Merge branch 'testing' into package_upgrade

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.2.tar.gz
+SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.7.tar.gz
-SOURCE_SUM=047a49d48a1199bd1634cab76d4af3dba95096885d4f7814377210fa76fbcc9f
+SOURCE_SUM=e223de12d8ea9f889e8660df4555c37c965f5ae1ca77af3d3532ab76889762cf
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true

manifest.json

@@ -6,7 +6,7 @@
         "en": "A self hostable read-it-later app",
         "fr": "Une application de lecture-plus-tard auto-hébergeable"
     },
-    "version": "2.3.2-1~ynh2",
+    "version": "2.3.7-1~ynh2",
     "url": "https://www.wallabag.org",
     "license": "MIT",
     "maintainer": {

scripts/backup

@@ -57,8 +57,13 @@ ynh_script_progression --message="Backing up the MySQL database..."
 
 ynh_mysql_dump_db --database="$db_name" > db.sql
 
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+ynh_backup "/etc/fail2ban/jail.d/$app.conf"
+ynh_backup "/etc/fail2ban/filter.d/$app.conf"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
-
+ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

scripts/install

@@ -148,6 +148,16 @@ $php_exec fos:user:promote --super "$admin"
 # Configure Wallabag instance URL
 ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'"
 
+#=================================================
+# CONFIGURE FAIL2BAN
+#=================================================
+# Create the log file is not already existing during install
+mkdir -p "/var/www/$app/var/logs/"
+touch "/var/www/$app/var/logs/prod.log"
+chown $app: "/var/www/$app/var/logs/prod.log"
+# Add fail2ban config
+ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/remove

@@ -63,6 +63,11 @@ ynh_script_progression --message="Removing php-fpm configuration"
 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config
 
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_remove_fail2ban_config
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/restore

@@ -85,6 +85,14 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=15
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
+
+ynh_systemd_action --action=reload --service_name=fail2ban # Reload instead of restart for better performance
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================

scripts/upgrade

@@ -123,6 +123,17 @@ ynh_script_progression --message="Upgrading php-fpm configuration..."
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
 
+# Set-up fail2ban
+# Create the log file is not already existing
+if [ ! -f "$final_path/var/logs/prod.log" ]
+then
+  mkdir -p "$final_path/var/logs/"
+  touch "$final_path/var/logs/prod.log"
+  chown $app: "$final_path/var/logs/prod.log"
+fi
+# Add fail2ban config
+ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5 # same as install config
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================

sources/patches/app-00-ldap-auth.patch

@@ -1,40 +1,46 @@
---- a/app/config/services.yml	2016-05-25 18:09:56.374914445 +0200
+diff --git a/app/config/security.yml b/app/config/security.yml
-+++ b/app/config/services.yml	2016-05-25 18:07:38.775042951 +0200
+index 02afc9ea..5a3f7a34 100644
-@@ -43,6 +43,10 @@
+--- a/app/config/security.yml
-         tags:
++++ b/app/config/security.yml
-             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+@@ -13,6 +13,14 @@ security:
-
+                 property: username
-+    yunohost.ldap:
+         fos_userbundle:
-+        class: Symfony\Component\Ldap\LdapClient
+             id: fos_user.user_provider.username_email
-+        arguments: ["localhost"]
++        yunohost_users:
-+
++            ldap:
-     craue_config_cache_provider:
++                service: yunohost.ldap
-         class: Symfony\Component\Cache\Adapter\FilesystemAdapter
++                base_dn: ou=users,dc=yunohost,dc=org
-         public: false
++                search_dn:
---- a/app/config/security.yml	2016-05-25 18:09:46.814645164 +0200
++                search_password:
-+++ b/app/config/security.yml	2016-05-25 18:07:38.775042951 +0200
++                filter: (&(uid={username})(objectClass=posixAccount))
-@@ -13,6 +13,14 @@
++                default_roles: ROLE_USER
-                 property: username
+
-         fos_userbundle:
+     # the main part of the security, where you can set up firewalls
-             id: fos_user.user_provider.username
+     # for specific sections of your app
-+        yunohost_users:
+@@ -38,6 +46,9 @@ security:
-+            ldap:
+
-+                service: yunohost.ldap
+         secured_area:
-+                base_dn: ou=users,dc=yunohost,dc=org
+             pattern: ^/
-+                search_dn:
++            http_basic_ldap:
-+                search_password:
++                service: yunohost.ldap
-+                filter: (&(uid={username})(objectClass=posixAccount))
++                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
-+                default_roles: ROLE_USER
+             form_login:
-
+                 provider: fos_userbundle
-     # the main part of the security, where you can set up firewalls
+                 csrf_token_generator: security.csrf.token_manager
-     # for specific sections of your app
+diff --git a/app/config/services.yml b/app/config/services.yml
-@@ -38,6 +46,9 @@
+index 7b85d846..f23961c5 100644
-
+--- a/app/config/services.yml
-         secured_area:
++++ b/app/config/services.yml
-             pattern: ^/
+@@ -43,6 +43,10 @@ services:
-+            http_basic_ldap:
+         tags:
-+                service: yunohost.ldap
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
-+                dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
+
-             form_login:
++    yunohost.ldap:
-                 provider: fos_userbundle
++        class: Symfony\Component\Ldap\LdapClient
-                 csrf_token_generator: security.csrf.token_manager
++        arguments: ["localhost"]
++
+     craue_config_cache_provider:
+         class: Symfony\Component\Cache\Adapter\FilesystemAdapter
+         public: false
+--
+2.17.1

sources/patches/app-01-logout-success-handler.patch

@@ -1,61 +1,63 @@
-diff --git a/app/config/security.yml b/app/config/security.yml
+diff --git a/app/config/security.yml b/app/config/security.yml
-index b07b509..62f2550 100644
+index 5a3f7a34..1720e741 100644
---- a/app/config/security.yml
+--- a/app/config/security.yml
-+++ b/app/config/security.yml
++++ b/app/config/security.yml
-@@ -60,7 +60,7 @@ security:
+@@ -62,7 +62,7 @@ security:
- 
+
-             logout:
+             logout:
-                 path:   /logout
+                 path:   /logout
--                target: /
+-                target: /
-+                success_handler: yunohost.logout_success_handler
++                success_handler: yunohost.logout_success_handler
- 
+
-     access_control:
+     access_control:
-         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
+         - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
-diff --git a/app/config/services.yml b/app/config/services.yml
+diff --git a/app/config/services.yml b/app/config/services.yml
-index 8a09fde..ee63e06 100644
+index f23961c5..f266e6d1 100644
---- a/app/config/services.yml
+--- a/app/config/services.yml
-+++ b/app/config/services.yml
++++ b/app/config/services.yml
-@@ -43,6 +43,10 @@
+@@ -43,6 +43,10 @@ services:
-         tags:
+         tags:
-             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+             - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
-
+
-+    yunohost.logout_success_handler:
++    yunohost.logout_success_handler:
-+        class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler
++        class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler
-+
++
-+
++
-     yunohost.ldap:
+     yunohost.ldap:
-         class: Symfony\Component\Ldap\LdapClient
+         class: Symfony\Component\Ldap\LdapClient
-         arguments: ["localhost"]
+         arguments: ["localhost"]
-diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
+diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
-new file mode 100644
+new file mode 100644
-index 0000000..b326824
+index 00000000..b3268243
---- /dev/null
+--- /dev/null
-+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
++++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
-@@ -0,0 +1,27 @@
+@@ -0,0 +1,27 @@
-+<?php
++<?php
-+
++
-+namespace Wallabag\YunoHostBundle\Security;
++namespace Wallabag\YunoHostBundle\Security;
-+
++
-+use Symfony\Component\HttpFoundation\Request;
++use Symfony\Component\HttpFoundation\Request;
-+use Symfony\Component\HttpFoundation\RedirectResponse;
++use Symfony\Component\HttpFoundation\RedirectResponse;
-+use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
++use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
-+
++
-+/**
++/**
-+ * Redirects to the SSO logout URL in case of a successful logout.
++ * Redirects to the SSO logout URL in case of a successful logout.
-+ *
++ *
-+ * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html
++ * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html
-+ */
++ */
-+class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
++class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
-+{
++{
-+    /**
++    /**
-+     * {@inheritdoc}
++     * {@inheritdoc}
-+     */
++     */
-+    public function onLogoutSuccess(Request $request)
++    public function onLogoutSuccess(Request $request)
-+    {
++    {
-+        // Retrieve the current SSO logout URL
++        // Retrieve the current SSO logout URL
-+        $main_domain = exec('cat /etc/yunohost/current_host');
++        $main_domain = exec('cat /etc/yunohost/current_host');
-+        $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout';
++        $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout';
-+
++
-+        return new RedirectResponse($url);
++        return new RedirectResponse($url);
-+    }
++    }
-+}
++}
+--
+2.17.1