From b94521751a22c74fe5453acd951c589f31d25549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 25 Mar 2020 23:00:34 +0100 Subject: [PATCH] Add group-permission support and use config helper --- conf/sogo.conf | 9 ++++--- manifest.json | 4 +-- scripts/_common.sh | 30 ++------------------- scripts/add_sso_conf.py | 16 ----------- scripts/install | 16 ++++++----- scripts/remove | 3 --- scripts/remove_sso_conf.py | 11 -------- scripts/remove_sso_conf_persistent.py | 39 +++++++++++++++++++++++++++ scripts/restore | 2 -- scripts/upgrade | 17 +++++++----- 10 files changed, 68 insertions(+), 79 deletions(-) delete mode 100644 scripts/add_sso_conf.py delete mode 100644 scripts/remove_sso_conf.py create mode 100644 scripts/remove_sso_conf_persistent.py diff --git a/conf/sogo.conf b/conf/sogo.conf index 52599c7..babf3c2 100644 --- a/conf/sogo.conf +++ b/conf/sogo.conf @@ -3,9 +3,9 @@ WOLogFile = /var/log/__APP__/sogo.log; /* Fix Yunohost Tile */ WODontZipResponse = YES; - SOGoProfileURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_user_profile"; - OCSFolderInfoURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_folder_info"; - OCSSessionsFolderURL = "mysql://__DBUSER__:__DBPASS__@localhost:3306/__APP__/sogo_sessions_folder"; + SOGoProfileURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_user_profile"; + OCSFolderInfoURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://__DB_USER__:__DB_PWD__@localhost:3306/__APP__/sogo_sessions_folder"; NGImap4ConnectionStringSeparator = "."; SOGoAppointmentSendEMailNotifications = YES; SOGoEnablePublicAccess = YES; @@ -26,7 +26,7 @@ SOGoMailMessageCheck = every_10_minutes; SOGoMailAuxiliaryUserAccountsEnabled = YES; SOGoTrustProxyAuthentication = YES; - SOGoSuperUsernames = (__ADMINUSER__); + SOGoSuperUsernames = (__ADMIN__); /* Default Calendar and Contacts Permissions */ SOGoCalendarDefaultRoles = ("PublicViewer", "ConfidentialDAndTViewer"); SOGoContactsDefaultRoles = ("ObjectViewer"); @@ -39,6 +39,7 @@ IDFieldName = uid; // first field of the DN for direct binds bindFields = (uid, mail); // array of fields to use for indirect binds baseDN = "ou=users,dc=yunohost,dc=org"; + filter = "objectClass='posixAccount' AND permission='cn=__APP__.main,ou=permission,dc=yunohost,dc=org'"; canAuthenticate = YES; displayName = "Yunohost Users"; hostname = ldap://localhost:389; diff --git a/manifest.json b/manifest.json index de23767..872fd07 100644 --- a/manifest.json +++ b/manifest.json @@ -4,7 +4,7 @@ "packaging_format": 1, "license": "LGPL-2.1,GPL-2.0", "url": "https://sogo.nu/", - "version": "4.0.7-1~ynh1", + "version": "4.0.7-1~ynh2", "description": { "en": "An opensource groupware for E-Mail, Contacts and Calender.", "fr": "Un groupware opensource pour les e-mail, contacts et calendrier" @@ -24,7 +24,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 4.0" + "yunohost": ">= 4.1" }, "arguments": { "install" : [ diff --git a/scripts/_common.sh b/scripts/_common.sh index ae966cc..0f5273b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -14,41 +14,15 @@ install_dependance() { ynh_install_app_dependencies sogo stunnel4 memcached } -config_sogo() { - # Avoid if the directory don't exist - mkdir -p /etc/$app - - ynh_backup_if_checksum_is_different --file /etc/$app/sogo.conf - cp ../conf/sogo.conf /etc/$app/sogo.conf - - ynh_replace_string --match_string __APP__ --replace_string $app --target_file /etc/$app/sogo.conf - ynh_replace_string --match_string __ADMINUSER__ --replace_string $admin --target_file /etc/$app/sogo.conf - ynh_replace_string --match_string __DBUSER__ --replace_string $db_user --target_file /etc/$app/sogo.conf - ynh_replace_string --match_string __DBPASS__ --replace_string $db_pwd --target_file /etc/$app/sogo.conf - ynh_replace_string --match_string __PORT__ --replace_string $port --target_file /etc/$app/sogo.conf - ynh_replace_string --match_string __SMTP_PORT__ --replace_string $smtp_port --target_file /etc/$app/sogo.conf - - ynh_store_file_checksum --file /etc/$app/sogo.conf -} - config_stunnel() { - ynh_backup_if_checksum_is_different --file /etc/stunnel/$app.conf - cp ../conf/stunnel.conf /etc/stunnel/$app.conf - - ynh_replace_string --match_string __SMTP_PORT__ --replace_string $smtp_port --target_file /etc/stunnel/$app.conf - - ynh_store_file_checksum --file /etc/stunnel/$app.conf + ynh_add_config --template="stunnel.conf" --destination="/etc/stunnel/$app.conf" # Enable stunnel at startup ynh_replace_string --match_string "ENABLED=0" --replace_string "ENABLED=1" --target_file /etc/default/stunnel4 } config_cron() { - ynh_backup_if_checksum_is_different --file /etc/cron.d/$app - - cp ../conf/cron /etc/cron.d/$app - ynh_replace_string --match_string __APP__ --replace_string $app --target_file /etc/cron.d/$app - ynh_store_file_checksum --file /etc/cron.d/$app + ynh_add_config --template="cron" --destination="/etc/cron.d/$app" systemctl restart cron } diff --git a/scripts/add_sso_conf.py b/scripts/add_sso_conf.py deleted file mode 100644 index 1fb9922..0000000 --- a/scripts/add_sso_conf.py +++ /dev/null @@ -1,16 +0,0 @@ -#!/usr/bin/python3 - -import json - -with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile: - try: - data = json.load(jsonFile) - except: - print("File /etc/ssowat/conf.json.persistent corrupt, make a new file") - data = {} - if not "skipped_urls" in data: - data["skipped_urls"] = [] - data["skipped_urls"] = list(set(data["skipped_urls"]) | set(["/Microsoft-Server-ActiveSync", "/principals"])) - -with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/scripts/install b/scripts/install index 0000d36..8e6324d 100755 --- a/scripts/install +++ b/scripts/install @@ -59,7 +59,8 @@ ynh_mysql_setup_db --db_name $db_name --db_user $db_user ynh_script_progression --message="Configuring application..." --weight=3 # Configure SOGO -config_sogo +mkdir -p /etc/$app +ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf" # Configure stunnel # To fix the issue https://sogo.nu/bugs/view.php?id=31 we need stunnel to be able to connect correctly to the smtp server @@ -82,13 +83,14 @@ set_permission # configure the sso ynh_script_progression --message="Configuring permissions..." -if [ "$is_public" = "0" ]; -then # Retire l'accès public - ynh_app_setting_delete --app $app --key skipped_uris -else - ynh_app_setting_set --app $app --key unprotected_uris --value "/" +ynh_permission_create --permission="sync_client" --allowed='visitors' --auth_header=false\ + --label="Sync client" --protected=true --show_tile=false\ + --additional_urls="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav" + +if [ "$is_public" == '1' ]; +then + ynh_permission_update --permission "main" --add "visitors" fi -python3 add_sso_conf.py # SETUP LOGROTATE ynh_script_progression --message="Configuring log rotation..." diff --git a/scripts/remove b/scripts/remove index 3fd2cc1..2d9f36f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -48,9 +48,6 @@ ynh_secure_remove --file="/etc/$app" # Remove stunnel config ynh_secure_remove --file="/etc/stunnel/$app.conf" -# Remove custom SSO config -python3 remove_sso_conf.py - # Remove service yunohost service remove $app diff --git a/scripts/remove_sso_conf.py b/scripts/remove_sso_conf.py deleted file mode 100644 index 26b7420..0000000 --- a/scripts/remove_sso_conf.py +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/python3 - -import json - -with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile: - data = json.load(jsonFile) - data["skipped_urls"].remove("/Microsoft-Server-ActiveSync") - data["skipped_urls"].remove("/principals") - -with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/scripts/remove_sso_conf_persistent.py b/scripts/remove_sso_conf_persistent.py new file mode 100644 index 0000000..663d86b --- /dev/null +++ b/scripts/remove_sso_conf_persistent.py @@ -0,0 +1,39 @@ +import json +import sys + +with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile: + data = json.load(jsonFile) + + for domain in ("", sys.argv[1]): + for path in ("/principals", "/Microsoft-Server-ActiveSync", "/.well-known/caldav", "/.well-known/carddav"): + url = domain + path + try: + uri_list = data["skipped_urls"] + while url in uri_list: + uri_list.remove(url) + except: + pass + + try: + uri_list = data["protected_urls"] + while url in uri_list: + uri_list.remove(url) + except: + pass + + try: + uri_list = data["permissions"]["custom_protected"]["uris"] + while url in uri_list: + uri_list.remove(url) + except: + pass + + try: + uri_list = data["permissions"]["custom_skipped"]["uris"] + while url in uri_list: + uri_list.remove(url) + except: + pass + +with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile: + jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/scripts/restore b/scripts/restore index c1d373d..4731326 100755 --- a/scripts/restore +++ b/scripts/restore @@ -55,8 +55,6 @@ ynh_replace_string --match_string "ENABLED=0" --replace_string "ENABLED=1" --tar ynh_script_progression --message="Protecting directory..." set_permission -python3 ../settings/scripts/add_sso_conf.py - # SETUP LOGROTATE ynh_use_logrotate --logfile /var/log/$app/sogo.log --nonappend diff --git a/scripts/upgrade b/scripts/upgrade index ef3b0ad..41b1cb5 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,7 +97,7 @@ install_dependance ynh_script_progression --message="Configuring application..." # Configure SOGO -config_sogo +ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf" # Configure stunnel config_stunnel @@ -118,13 +118,18 @@ set_permission # configure the sso ynh_script_progression --message="Configuring permissions..." -if [ "$is_public" = "0" ]; -then # Retire l'accès public - ynh_app_setting_delete --app $app --key skipped_uris + +if ! ynh_permission_exists --permission sync_client; then + ynh_permission_create --permission="sync_client" --allowed 'visitors' --auth_header=false\ + --label="Sync client" --protected=true --show_tile=false\ + --additional_urls="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav" + python3 remove_sso_conf_persistent.py $domain \ + || ynh_print_warn --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." else - ynh_app_setting_set --app $app --key unprotected_uris --value "/" + ynh_permission_update --permission="sync_client" --add='visitors' --label="Sync client" --protected=true --show_tile=false + ynh_permission_url --permission "sync_client" --auth_header=false\ + --add_url="/Microsoft-Server-ActiveSync" "/principals" "/.well-known/caldav" "/.well-known/carddav" fi -python3 add_sso_conf.py # SETUP LOGROTATE ynh_script_progression --message="Configuring log rotation..."