[enh] Add a quick SSO support with LDAP and http_basic

For the SSO to work, the user must exist in Wallabag first. It then rely on the provided HTTP basic with LDAP backend.
2024-10-01 13:35:06 +02:00 · 2016-05-25 22:49:16 +02:00 · 2016-05-25 22:49:16 +02:00 · c00290c84c
commit c00290c84c
parent 38a30f8b12
5 changed files with 76 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -17,11 +17,10 @@ extracts content so that you can read it when you have time.
 * Consider using composer to fetch dependencies and retrieve Wallabag sources
   from the git repository - as suggested in the
   [official documentation](http://doc.wallabag.org/en/master/user/installation.html#on-a-dedicated-web-server-recommended-way)
- * Add YunoHost users and connect authentication to the SSO
+ * Add a `post_user_create` hook to create new YunoHost users in Wallabag -
+   or considering to do that dynamically
 * Write the upgrade / backup / restore scripts

-**Current state:** it only installs Wallabag yet without any user.
-
 ## Upgrade from v1

 The upgrade from the [Wallabag v1](https://github.com/YunoHost-Apps/wallabag_ynh)
--- a/manifest.json
+++ b/manifest.json
@ -42,6 +42,15 @@
                },
                "example": "/wallabag",
                "default": "/wallabag"
+            },
+            {
+                "name": "admin",
+                "type": "user",
+                "ask": {
+                    "en": "Choose the Wallabag administrator",
+                    "fr": "Choisissez l'administrateur de Wallabag"
+                },
+                "example": "homer"
            }
        ]
    }
--- a/patches/00-ldap-auth.patch
+++ b/patches/00-ldap-auth.patch
@ -0,0 +1,37 @@
+--- a/app/config/services.yml	2016-05-25 18:09:56.374914445 +0200
+++ b/app/config/services.yml	2016-05-25 18:07:38.775042951 +0200
+@@ -36,3 +36,7 @@
+         arguments: ["@session"]
+         tags:
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+
+    yunohost.ldap:
+        class: Symfony\Component\Ldap\LdapClient
+        arguments: ["localhost"]
+--- a/app/config/security.yml	2016-05-25 18:09:46.814645164 +0200
+++ b/app/config/security.yml	2016-05-25 18:07:38.775042951 +0200
+@@ -11,6 +11,14 @@
+             entity: { class: WallabagUserBundle:User, property: username }
+         fos_userbundle:
+             id: fos_user.user_provider.username
+        yunohost_users:
+            ldap:
+                service: yunohost.ldap
+                base_dn: ou=users,dc=yunohost,dc=org
+                search_dn:
+                search_password:
+                filter: (&(uid={username})(objectClass=posixAccount))
+                default_roles: ROLE_USER
+ 
+     # the main part of the security, where you can set up firewalls
+     # for specific sections of your app
+@@ -36,6 +44,9 @@
+ 
+         secured_area:
+             pattern: ^/
+            http_basic_ldap:
+                service: yunohost.ldap
+                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
+             form_login:
+                 provider: fos_userbundle
+                 csrf_token_generator: security.csrf.token_manager
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -8,8 +8,8 @@ VERSION=2.0.4
 # Package name for Wallabag dependencies
 DEPS_PKG_NAME="wallabag-deps"

-# Wallabag git repository URL
-WALLABAG_GIT_URL="https://github.com/wallabag/wallabag.git"
+## Wallabag git repository URL
+#WALLABAG_GIT_URL="https://github.com/wallabag/wallabag.git"

 # Full Wallabag sources tarball URL
 WALLABAG_SOURCE_URL="https://framabag.org/wallabag-release-${VERSION}.tar.gz"
@ -17,6 +17,9 @@ WALLABAG_SOURCE_URL="https://framabag.org/wallabag-release-${VERSION}.tar.gz"
 # Full Wallabag sources tarball checksum
 WALLABAG_SOURCE_SHA256="ffc19e6875463ce7407934acbd98ce6c66e6feb9de0314ea47cf88e4ab007897"

+# App package root directory should be the parent folder
+PKGDIR=$(cd ../; pwd)
+
 #
 # Common helpers
 #
@ -105,4 +108,9 @@ extract_wallabag() {
  exec_as "$AS_USER" tar xf "$wb_tarball" -C "$DESTDIR" --strip-components 1 \
    || ynh_die "Unable to extract Wallabag tarball"
  rm -f "$wb_tarball"
+
+  # apply patches
+  (cd "$DESTDIR" \
+   && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \
+    || ynh_die "Unable to apply patches to Wallabag"
 }
--- a/scripts/install
+++ b/scripts/install
@ -9,6 +9,7 @@ app=$YNH_APP_INSTANCE_NAME
 # Retrieve arguments
 domain=$1
 path=${2%/}
+admin=$3

 # Load common variables and helpers
 . ./_common.sh
@ -21,6 +22,11 @@ dbuser=$app
 sudo yunohost app checkurl "${domain}${path}" -a "$app" \
  || exit 1

+# Check admin user parameter
+ynh_user_exists "$admin" \
+  || ynh_die "The chosen admin user does not exist"
+ynh_app_setting_set "$app" admin_user "$admin"
+
 # Check destination directory
 DESTDIR="/var/www/${app}"
 [[ -d "$DESTDIR" ]] && ynh_die \
@ -60,6 +66,18 @@ sudo chown -R www-data: "$DESTDIR"
 #init_composer "$DESTDIR" www-data
 exec_console www-data "$DESTDIR" wallabag:install

+# Add users to Wallabag
+for username in $(ynh_user_list); do
+  user_email=$(sudo yunohost user info "$username" --output-as plain \
+                 | ynh_get_plain_key mail)
+  user_pass=$(ynh_string_random)
+  exec_console www-data "$DESTDIR" fos:user:create \
+      "$username" "$user_email" "$user_pass"
+done
+
+# Set admin user
+exec_console www-data "$DESTDIR" fos:user:promote --super "$admin"
+
 # Copy and set nginx configuration
 nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
 sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf