+ldap_login_commit=857ad8bf3ca891cb33fa6e8816ed0d3e198c1afc
+
 #=================================================
 # PERSONAL HELPERS
 #=================================================
@@ -53,6 +55,21 @@ ynh_local_curl_csrf () {
     curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
 }
 
+#Convert --data to --data-urlencode before ynh_local_curl
+myynh_urlencode() {
+    local data
+    if [[ $# != 1 ]]; then
+        echo "Usage: $0 string-to-urlencode"
+        return 1
+    fi
+    data="$(curl -s -o /dev/null -w %{url_effective} --get --data-urlencode "$1" "")"
+    if [[ $? != 3 ]]; then
+        echo "Unexpected error" 1>&2
+        return 2
+    fi
+    echo "${data##/?}"
+    return 0
+}
 
 #=================================================
 # FUTURE OFFICIAL HELPERS

scripts/install

@@ -30,8 +30,7 @@ admin=$YNH_APP_ARG_ADMIN
 email=`ynh_user_get_info "$admin" 'mail'`
 is_public=$YNH_APP_ARG_IS_PUBLIC
 language=$YNH_APP_ARG_LANGUAGE
-password=$YNH_APP_ARG_PASSWORD
+q2a_name=$YNH_APP_ARG_Q2A_NAME
-q2a_name=${YNH_APP_ARG_Q2A_NAME// /%20}
 
 ### If it's a multi-instance app, meaning it can be installed several times independently
 ### The id of the app as stated in the manifest is available as $YNH_APP_ID
@@ -110,6 +109,21 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
+#=================================================
+# DOWNLOAD AND UNPACK LDAP PLUGIN
+#=================================================
+ynh_script_progression --message="Setting up LDAP plugin..." --weight=3
+
+wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_login_commit.zip 2>&1
+
+unzip qa-ldap-login.zip -d $final_path/qa-plugin
+mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login
+
+ynh_replace_string\
+	--match_string="require_once QA_INCLUDE_DIR . 'db/selects.php';"\
+	--replace_string="require_once QA_INCLUDE_DIR . 'db/selects.php';\r\n		require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php';"\
+	--target_file="$final_path/qa-include/pages/login.php"
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -146,9 +160,7 @@ ynh_script_progression --message="Installing Translations..." --weight=6
 ### French
 
 if [ $language == "fr" ]; then
-	ynh_print_OFF
+	git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr 2>&1
-	git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr
-	ynh_print_ON
 fi
 
 #=================================================
@@ -187,11 +199,13 @@ ynh_systemd_action --service_name=nginx --action=reload
 # Installation with curl
 ynh_script_progression --message="Finalizing installation..." --weight=4
 
+admin_temp_pass=$(ynh_string_random 10)
+
 ynh_local_curl "/index.php?qa=install" "create=Set+up+the+Database+including+User+Management"
-ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$password" "email=$email" "super=Set+up+the+Super+Administrator"
+ynh_local_curl "/index.php?qa=install" "handle=$admin" "password=$admin_temp_pass" "email=$email" "super=Set+up+the+Super+Administrator"
 ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general"\
-	"option_site_title=$q2a_name"\
+	`myynh_urlencode "option_site_title=$q2a_name"`\
-	"option_site_url=https%3A%2F%2F$domain$path_url"\
+	`myynh_urlencode "option_site_url=https://$domain$path_url"`\
 	"option_neat_urls=0"\
 	"option_site_language=$language"\
 	"option_site_theme=SnowFlat"\
@@ -201,6 +215,9 @@ ynh_local_curl_csrf "/index.php?qa=admin&qa_1=general"\
 	"dosaveoptions=1"\
 	"has_js=0"
 
+ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="../conf/ldap.sql"
+ynh_replace_string --match_string="__ADMIN_EMAIL__" --replace_string="$email" --target_file="../conf/ldap.sql"
+mysql -u $db_user -p${db_pwd} $db_name < ../conf/ldap.sql
 
 # Remove the public access
 ynh_permission_update --permission="main" --remove="visitors"

scripts/upgrade

@@ -78,12 +78,30 @@ ynh_abort_if_errors
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
 
+if grep 'qa-ldap-login' "$final_path/qa-include/pages/login.php"
+then
+	has_ldap=1
+else
+	has_ldap=0
+	ynh_print_warn "The LDAP plugin will be installed, but not configured, you'll have to do it in the Question2Answer admin"
+fi
+
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --time --weight=1
 
 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$final_path"
+
+	# Setup LDAP
+	wget -O qa-ldap-login.zip https://github.com/zakkak/qa-ldap-login/archive/$ldap_login_commit.zip 2>&1
+	unzip qa-ldap-login.zip -d $final_path/qa-plugin
+	mv $final_path/qa-plugin/qa-ldap-login-$ldap_login_commit $final_path/qa-plugin/qa-ldap-login
+
+	ynh_replace_string\
+		--match_string="require_once QA_INCLUDE_DIR . 'db/selects.php';"\
+		--replace_string="require_once QA_INCLUDE_DIR . 'db/selects.php';\r\n		require_once QA_INCLUDE_DIR . '../qa-plugin/qa-ldap-login/qa-ldap-process.php';"\
+		--target_file="$final_path/qa-include/pages/login.php"
 fi
 
 #=================================================
@@ -119,30 +137,13 @@ ynh_script_progression --message="Upgrading Translations..." --time --weight=1
 if [ $language == "fr" ]; then
 	if [ -e $final_path/qa-lang/fr ]; then
 		cd $final_path/qa-lang/fr
-		ynh_print_OFF
+		git pull 2>&1
-		git pull
-		ynh_print_ON
 		cd -
 	else
-		ynh_print_OFF
+		git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr 2>&1
-		git clone https://github.com/mrflos/q2a-lang-fr $final_path/qa-lang/fr
-		ynh_print_ON
 	fi
 fi
 
-#=================================================
-# MODIFY A CONFIG FILE
-#=================================================
-
-### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
-### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
-ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE"
-
-#ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
-
-# Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="$final_path/CONFIG_FILE"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================