Use permission to protectect CAS server access

2024-09-03 20:26:38 +02:00 · 2020-02-22 00:48:55 +01:00 · 2020-02-22 00:48:55 +01:00 · 875638ff36
commit 875638ff36
parent 80252cffd5
5 changed files with 20 additions and 4 deletions
--- a/conf/add_sso_conf.py
+++ b/conf/add_sso_conf.py
@ -2,10 +2,14 @@ import json

 with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
    data = json.load(jsonFile)
-    if "skipped_urls" in data:
+    if "skipped_urls" in data and "/_matrix" not in data:
        data["skipped_urls"].append("/_matrix")
    else:
        data["skipped_urls"] = ["/_matrix"]
+    if "protected_urls" in data and "/_matrix/cas_server.php/login" not in data:
+        data["protected_urls"].append("/_matrix/cas_server.php/login")
+    else:
+        data["protected_urls"] = ["/_matrix/cas_server.php/login"]

 with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
+    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/conf/remove_sso_conf.py
+++ b/conf/remove_sso_conf.py
@ -3,6 +3,7 @@ import json
 with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
    data = json.load(jsonFile)
    data["skipped_urls"].remove("/_matrix")
+    data["protected_urls"].remove("/_matrix/cas_server.php/login")

 with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
+    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/manifest.json
+++ b/manifest.json
@ -14,7 +14,7 @@
 		"email": "josue@tille.ch"
 	},
 	"requirements": {
-		"yunohost": ">= 3.6"
+		"yunohost": ">= 3.7.0.4"
 	},
 	"multi_instance": true,
 	"services": [
--- a/scripts/install
+++ b/scripts/install
@ -391,6 +391,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1
 # Open access to server without a button the home
 # The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
 python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
+ynh_permission_url --permission main --url /_matrix/cas_server.php/login

 #=================================================
 # UPDATE HOOKS
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -431,6 +431,16 @@ ynh_add_fail2ban_config --use_template

 #=================================================
 # GENERIC FINALIZATION
+#=================================================
+# SETUP SSOWAT
+#=================================================
+ynh_script_progression --message="Configuring SSOwat..." --weight=1
+
+# Open access to server without a button the home
+# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
+python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
+ynh_permission_url --permission main --url /_matrix/cas_server.php/login
+
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================