1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/vaultwarden_ynh.git synced 2024-09-03 18:26:31 +02:00

Merge pull request #109 from YunoHost-Apps/fix-auth-header

use new permission system
This commit is contained in:
yalh76 2021-02-15 22:30:25 +01:00 committed by GitHub
commit bc53517e20
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 17 deletions

View file

@ -13,7 +13,7 @@
"name": "yalh76" "name": "yalh76"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.8.4.8" "yunohost": ">= 4.1.3"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [

View file

@ -53,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
#================================================= #=================================================
@ -221,10 +220,12 @@ ynh_script_progression --message="Configuring SSOwat..."
# Make app public if necessary # Make app public if necessary
if [ $is_public -eq 1 ] if [ $is_public -eq 1 ]
then then
# unprotected_uris allows SSO credentials to be passed anyway. ynh_permission_update --permission="main" --add="visitors"
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
fi fi
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================

View file

@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin) admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token) admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
@ -33,6 +32,27 @@ ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
fi
if ! ynh_permission_exists --permission="admin"; then
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
@ -209,18 +229,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..."
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$" ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway
ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================