diff --git a/README.md b/README.md
index 75be263..a21efe2 100644
--- a/README.md
+++ b/README.md
@@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Simple, modern, lightweight & fast web-based email client. The drastically upgraded & secured fork of RainLoop Webmail Community edition.
-**Shipped version:** 2.28.4~ynh1
+**Shipped version:** 2.29.1~ynh1
**Demo:** https://snappymail.eu/demo/
@@ -32,7 +32,6 @@ Simple, modern, lightweight & fast web-based email client. The drastically upgra
* Official app website:
* Official admin documentation:
* Upstream app code repository:
-* YunoHost documentation for this app:
* Report a bug:
## Developer info
diff --git a/README_fr.md b/README_fr.md
index 189979f..41f253a 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Client de messagerie Web simple, moderne, léger et rapide. Snappymail est un fork considérablement amélioré et sécurisé de l'édition RainLoop Webmail Community.
-**Version incluse :** 2.28.4~ynh1
+**Version incluse :** 2.29.1~ynh1
**Démo :** https://snappymail.eu/demo/
@@ -31,7 +31,6 @@ Client de messagerie Web simple, moderne, léger et rapide. Snappymail est un fo
* Site officiel de l’app :
* Documentation officielle de l’admin :
* Dépôt de code officiel de l’app :
-* Documentation YunoHost pour cette app :
* Signaler un bug :
## Informations pour les développeurs
diff --git a/conf/application.ini b/conf/application.ini
index e6b4af9..41a9ddf 100644
--- a/conf/application.ini
+++ b/conf/application.ini
@@ -8,76 +8,115 @@ title = "SnappyMail Webmail"
; Text displayed on startup
loading_description = "SnappyMail"
favicon_url = ""
+app_path = ""
; Theme used by default
-theme = "Clear"
+theme = "Default"
; Allow theme selection on settings screen
allow_themes = On
allow_user_background = Off
; Language used by default
-language = "__LANGUAGE__"
+language = "en"
; Admin Panel interface language
-language_admin = "__LANGUAGE__"
+language_admin = "en"
; Allow language selection on settings screen
allow_languages_on_settings = On
allow_additional_accounts = On
allow_additional_identities = On
-; Number of messages displayed on page by default
+; Number of messages displayed on page by default
messages_per_page = 20
+; Mark message read after N seconds
+message_read_delay = 5
+
; File size limit (MB) for file upload on compose screen
; 0 for unlimited.
attachment_size_limit = 25
+; brotli or gzip compress the output.
+; Warning: only enable when server does not do this, else double compression errors occur
+compress_output = Off
+
[interface]
show_attachment_thumbnail = On
-new_move_to_folder_button = on
[contacts]
; Enable contacts
enable = On
-allow_sharing = On
allow_sync = On
sync_interval = 20
type = "mysql"
pdo_dsn = "mysql:host=127.0.0.1;port=3306;dbname=__DB_NAME__"
pdo_user = "__DB_USER__"
pdo_password = "__DB_PWD__"
-suggestions_limit = 30
+
+; PEM format certificate
+mysql_ssl_ca = ""
+mysql_ssl_verify = On
+
+; HIGH
+mysql_ssl_ciphers = ""
+suggestions_limit = 20
[security]
-; Enable CSRF protection (http://en.wikipedia.org/wiki/Cross-site_request_forgery)
-csrf_protection = On
custom_server_signature = "SnappyMail"
-x_frame_options_header = "DENY"
x_xss_protection_header = "1; mode=block"
openpgp = Off
-; Login and password for web admin panel
-admin_login = "admin"
-admin_password = "12345"
-admin_totp = ""
-
; Access settings
allow_admin_panel = On
-hide_x_mailer_header = On
+
+; Login and password for web admin panel
+admin_login = "admin"
+admin_password = ""
+admin_totp = ""
admin_panel_host = ""
admin_panel_key = "admin"
+force_https = Off
+hide_x_mailer_header = On
+
+; https://en.m.wikipedia.org/wiki/Load_(computing)
+max_sys_getloadavg = 0
+
+; For example to allow all images use "img-src https:". More info at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#directives
content_security_policy = ""
+
+; Report CSP errors to PHP and/or SnappyMail Log
csp_report = Off
+
+; A valid cipher method from https://php.net/openssl_get_cipher_methods
encrypt_cipher = "aes-256-cbc-hmac-sha1"
+; Strict, Lax or None
+cookie_samesite = "Strict"
+
+; Additional allowed Sec-Fetch combinations separated by ";".
+; For example:
+; * Allow iframe on same domain in any mode: dest=iframe,site=same-origin
+; * Allow navigate to iframe on same domain: mode=navigate,dest=iframe,site=same-origin
+; * Allow navigate to iframe on (sub)domain: mode=navigate,dest=iframe,site=same-site
+; * Allow navigate to iframe from any domain: mode=navigate,dest=iframe,site=cross-site
+;
+; Default is "site=same-origin;site=none"
+secfetch_allow = ""
+
+[admin_panel]
+allow_update = Off
+
[ssl]
; Require verification of SSL certificate used.
-verify_certificate = Off
+verify_certificate = On
; Allow self-signed certificates. Requires verify_certificate.
-allow_self_signed = On
+allow_self_signed = Off
+
+; https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
+security_level = 1
; Location of Certificate Authority file on local filesystem (/etc/ssl/certs/ca-certificates.crt)
cafile = ""
@@ -85,23 +124,40 @@ cafile = ""
; capath must be a correctly hashed certificate directory. (/etc/ssl/certs/)
capath = ""
+; Location of client certificate file (pem format with private key) on local filesystem
+local_cert = ""
+
+; This can help mitigate the CRIME attack vector.
+disable_compression = On
+
[capa]
contacts = On
quota = On
help = On
search = On
search_adv = On
+; Allow clear folder and delete messages without moving to trash
dangerous_actions = On
+
+; Allow download attachments as Zip (and optionally others)
attachments_actions = On
[login]
+; If someone logs in without "@domain.tld", this value will be used
+; When this value is HTTP_HOST, the $_SERVER["HTTP_HOST"] value is used.
+; When this value is SERVER_NAME, the $_SERVER["SERVER_NAME"] value is used.
+; When this value is gethostname, the gethostname() value is used.
+;
default_domain = "__DOMAIN__"
; Allow language selection on webmail login screen
allow_languages_on_login = On
+
+; Detect language from browser header `Accept-Language`
determine_user_language = On
+
+; Like default_domain but then HTTP_HOST/SERVER_NAME without www.
determine_user_domain = Off
-hide_submit_button = On
login_lowercase = On
; This option allows webmail to remember the logged in user
@@ -117,11 +173,11 @@ sign_me_auto = "DefaultOff"
; Enable plugin support
enable = On
-; List of enabled plugins
+; Comma-separated list of enabled plugins
enabled_list = "ldap-identities"
[defaults]
-; Editor mode used by default (Plain, Html, HtmlForced or PlainForced)
+; Editor mode used by default (Plain, Html)
view_editor_type = "Html"
; layout: 0 - no preview, 1 - side preview, 2 - bottom preview
@@ -139,22 +195,24 @@ mail_reply_same_folder = Off
; Enable logging
enable = Off
+; Path where log files will be stored
+path = ""
+
+; Log messages of set RFC 5424 section 6.2.1 Severity level and higher (0 = highest, 7 = lowest).
+; 0 = Emergency
+; 1 = Alert
+; 2 = Critical
+; 3 = Error
+; 4 = Warning
+; 5 = Notice
+; 6 = Informational
+; 7 = Debug
level = 4
-; Logs entire request only if error occured (php requred)
-write_on_error_only = Off
-
-; Logs entire request only if php error occured
-write_on_php_error_only = Off
-
-; Logs entire request only if request timeout (in seconds) occured.
-write_on_timeout_only = 0
-
; Required for development purposes only.
; Disabling this option is not recommended.
hide_passwords = On
-time_offset = __TIMEZONE__
-session_filter = ""
+time_zone = "__TIMEZONE__"
; Log filename.
; For security reasons, some characters are removed from filename.
@@ -182,16 +240,23 @@ session_filter = ""
; filename = "log-{date:Y-m-d}.txt"
; filename = "{date:Y-m-d}/{user:domain}/{user:email}_{user:uid}.log"
; filename = "{user:email}-{date:Y-m-d}.txt"
+; filename = "syslog"
+; filename = "stderr"
filename = "log-{date:Y-m-d}.txt"
; Enable auth logging in a separate file (for fail2ban)
auth_logging = On
-auth_logging_filename = "fail2ban/auth-fail.log"
-auth_logging_format = "[{date:Y-m-d H:i:s T}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
+auth_logging_filename = "fail2ban/auth-{date:Y-m-d}.txt"
+auth_logging_format = "[{date:Y-m-d H:i:s}] Auth failed: ip={request:ip} user={imap:login} host={imap:host} port={imap:port}"
+
+; Enable auth logging to syslog for fail2ban
+auth_syslog = Off
[debug]
; Special option required for development purposes
enable = Off
+javascript = Off
+css = Off
[cache]
; The section controls caching of the entire application.
@@ -199,10 +264,13 @@ enable = Off
; Enables caching in the system
enable = On
+; Path where cache files will be stored
+path = ""
+
; Additional caching key. If changed, cache is purged
index = "v1"
-; Can be: files, APC, memcache
+; Can be: files, APCU, memcache, redis (beta)
fast_cache_driver = "files"
; Additional caching key. If changed, fast cache is purged
@@ -216,58 +284,39 @@ http_expires = 3600
; Caching message UIDs when searching and sorting (threading)
server_uids = On
+system_data = On
+
+[imap]
+use_force_selection = Off
+use_expunge_all_on_delete = Off
+message_list_fast_simple_search = On
+message_list_permanent_filter = ""
+message_all_headers = Off
+show_login_alert = On
+fetch_new_messages = On
[labs]
-allow_prefetch = Off
-cache_system_data = On
+; Display message RFC 2822 date and time header, instead of the arrival internal date.
date_from_headers = On
-autocreate_system_folders = Off
allow_message_append = Off
-login_fault_delay = 1
+
+; When login fails, wait N seconds before responding
+login_fault_delay = 5
log_ajax_response_write_limit = 300
-allow_html_editor_source_button = Off
-allow_ctrl_enter_on_compose = On
-try_to_detect_hidden_images = Off
-use_app_debug_js = Off
-use_mobile_version_for_tablets = Off
-use_app_debug_css = Off
-use_imap_sort = On
-use_imap_force_selection = Off
-use_imap_thread = On
-use_imap_move = Off
-use_imap_expunge_all_on_delete = Off
-imap_forwarded_flag = "$Forwarded"
-imap_read_receipt_flag = "$ReadReceipt"
-imap_body_text_limit = 555000
-imap_message_list_fast_simple_search = On
-imap_message_list_count_limit_trigger = 0
-imap_message_list_date_filter = 0
-imap_message_list_permanent_filter = ""
-imap_message_all_headers = Off
-imap_large_thread_limit = 50
-imap_folder_list_limit = 200
-imap_show_login_alert = On
-imap_use_list_status = On
-imap_timeout = 300
smtp_show_server_errors = Off
-smtp_timeout = 60
sieve_auth_plain_initial = On
-sieve_allow_fileinfo_inbox = Off
-sieve__timeout = 10
-sasl_allow_plain = On
-sasl_allow_scram_sha = Off
-sasl_allow_cram_md5 = Off
+sieve_allow_fileinto_inbox = Off
+
+; PHP mail() remove To and Subject headers
mail_func_clear_headers = On
+
+; PHP mail() set -f emailaddress
mail_func_additional_parameters = Off
-favicon_status = On
folders_spec_limit = 50
curl_proxy = ""
curl_proxy_auth = ""
-in_iframe = Off
-force_https = Off
-custom_login_link = ""
-custom_logout_link = ""
-allow_external_login = Off
+custom_login_link=''
+custom_logout_link='https://__MAIN_DOMAIN__/yunohost/sso/?action=logout'
http_client_ip_check_proxy = Off
fast_cache_memcache_host = "127.0.0.1"
fast_cache_memcache_port = 11211
@@ -277,13 +326,11 @@ use_local_proxy_for_external_images = On
image_exif_auto_rotate = Off
cookie_default_path = ""
cookie_default_secure = Off
-check _new_messages = On
replace_env_in_configuration = ""
boundary_prefix = ""
-kolab_enabled = Off
dev_email = ""
dev_password = ""
[version]
-current = "2.15.0"
-saved = "Thu, 21 Apr 2022 15:18:08 +0000"
+current = "2.28.1"
+saved = "Wed, 21 Jun 2023 06:38:05 +0000"
diff --git a/conf/sso.php b/conf/sso.php
new file mode 100644
index 0000000..1013197
--- /dev/null
+++ b/conf/sso.php
@@ -0,0 +1,17 @@
+ Domains > __DOMAIN__ > SMTP > Check "Use authentication"
diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md
index 3f87d9e..f07b1c0 100644
--- a/doc/ADMIN_fr.md
+++ b/doc/ADMIN_fr.md
@@ -2,6 +2,6 @@ Le fichier de mot de passe est créé après la première ouverture de l'interfa
Assurez-vous de changer immédiatement le mot de passe par défaut !
-Ouvrez l'interface d'administration de Snappy `https://__DOMAIN____PATH__/?admin` pour configurer les paramètres de votre serveur de messagerie. Connectez-vous avec l'utilisateur "admin" et le mot de passe du fichier `__INSTALL_DIR__/data/_data_/_default_/admin_password.txt`.
+Ouvrez l'interface d'administration de Snappy `https://__DOMAIN____PATH__/app/?admin` pour configurer les paramètres de votre serveur de messagerie. Connectez-vous avec l'utilisateur "admin" et le mot de passe du fichier `__INSTALL_DIR__/data/_data_/_default_/admin_password.txt`.
En particulier, pour pouvoir envoyer des mails, il vous faut aller dans l'interface d'admin de Snappy > Domaines > __DOMAIN__ > SMTP > Coche "Use authentication"
diff --git a/manifest.toml b/manifest.toml
index a228b67..8143f63 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "SnappyMail"
description.en = "Simple, modern, lightweight & fast web-based e-mail client"
description.fr = "Client de messagerie Web simple, moderne, léger et rapide"
-version = "2.28.4~ynh1"
+version = "2.29.1~ynh1"
maintainers = ["eric_G"]
@@ -17,13 +17,13 @@ admindoc = "https://github.com/the-djmaze/snappymail/wiki"
code = "https://github.com/the-djmaze/snappymail"
[integration]
-yunohost = ">= 11.1.19"
+yunohost = ">= 11.2"
architectures = "all"
multi_instance = true
ldap = false
sso = false
disk = "50M"
-ram.build = "50M"
+ram.build = "100M"
ram.runtime = "50M"
[install]
@@ -43,8 +43,8 @@ ram.runtime = "50M"
[resources.sources]
[resources.sources.main]
- url = "https://github.com/the-djmaze/snappymail/releases/download/v2.28.4/snappymail-2.28.4.tar.gz"
- sha256 = "b573fb8f1a6a04048d4a135ef6b1e27b04a0756fca8241fcd15db85602655d91"
+ url = "https://github.com/the-djmaze/snappymail/releases/download/v2.29.1/snappymail-2.29.1.tar.gz"
+ sha256 = "644d7b542ae91e567818c73bf83694cae7a12ad61632becd24557584643e52c0"
in_subdir = false
autoupdate.strategy = "latest_github_tag"
@@ -56,4 +56,8 @@ ram.runtime = "50M"
main.url = "/"
[resources.apt]
- packages = "php8.2-sqlite3 php8.2-tidy php8.2-dom php8.2-intl php8.2-mysql php8.2-curl php8.2-gd php8.2-cli php8.2-xml php8.2-mbstring"
+ packages = "mariadb-server, php8.2-sqlite3, php8.2-tidy, php8.2-dom, php8.2-intl, php8.2-mysql, php8.2-curl, php8.2-gd, php8.2-cli, php8.2-xml, php8.2-mbstring"
+
+ [resources.database]
+ type = "mysql"
+
\ No newline at end of file
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 944a65e..7e974aa 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -4,6 +4,9 @@
# COMMON VARIABLES
#=================================================
+main_domain=$(cat /etc/yunohost/current_host)
+timezone=$(cat /etc/timezone)
+
#=================================================
# PERSONAL HELPERS
#=================================================
diff --git a/scripts/change_url b/scripts/change_url
index ab2d658..20ecf75 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -6,8 +6,26 @@
# IMPORT GENERIC HELPERS
#=================================================
+source _common.sh
source /usr/share/yunohost/helpers
+#=================================================
+# UPDATE A CONFIG FILE
+#=================================================
+ynh_script_progression --message="Updating a configuration file..." --weight=1
+
+ynh_add_config --template="application.ini" --destination="$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+chmod 400 "$install_dir/app/data/_data_/_default_/configs/application.ini"
+chown $app:$app "$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+#=================================================
+# SETUP SSO
+#=================================================
+ynh_script_progression --message="Applying SSO patch..." --weight=1
+
+ynh_add_config --template="../conf/sso.php" --destination="$install_dir/index.php"
+
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
diff --git a/scripts/install b/scripts/install
index e975d1d..e5da137 100755
--- a/scripts/install
+++ b/scripts/install
@@ -31,7 +31,7 @@ ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
ynh_script_progression --message="Setting up source files..." --weight=3
# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$install_dir"
+ynh_setup_source --dest_dir="$install_dir/app"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
@@ -50,6 +50,28 @@ ynh_add_nginx_config
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
+#=================================================
+# APP INITIAL CONFIGURATION
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+mkdir -p "$install_dir/app/data/_data_/_default_/configs"
+chown $app:$app -R "$install_dir/app/data/_data_"
+
+ynh_add_config --template="application.ini" --destination="$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+chmod 400 "$install_dir/app/data/_data_/_default_/configs/application.ini"
+chown $app:$app "$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+#=================================================
+# SETUP SSO
+#=================================================
+ynh_script_progression --message="Applying SSO patch..." --weight=1
+
+ynh_add_config --template="../conf/sso.php" --destination="$install_dir/index.php"
+
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 2b3636a..d39fa9f 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -38,6 +38,17 @@ if [ -z "${fpm_usage:-}" ]; then
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi
+# Do something when upgrading from 2.3.2~ynh1 or lower
+if ynh_compare_current_package_version --comparison le --version 2.28.4~ynh1
+then
+ # Move everything inside a $install_dir/app/ subfolder
+ # This allows to have a $install_dir/index.php handling the SSO
+ mkdir -p $install_dir/app
+ # Ugly way to not return an error when moving everything to a subfolter of the same folder https://stackoverflow.com/a/43262922
+ find $install_dir -maxdepth 1 -mindepth 1 -not -name app -exec mv -t $install_dir/app {} +
+ chown $app:root $install_dir/app/
+fi
+
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@@ -47,7 +58,7 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=5
# Download, check integrity, uncompress and patch the source from app.src
- ynh_setup_source --dest_dir="$install_dir" --keep="data/_data_/_default_/configs/application.ini"
+ ynh_setup_source --dest_dir="$install_dir/app" --keep="data/_data_/_default_/configs/application.ini"
fi
chmod -R o-rwx "$install_dir"
@@ -67,6 +78,25 @@ ynh_add_nginx_config
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
+#=================================================
+# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
+#=================================================
+# UPDATE A CONFIG FILE
+#=================================================
+ynh_script_progression --message="Updating a configuration file..." --weight=1
+
+ynh_add_config --template="application.ini" --destination="$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+chmod 400 "$install_dir/app/data/_data_/_default_/configs/application.ini"
+chown $app:$app "$install_dir/app/data/_data_/_default_/configs/application.ini"
+
+#=================================================
+# SETUP SSO
+#=================================================
+ynh_script_progression --message="Applying SSO patch..." --weight=1
+
+ynh_add_config --template="../conf/sso.php" --destination="$install_dir/index.php"
+
#=================================================
# END OF SCRIPT
#=================================================