From 5868cd9a312756014839f6dfe41a747a07438132 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 1 Dec 2019 21:13:14 +0100 Subject: [PATCH] Migration action: don't migrate a library, change the email of user --- actions.json | 33 ++++-- scripts/_common.sh | 2 - scripts/actions | 200 ++++++++++++++++++++++++++++++++++ sources/move_library.py | 31 ------ sources/seafile_api_loader.sh | 22 ---- 5 files changed, 225 insertions(+), 63 deletions(-) create mode 100644 scripts/actions delete mode 100644 sources/move_library.py delete mode 100755 sources/seafile_api_loader.sh diff --git a/actions.json b/actions.json index 44e4135..803b1eb 100644 --- a/actions.json +++ b/actions.json @@ -1,20 +1,37 @@ [{ - "id": "move_all_libraries", - "name": "Move user's libraries", - "command": "/opt/yunohost/seafile/seafile_api_loader.sh /opt/yunohost/seafile/move_library.py $YNH_ACTION_USER_TO_MIGRATE", + "id": "migrate_user_email_to_mail_email", + "name": "Migrate all user email with seafile domain to main user email", + "command": "bash scripts/actions", "user": "root", "accepted_return_codes": [0], "description": { - "en": "WARNING: Only use this feature if you know what you do.\n This action is only needed if you have installed Seafile before the version 7 AND your Seafile instance was installed under other domain than the user accounts. Move all user's libraries to the correct account, this action exists only for handling old created account with the old SSO behavior.\n See https://github.com/YunoHost-Apps/seafile_ynh/issues/44 for more information." + "en": "Hight level function : Change automatically the email for the user authentication to a the main user email. This function should be run when you migrate from seafile 6 to seafile 7.\nBy example 'toto@seafile-domain.tld' will be renamed to the new email 'toto-main-email@main-yunohost-domain.tld'. Note that when do you this change the email need to be also changed in all client !!" + } +}, +{ + "id": "change_user_email", + "name": "Change user email of user", + "command": "bash scripts/actions", + "user": "root", + "accepted_return_codes": [0], + "description": { + "en": "Low level function : Change manually the email for the user authentication to a other email.\nBy example 'toto@seafile-domain.tld' will be renamed to the new email 'toto@main-yunohost-domain.tld'. Note that when do you this change the email need to be also changed in all client !!" }, "arguments": [ { - "name": "user_to_migrate", - "type": "user", + "name": "old_email", + "type": "string", "ask": { - "en": "User account to be migrate from the old to the new behavior" + "en": "Old user email" }, - "example": "bob@domain.tld" + "example": "toto@seafile-domain.tld" + }, { + "name": "new_email", + "type": "string", + "ask": { + "en": "New user email" + }, + "example": "toto@main-yunohost-domain.tld" } ] }] diff --git a/scripts/_common.sh b/scripts/_common.sh index 4c86ac5..ad14063 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,8 +17,6 @@ install_source() { ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture" fi ynh_setup_source "$final_path/seafile-server-$seafile_version" "$architecture" - cp ../sources/seafile_api_loader.sh $final_path/ - cp ../sources/move_library.py $final_path/ } install_dependance() { diff --git a/scripts/actions b/scripts/actions new file mode 100644 index 0000000..c4df0c5 --- /dev/null +++ b/scripts/actions @@ -0,0 +1,200 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= + +# Source YunoHost helpers +source /usr/share/yunohost/helpers + +# Stop script if errors +ynh_abort_if_errors + +# Import common cmd +source scripts/experimental_helper.sh +source scripts/_common.sh + +ynh_print_info --message="Loading installation settings..." + +# Retrive arguments +domain=$(ynh_app_setting_get --app $app --key domain) + +#================================================= +# FUNCTION DECLARATION +#================================================= + +stop_seafile() { + ynh_print_info --message="Stoping seafile..." + + # Stop service before any change + ynh_systemd_action --service_name seafile --action stop + ynh_systemd_action --service_name seahub --action stop + sleep 2 + pkill -f seafile-controller || true + pkill -f seaf-server || true + pkill -f ccnet-server || true + pkill -f seahub || true +} + +start_seafile(){ + ynh_print_info --message="Starting seafile..." + # Avoid the current effect + sleep 2 + + # Reload services + ynh_print_info --message="Starting services..." + ynh_systemd_action --service_name seafile -l "spawned seaf-server, pid " -p /var/log/seafile/controller.log + ynh_systemd_action --service_name seahub -l "Started Seafile hub." -p "systemd" + sleep 2 +} + +get_email_list_in_seafile() { + sql_request='SELECT email FROM `EmailUser`; SELECT email FROM `LDAPUsers`' + all_user_list=$(ynh_mysql_execute_as_root --sql "$sql_request" --database ccnetdb | grep -v "^email$") + user_list=$(echo "$all_user_list" | grep "@$domain$" || true) +} + +migrate_email_in_database() { + + ynh_print_info --message="Migrating email $1 to $2" + local old_email=$1 + local new_email=$2 + sleep 1 + + if [[ "$all_user_list" =~ "$new_email" ]]; then + ynh_print_err --message "The user '$new_email' already exist in seafile, can rename '$old_email' to '$new_email'" + return + fi + + if ! [[ "$all_user_list" =~ "$old_email" ]]; then + ynh_print_err --message "The user '$old_email' don't exist in seafile, can rename '$old_email' to '$new_email'" + return + fi + + # Update database + + # This fonction relplace all old domain name by the new domain name. + # use : mysql_relpace_db db_name table collum + mysql_relpace_db() { + sql_request='UPDATE `'"$2"'` SET '"$3 = replace($3, '$old_email', '$new_email')" + ynh_mysql_execute_as_root --sql "$sql_request" --database $1 + } + + # TODO check DB update + # ccnet DB + mysql_relpace_db ccnetdb Binding email + mysql_relpace_db ccnetdb EmailUser email + mysql_relpace_db ccnetdb Group creator_name + mysql_relpace_db ccnetdb GroupUser user_name + mysql_relpace_db ccnetdb LDAPUsers email + mysql_relpace_db ccnetdb Organization creator + mysql_relpace_db ccnetdb OrgUser email + mysql_relpace_db ccnetdb UserRole email + + # seafile DB + # Note that when we do a migration from seafile v6 some time don't exist. So yes it's probably a bug on seafile side. But anyway just ignore this problem... + mysql_relpace_db seafiledb FolderUserPerm user || true + mysql_relpace_db seafiledb OrgGroupRepo owner || true + mysql_relpace_db seafiledb OrgRepo user || true + mysql_relpace_db seafiledb OrgSharedRepo from_email || true + mysql_relpace_db seafiledb OrgSharedRepo to_email || true + mysql_relpace_db seafiledb OrgUserQuota user + mysql_relpace_db seafiledb RepoGroup user_name + mysql_relpace_db seafiledb RepoInfo last_modifier + mysql_relpace_db seafiledb RepoOwner owner_id + mysql_relpace_db seafiledb RepoTrash owner_id + mysql_relpace_db seafiledb RepoUserToken email + mysql_relpace_db seafiledb SharedRepo from_email + mysql_relpace_db seafiledb SharedRepo to_email + mysql_relpace_db seafiledb UserQuota user + mysql_relpace_db seafiledb UserShareQuota user + + # seahub DB + mysql_relpace_db seahubdb api2_token user + mysql_relpace_db seahubdb api2_tokenv2 user + mysql_relpace_db seahubdb auth_user email + mysql_relpace_db seahubdb auth_user username + mysql_relpace_db seahubdb auth_user_groups user_id + mysql_relpace_db seahubdb auth_user_user_permissions user_id + mysql_relpace_db seahubdb avatar_avatar emailuser + mysql_relpace_db seahubdb base_clientlogintoken username + mysql_relpace_db seahubdb base_devicetoken user + mysql_relpace_db seahubdb base_filecomment author + mysql_relpace_db seahubdb base_innerpubmsg from_email + mysql_relpace_db seahubdb base_innerpubmsgreply from_email + mysql_relpace_db seahubdb base_userenabledmodule username + mysql_relpace_db seahubdb base_userlastlogin username + mysql_relpace_db seahubdb base_userstarredfiles email + mysql_relpace_db seahubdb django_cas_ng_proxygrantingticket user + mysql_relpace_db seahubdb drafts_draft username + mysql_relpace_db seahubdb group_groupmessage from_email + mysql_relpace_db seahubdb group_messagereply from_email + mysql_relpace_db seahubdb institutions_institutionadmin user + mysql_relpace_db seahubdb notifications_usernotification to_user + mysql_relpace_db seahubdb options_useroptions email + mysql_relpace_db seahubdb post_office_attachment_emails email_id + mysql_relpace_db seahubdb post_office_email from_email + mysql_relpace_db seahubdb profile_profile user + mysql_relpace_db seahubdb profile_profile login_id + mysql_relpace_db seahubdb profile_profile contact_email + mysql_relpace_db seahubdb registration_registrationprofile emailuser_id + mysql_relpace_db seahubdb role_permissions_adminrole email + mysql_relpace_db seahubdb share_anonymousshare repo_owner + mysql_relpace_db seahubdb share_extrasharepermission share_to + mysql_relpace_db seahubdb share_fileshare username + mysql_relpace_db seahubdb share_privatefiledirshare from_user + mysql_relpace_db seahubdb share_privatefiledirshare to_user + mysql_relpace_db seahubdb share_uploadlinkshare username + mysql_relpace_db seahubdb social_auth_code email || true + mysql_relpace_db seahubdb social_auth_usersocialauth username + mysql_relpace_db seahubdb sysadmin_extra_userloginlog username + mysql_relpace_db seahubdb tags_filetag username + mysql_relpace_db seahubdb termsandconditions_usertermsandconditions username + mysql_relpace_db seahubdb two_factor_phonedevice user + mysql_relpace_db seahubdb two_factor_staticdevice user + mysql_relpace_db seahubdb two_factor_totpdevice user + mysql_relpace_db seahubdb wiki_personalwiki username + mysql_relpace_db seahubdb wiki_wiki username + + ynh_print_info --message="Migration of email $1 to $2 done" +} + +migrate_user() { + stop_seafile + get_email_list_in_seafile + + migrate_email_in_database $YNH_ACTION_OLD_EMAIL $YNH_ACTION_NEW_EMAIL + + start_seafile +} + +migrate_all_user() { + stop_seafile + get_email_list_in_seafile + + for user in $user_list; do + # Try to get the main email of the user in yunohost which has is the old email + user_main_email=$(yunohost tools shell -c " +from yunohost.user import user_info +info = user_info('$user'.split('@')[0]) +print(info['mail']) +exit() +") + if [ "$user" == "$user_main_email" ]; then + ynh_print_info --message "Nothing to do for user $user." + fi + + migrate_email_in_database $user $user_main_email + done + + start_seafile +} + +#================================================= +# STANDARD MODIFICATIONS +#================================================= + +case $YNH_ACTION in + migrate_user_email_to_mail_email) migrate_all_user;; + change_user_email) migrate_user;; +esac diff --git a/sources/move_library.py b/sources/move_library.py deleted file mode 100644 index 0ecbd72..0000000 --- a/sources/move_library.py +++ /dev/null @@ -1,31 +0,0 @@ -#!/usr/bin/env python - -import sys -import os -from seaserv import seafile_api, ccnet_api - -seafile_local_emails = map(lambda user: user.email, ccnet_api.get_emailusers('DB', start=-1, limit=-1, is_active=None)) -active_user_emails = map(lambda user: user.email, ccnet_api.get_emailusers(source='LDAPImport', start=-1, limit=-1, is_active=True)) -ldap_user_emails = map(lambda user: user.email, ccnet_api.get_emailusers(source='LDAP', start=-1, limit=-1, is_active=None)) -non_active_user_emails = list(set(ldap_user_emails) - set(active_user_emails)) - -seafile_domain = os.environ['SEAFILE_CURRENT_DOMAIN'] -source_user = sys.argv[1] -source_user_email = source_user + '@' + seafile_domain -assert (source_user_email in seafile_local_emails), 'The user must be in local seafile users list' - -# TODO we might want to use non_active_user_emails in place of ldap_user_emails here -filtered_potencial_target_users = list(filter(lambda email: email.startswith(source_user + '@'), ldap_user_emails)) -assert (not len(filtered_potencial_target_users) > 1), 'This user have multiple target possible can\'t continue' -assert (len(filtered_potencial_target_users) == 1), 'This user doesn\'t have any possible match in Yunohost LDAP' - -target_user_email = filtered_potencial_target_users[0] - -ccnet_api.get_emailuser_with_import(target_user_email) - -source_repositories = seafile_api.get_owned_repo_list(source_user_email); - -for repo in source_repositories: - seafile_api.set_repo_owner(repo.id, target_user_email) - -ccnet_api.remove_emailuser('DB', source_user_email) diff --git a/sources/seafile_api_loader.sh b/sources/seafile_api_loader.sh deleted file mode 100755 index d9a8847..0000000 --- a/sources/seafile_api_loader.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -# Source YunoHost helpers -source /usr/share/yunohost/helpers - -# Stop script if errors -#ynh_abort_if_errors - -# Import common cmd -#source ./experimental_helper.sh -#source ./_common.sh - -final_path=$(ynh_app_setting_get --app $YNH_APP_INSTANCE_NAME --key final_path) - -export SEAFILE_CURRENT_DOMAIN=$(ynh_app_setting_get --app $YNH_APP_INSTANCE_NAME --key domain) -export CCNET_CONF_DIR=$final_path/ccnet -export SEAFILE_CONF_DIR=$final_path/conf -export SEAFILE_CENTRAL_CONF_DIR=$final_path/conf - -export PYTHONPATH=$final_path/seafile-server-latest/seafile/lib/python2.7/site-packages:$final_path/seafile-server-latest/seafile/lib64/python2.7/site-packages:$PYTHONPATH - -python $*