Merge branch 'testing' into package_upgrade

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.2.tar.gz
-SOURCE_SUM=047a49d48a1199bd1634cab76d4af3dba95096885d4f7814377210fa76fbcc9f
+SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.7.tar.gz
+SOURCE_SUM=e223de12d8ea9f889e8660df4555c37c965f5ae1ca77af3d3532ab76889762cf
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true

manifest.json

@@ -6,7 +6,7 @@
         "en": "A self hostable read-it-later app",
         "fr": "Une application de lecture-plus-tard auto-hébergeable"
     },
-    "version": "2.3.2-1~ynh2",
+    "version": "2.3.7-1~ynh2",
     "url": "https://www.wallabag.org",
     "license": "MIT",
     "maintainer": {

scripts/backup

@@ -57,8 +57,13 @@ ynh_script_progression --message="Backing up the MySQL database..."
 
 ynh_mysql_dump_db --database="$db_name" > db.sql
 
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+ynh_backup "/etc/fail2ban/jail.d/$app.conf"
+ynh_backup "/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
-
-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
+ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

scripts/install

@@ -148,6 +148,16 @@ $php_exec fos:user:promote --super "$admin"
 # Configure Wallabag instance URL
 ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'"
 
+#=================================================
+# CONFIGURE FAIL2BAN
+#=================================================
+# Create the log file is not already existing during install
+mkdir -p "/var/www/$app/var/logs/"
+touch "/var/www/$app/var/logs/prod.log"
+chown $app: "/var/www/$app/var/logs/prod.log"
+# Add fail2ban config
+ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/remove

@@ -63,6 +63,11 @@ ynh_script_progression --message="Removing php-fpm configuration"
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_remove_fail2ban_config
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/restore

@@ -85,6 +85,14 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=15
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
+
+ynh_systemd_action --action=reload --service_name=fail2ban # Reload instead of restart for better performance
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================

scripts/upgrade

@@ -123,6 +123,17 @@ ynh_script_progression --message="Upgrading php-fpm configuration..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 
+# Set-up fail2ban
+# Create the log file is not already existing
+if [ ! -f "$final_path/var/logs/prod.log" ]
+then
+  mkdir -p "$final_path/var/logs/"
+  touch "$final_path/var/logs/prod.log"
+  chown $app: "$final_path/var/logs/prod.log"
+fi
+# Add fail2ban config
+ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5 # same as install config
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================

sources/patches/app-00-ldap-auth.patch

@@ -1,40 +1,46 @@
---- a/app/config/services.yml	2016-05-25 18:09:56.374914445 +0200
-+++ b/app/config/services.yml	2016-05-25 18:07:38.775042951 +0200
-@@ -43,6 +43,10 @@
-         tags:
-             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
-
-+    yunohost.ldap:
-+        class: Symfony\Component\Ldap\LdapClient
-+        arguments: ["localhost"]
-+
-     craue_config_cache_provider:
-         class: Symfony\Component\Cache\Adapter\FilesystemAdapter
-         public: false
---- a/app/config/security.yml	2016-05-25 18:09:46.814645164 +0200
-+++ b/app/config/security.yml	2016-05-25 18:07:38.775042951 +0200
-@@ -13,6 +13,14 @@
-                 property: username
-         fos_userbundle:
-             id: fos_user.user_provider.username
-+        yunohost_users:
-+            ldap:
-+                service: yunohost.ldap
-+                base_dn: ou=users,dc=yunohost,dc=org
-+                search_dn:
-+                search_password:
-+                filter: (&(uid={username})(objectClass=posixAccount))
-+                default_roles: ROLE_USER
-
-     # the main part of the security, where you can set up firewalls
-     # for specific sections of your app
-@@ -38,6 +46,9 @@
-
-         secured_area:
-             pattern: ^/
-+            http_basic_ldap:
-+                service: yunohost.ldap
-+                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
-             form_login:
-                 provider: fos_userbundle
-                 csrf_token_generator: security.csrf.token_manager
+diff --git a/app/config/security.yml b/app/config/security.yml
+index 02afc9ea..5a3f7a34 100644
+--- a/app/config/security.yml
++++ b/app/config/security.yml
+@@ -13,6 +13,14 @@ security:
+                 property: username
+         fos_userbundle:
+             id: fos_user.user_provider.username_email
++        yunohost_users:
++            ldap:
++                service: yunohost.ldap
++                base_dn: ou=users,dc=yunohost,dc=org
++                search_dn:
++                search_password:
++                filter: (&(uid={username})(objectClass=posixAccount))
++                default_roles: ROLE_USER
+
+     # the main part of the security, where you can set up firewalls
+     # for specific sections of your app
+@@ -38,6 +46,9 @@ security:
+
+         secured_area:
+             pattern: ^/
++            http_basic_ldap:
++                service: yunohost.ldap
++                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
+             form_login:
+                 provider: fos_userbundle
+                 csrf_token_generator: security.csrf.token_manager
+diff --git a/app/config/services.yml b/app/config/services.yml
+index 7b85d846..f23961c5 100644
+--- a/app/config/services.yml
++++ b/app/config/services.yml
+@@ -43,6 +43,10 @@ services:
+         tags:
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+
++    yunohost.ldap:
++        class: Symfony\Component\Ldap\LdapClient
++        arguments: ["localhost"]
++
+     craue_config_cache_provider:
+         class: Symfony\Component\Cache\Adapter\FilesystemAdapter
+         public: false
+--
+2.17.1

sources/patches/app-01-logout-success-handler.patch

@@ -1,61 +1,63 @@
-diff --git a/app/config/security.yml b/app/config/security.yml
-index b07b509..62f2550 100644
---- a/app/config/security.yml
-+++ b/app/config/security.yml
-@@ -60,7 +60,7 @@ security:
- 
-             logout:
-                 path:   /logout
--                target: /
-+                success_handler: yunohost.logout_success_handler
- 
-     access_control:
-         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-diff --git a/app/config/services.yml b/app/config/services.yml
-index 8a09fde..ee63e06 100644
---- a/app/config/services.yml
-+++ b/app/config/services.yml
-@@ -43,6 +43,10 @@
-         tags:
-             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
-
-+    yunohost.logout_success_handler:
-+        class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler
-+
-+
-     yunohost.ldap:
-         class: Symfony\Component\Ldap\LdapClient
-         arguments: ["localhost"]
-diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
-new file mode 100644
-index 0000000..b326824
---- /dev/null
-+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
-@@ -0,0 +1,27 @@
-+<?php
-+
-+namespace Wallabag\YunoHostBundle\Security;
-+
-+use Symfony\Component\HttpFoundation\Request;
-+use Symfony\Component\HttpFoundation\RedirectResponse;
-+use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
-+
-+/**
-+ * Redirects to the SSO logout URL in case of a successful logout.
-+ *
-+ * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html
-+ */
-+class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
-+{
-+    /**
-+     * {@inheritdoc}
-+     */
-+    public function onLogoutSuccess(Request $request)
-+    {
-+        // Retrieve the current SSO logout URL
-+        $main_domain = exec('cat /etc/yunohost/current_host');
-+        $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout';
-+
-+        return new RedirectResponse($url);
-+    }
-+}
+diff --git a/app/config/security.yml b/app/config/security.yml
+index 5a3f7a34..1720e741 100644
+--- a/app/config/security.yml
++++ b/app/config/security.yml
+@@ -62,7 +62,7 @@ security:
+
+             logout:
+                 path:   /logout
+-                target: /
++                success_handler: yunohost.logout_success_handler
+
+     access_control:
+         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+diff --git a/app/config/services.yml b/app/config/services.yml
+index f23961c5..f266e6d1 100644
+--- a/app/config/services.yml
++++ b/app/config/services.yml
+@@ -43,6 +43,10 @@ services:
+         tags:
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+
++    yunohost.logout_success_handler:
++        class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler
++
++
+     yunohost.ldap:
+         class: Symfony\Component\Ldap\LdapClient
+         arguments: ["localhost"]
+diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
+new file mode 100644
+index 00000000..b3268243
+--- /dev/null
++++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
+@@ -0,0 +1,27 @@
++<?php
++
++namespace Wallabag\YunoHostBundle\Security;
++
++use Symfony\Component\HttpFoundation\Request;
++use Symfony\Component\HttpFoundation\RedirectResponse;
++use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
++
++/**
++ * Redirects to the SSO logout URL in case of a successful logout.
++ *
++ * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html
++ */
++class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
++{
++    /**
++     * {@inheritdoc}
++     */
++    public function onLogoutSuccess(Request $request)
++    {
++        // Retrieve the current SSO logout URL
++        $main_domain = exec('cat /etc/yunohost/current_host');
++        $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout';
++
++        return new RedirectResponse($url);
++    }
++}
+--
+2.17.1