mirror of
https://github.com/YunoHost-Apps/vaultwarden_ynh.git
synced 2024-09-03 18:26:31 +02:00
Merge pull request #109 from YunoHost-Apps/fix-auth-header
use new permission system
This commit is contained in:
commit
bc53517e20
3 changed files with 26 additions and 17 deletions
|
@ -13,7 +13,7 @@
|
|||
"name": "yalh76"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 3.8.4.8"
|
||||
"yunohost": ">= 4.1.3"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
|
|
|
@ -53,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..."
|
|||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||
ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
|
||||
|
||||
#=================================================
|
||||
|
@ -221,10 +220,12 @@ ynh_script_progression --message="Configuring SSOwat..."
|
|||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway.
|
||||
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
fi
|
||||
|
||||
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
|
@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
|
||||
|
@ -33,6 +32,27 @@ ynh_script_progression --message="Checking version..."
|
|||
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
||||
|
||||
# Cleaning legacy permissions
|
||||
if ynh_legacy_permissions_exists; then
|
||||
ynh_legacy_permissions_delete_all
|
||||
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
# Create a permission if needed
|
||||
if ! ynh_permission_exists --permission="api"; then
|
||||
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
|
||||
fi
|
||||
|
||||
if ! ynh_permission_exists --permission="admin"; then
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
|
@ -209,18 +229,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..."
|
|||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading SSOwat configuration..."
|
||||
|
||||
# Make app public if necessary
|
||||
if [ $is_public -eq 1 ]
|
||||
then
|
||||
# unprotected_uris allows SSO credentials to be passed anyway
|
||||
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue