[enh] Add a quick SSO support with LDAP and http_basic

For the SSO to work, the user must exist in Wallabag first. It then rely
on the provided HTTP basic with LDAP backend.

README.md

@@ -17,11 +17,10 @@ extracts content so that you can read it when you have time.
  * Consider using composer to fetch dependencies and retrieve Wallabag sources
    from the git repository - as suggested in the
    [official documentation](http://doc.wallabag.org/en/master/user/installation.html#on-a-dedicated-web-server-recommended-way)
- * Add YunoHost users and connect authentication to the SSO
+ * Add a `post_user_create` hook to create new YunoHost users in Wallabag -
+   or considering to do that dynamically
  * Write the upgrade / backup / restore scripts
 
-**Current state:** it only installs Wallabag yet without any user.
-
 ## Upgrade from v1
 
 The upgrade from the [Wallabag v1](https://github.com/YunoHost-Apps/wallabag_ynh)

manifest.json

@@ -42,6 +42,15 @@
                 },
                 "example": "/wallabag",
                 "default": "/wallabag"
+            },
+            {
+                "name": "admin",
+                "type": "user",
+                "ask": {
+                    "en": "Choose the Wallabag administrator",
+                    "fr": "Choisissez l'administrateur de Wallabag"
+                },
+                "example": "homer"
             }
         ]
     }

patches/00-ldap-auth.patch

@@ -0,0 +1,37 @@
+--- a/app/config/services.yml	2016-05-25 18:09:56.374914445 +0200
++++ b/app/config/services.yml	2016-05-25 18:07:38.775042951 +0200
+@@ -36,3 +36,7 @@
+         arguments: ["@session"]
+         tags:
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
++
++    yunohost.ldap:
++        class: Symfony\Component\Ldap\LdapClient
++        arguments: ["localhost"]
+--- a/app/config/security.yml	2016-05-25 18:09:46.814645164 +0200
++++ b/app/config/security.yml	2016-05-25 18:07:38.775042951 +0200
+@@ -11,6 +11,14 @@
+             entity: { class: WallabagUserBundle:User, property: username }
+         fos_userbundle:
+             id: fos_user.user_provider.username
++        yunohost_users:
++            ldap:
++                service: yunohost.ldap
++                base_dn: ou=users,dc=yunohost,dc=org
++                search_dn:
++                search_password:
++                filter: (&(uid={username})(objectClass=posixAccount))
++                default_roles: ROLE_USER
+ 
+     # the main part of the security, where you can set up firewalls
+     # for specific sections of your app
+@@ -36,6 +44,9 @@
+ 
+         secured_area:
+             pattern: ^/
++            http_basic_ldap:
++                service: yunohost.ldap
++                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
+             form_login:
+                 provider: fos_userbundle
+                 csrf_token_generator: security.csrf.token_manager

scripts/_common.sh

@@ -8,8 +8,8 @@ VERSION=2.0.4
 # Package name for Wallabag dependencies
 DEPS_PKG_NAME="wallabag-deps"
 
-# Wallabag git repository URL
+## Wallabag git repository URL
-WALLABAG_GIT_URL="https://github.com/wallabag/wallabag.git"
+#WALLABAG_GIT_URL="https://github.com/wallabag/wallabag.git"
 
 # Full Wallabag sources tarball URL
 WALLABAG_SOURCE_URL="https://framabag.org/wallabag-release-${VERSION}.tar.gz"
@@ -17,6 +17,9 @@ WALLABAG_SOURCE_URL="https://framabag.org/wallabag-release-${VERSION}.tar.gz"
 # Full Wallabag sources tarball checksum
 WALLABAG_SOURCE_SHA256="ffc19e6875463ce7407934acbd98ce6c66e6feb9de0314ea47cf88e4ab007897"
 
+# App package root directory should be the parent folder
+PKGDIR=$(cd ../; pwd)
+
 #
 # Common helpers
 #
@@ -105,4 +108,9 @@ extract_wallabag() {
   exec_as "$AS_USER" tar xf "$wb_tarball" -C "$DESTDIR" --strip-components 1 \
     || ynh_die "Unable to extract Wallabag tarball"
   rm -f "$wb_tarball"
+
+  # apply patches
+  (cd "$DESTDIR" \
+   && for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \
+    || ynh_die "Unable to apply patches to Wallabag"
 }

scripts/install

@@ -9,6 +9,7 @@ app=$YNH_APP_INSTANCE_NAME
 # Retrieve arguments
 domain=$1
 path=${2%/}
+admin=$3
 
 # Load common variables and helpers
 . ./_common.sh
@@ -21,6 +22,11 @@ dbuser=$app
 sudo yunohost app checkurl "${domain}${path}" -a "$app" \
   || exit 1
 
+# Check admin user parameter
+ynh_user_exists "$admin" \
+  || ynh_die "The chosen admin user does not exist"
+ynh_app_setting_set "$app" admin_user "$admin"
+
 # Check destination directory
 DESTDIR="/var/www/${app}"
 [[ -d "$DESTDIR" ]] && ynh_die \
@@ -60,6 +66,18 @@ sudo chown -R www-data: "$DESTDIR"
 #init_composer "$DESTDIR" www-data
 exec_console www-data "$DESTDIR" wallabag:install
 
+# Add users to Wallabag
+for username in $(ynh_user_list); do
+  user_email=$(sudo yunohost user info "$username" --output-as plain \
+                 | ynh_get_plain_key mail)
+  user_pass=$(ynh_string_random)
+  exec_console www-data "$DESTDIR" fos:user:create \
+      "$username" "$user_email" "$user_pass"
+done
+
+# Set admin user
+exec_console www-data "$DESTDIR" fos:user:promote --super "$admin"
+
 # Copy and set nginx configuration
 nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf"
 sed -i "s@{LOCATION}@${path:-/}@g" ../conf/nginx.conf