diff --git a/conf/app.src b/conf/app.src index e628683..919fb64 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.2.tar.gz -SOURCE_SUM=047a49d48a1199bd1634cab76d4af3dba95096885d4f7814377210fa76fbcc9f +SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.7.tar.gz +SOURCE_SUM=e223de12d8ea9f889e8660df4555c37c965f5ae1ca77af3d3532ab76889762cf SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 505c2bd..ce6657f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A self hostable read-it-later app", "fr": "Une application de lecture-plus-tard auto-hébergeable" }, - "version": "2.3.2-1~ynh2", + "version": "2.3.7-1~ynh2", "url": "https://www.wallabag.org", "license": "MIT", "maintainer": { diff --git a/scripts/backup b/scripts/backup index 0c33772..37fb45c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -57,8 +57,13 @@ ynh_script_progression --message="Backing up the MySQL database..." ynh_mysql_dump_db --database="$db_name" > db.sql +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" + #================================================= # END OF SCRIPT #================================================= - -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last \ No newline at end of file diff --git a/scripts/install b/scripts/install index 522ba91..2b5a364 100644 --- a/scripts/install +++ b/scripts/install @@ -148,6 +148,16 @@ $php_exec fos:user:promote --super "$admin" # Configure Wallabag instance URL ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'" +#================================================= +# CONFIGURE FAIL2BAN +#================================================= +# Create the log file is not already existing during install +mkdir -p "/var/www/$app/var/logs/" +touch "/var/www/$app/var/logs/prod.log" +chown $app: "/var/www/$app/var/logs/prod.log" +# Add fail2ban config +ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/remove b/scripts/remove index 874cced..70f90cf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -63,6 +63,11 @@ ynh_script_progression --message="Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_remove_fail2ban_config + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index 227064c..ec62624 100644 --- a/scripts/restore +++ b/scripts/restore @@ -85,6 +85,14 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=15 # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies +#================================================= +# RESTORE FAIL2BAN CONFIGURATION +#================================================= +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" + +ynh_systemd_action --action=reload --service_name=fail2ban # Reload instead of restart for better performance + #================================================= # RESTORE THE MYSQL DATABASE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 2da2bab..13fcb68 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -123,6 +123,17 @@ ynh_script_progression --message="Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config +# Set-up fail2ban +# Create the log file is not already existing +if [ ! -f "$final_path/var/logs/prod.log" ] +then + mkdir -p "$final_path/var/logs/" + touch "$final_path/var/logs/prod.log" + chown $app: "$final_path/var/logs/prod.log" +fi +# Add fail2ban config +ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 # same as install config + #================================================= # SPECIFIC UPGRADE #================================================= diff --git a/sources/patches/app-00-ldap-auth.patch b/sources/patches/app-00-ldap-auth.patch index 5742009..3a36f5e 100644 --- a/sources/patches/app-00-ldap-auth.patch +++ b/sources/patches/app-00-ldap-auth.patch @@ -1,40 +1,46 @@ ---- a/app/config/services.yml 2016-05-25 18:09:56.374914445 +0200 -+++ b/app/config/services.yml 2016-05-25 18:07:38.775042951 +0200 -@@ -43,6 +43,10 @@ - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.ldap: -+ class: Symfony\Component\Ldap\LdapClient -+ arguments: ["localhost"] -+ - craue_config_cache_provider: - class: Symfony\Component\Cache\Adapter\FilesystemAdapter - public: false ---- a/app/config/security.yml 2016-05-25 18:09:46.814645164 +0200 -+++ b/app/config/security.yml 2016-05-25 18:07:38.775042951 +0200 -@@ -13,6 +13,14 @@ - property: username - fos_userbundle: - id: fos_user.user_provider.username -+ yunohost_users: -+ ldap: -+ service: yunohost.ldap -+ base_dn: ou=users,dc=yunohost,dc=org -+ search_dn: -+ search_password: -+ filter: (&(uid={username})(objectClass=posixAccount)) -+ default_roles: ROLE_USER - - # the main part of the security, where you can set up firewalls - # for specific sections of your app -@@ -38,6 +46,9 @@ - - secured_area: - pattern: ^/ -+ http_basic_ldap: -+ service: yunohost.ldap -+ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" - form_login: - provider: fos_userbundle - csrf_token_generator: security.csrf.token_manager +diff --git a/app/config/security.yml b/app/config/security.yml +index 02afc9ea..5a3f7a34 100644 +--- a/app/config/security.yml ++++ b/app/config/security.yml +@@ -13,6 +13,14 @@ security: + property: username + fos_userbundle: + id: fos_user.user_provider.username_email ++ yunohost_users: ++ ldap: ++ service: yunohost.ldap ++ base_dn: ou=users,dc=yunohost,dc=org ++ search_dn: ++ search_password: ++ filter: (&(uid={username})(objectClass=posixAccount)) ++ default_roles: ROLE_USER + + # the main part of the security, where you can set up firewalls + # for specific sections of your app +@@ -38,6 +46,9 @@ security: + + secured_area: + pattern: ^/ ++ http_basic_ldap: ++ service: yunohost.ldap ++ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" + form_login: + provider: fos_userbundle + csrf_token_generator: security.csrf.token_manager +diff --git a/app/config/services.yml b/app/config/services.yml +index 7b85d846..f23961c5 100644 +--- a/app/config/services.yml ++++ b/app/config/services.yml +@@ -43,6 +43,10 @@ services: + tags: + - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } + ++ yunohost.ldap: ++ class: Symfony\Component\Ldap\LdapClient ++ arguments: ["localhost"] ++ + craue_config_cache_provider: + class: Symfony\Component\Cache\Adapter\FilesystemAdapter + public: false +-- +2.17.1 diff --git a/sources/patches/app-01-logout-success-handler.patch b/sources/patches/app-01-logout-success-handler.patch index 166643d..d321d54 100644 --- a/sources/patches/app-01-logout-success-handler.patch +++ b/sources/patches/app-01-logout-success-handler.patch @@ -1,61 +1,63 @@ -diff --git a/app/config/security.yml b/app/config/security.yml -index b07b509..62f2550 100644 ---- a/app/config/security.yml -+++ b/app/config/security.yml -@@ -60,7 +60,7 @@ security: - - logout: - path: /logout -- target: / -+ success_handler: yunohost.logout_success_handler - - access_control: - - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } -diff --git a/app/config/services.yml b/app/config/services.yml -index 8a09fde..ee63e06 100644 ---- a/app/config/services.yml -+++ b/app/config/services.yml -@@ -43,6 +43,10 @@ - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.logout_success_handler: -+ class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler -+ -+ - yunohost.ldap: - class: Symfony\Component\Ldap\LdapClient - arguments: ["localhost"] -diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -new file mode 100644 -index 0000000..b326824 ---- /dev/null -+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php -@@ -0,0 +1,27 @@ -+