From 875638ff3649d75753df56692c9579714c3be1cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 22 Feb 2020 00:48:55 +0100 Subject: [PATCH] Use permission to protectect CAS server access --- conf/add_sso_conf.py | 8 ++++++-- conf/remove_sso_conf.py | 3 ++- manifest.json | 2 +- scripts/install | 1 + scripts/upgrade | 10 ++++++++++ 5 files changed, 20 insertions(+), 4 deletions(-) diff --git a/conf/add_sso_conf.py b/conf/add_sso_conf.py index 4595548..33d0622 100644 --- a/conf/add_sso_conf.py +++ b/conf/add_sso_conf.py @@ -2,10 +2,14 @@ import json with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile: data = json.load(jsonFile) - if "skipped_urls" in data: + if "skipped_urls" in data and "/_matrix" not in data: data["skipped_urls"].append("/_matrix") else: data["skipped_urls"] = ["/_matrix"] + if "protected_urls" in data and "/_matrix/cas_server.php/login" not in data: + data["protected_urls"].append("/_matrix/cas_server.php/login") + else: + data["protected_urls"] = ["/_matrix/cas_server.php/login"] with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) \ No newline at end of file + jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/conf/remove_sso_conf.py b/conf/remove_sso_conf.py index 46c5a86..748edf4 100644 --- a/conf/remove_sso_conf.py +++ b/conf/remove_sso_conf.py @@ -3,6 +3,7 @@ import json with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile: data = json.load(jsonFile) data["skipped_urls"].remove("/_matrix") + data["protected_urls"].remove("/_matrix/cas_server.php/login") with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) \ No newline at end of file + jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/manifest.json b/manifest.json index ec84f86..346ba1b 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "josue@tille.ch" }, "requirements": { - "yunohost": ">= 3.6" + "yunohost": ">= 3.7.0.4" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index f6c2998..d0d3cf4 100644 --- a/scripts/install +++ b/scripts/install @@ -391,6 +391,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Open access to server without a button the home # The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32" +ynh_permission_url --permission main --url /_matrix/cas_server.php/login #================================================= # UPDATE HOOKS diff --git a/scripts/upgrade b/scripts/upgrade index df20945..65683ca 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -431,6 +431,16 @@ ynh_add_fail2ban_config --use_template #================================================= # GENERIC FINALIZATION +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring SSOwat..." --weight=1 + +# Open access to server without a button the home +# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". +python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32" +ynh_permission_url --permission main --url /_matrix/cas_server.php/login + #================================================= # SECURE FILES AND DIRECTORIES #=================================================