Merge branch 'testing' into nodejs-8.14.1

README.md

@@ -9,7 +9,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to
 ## Overview
 Wekan is an open-source kanban board (task manager and organizer)
 
-**Shipped version:** 2.37
+**Shipped version:** 2.40
 
 ## Screenshots
 

conf/.env

@@ -0,0 +1,338 @@
+# The Node Environnement
+NODE_ENV=production
+
+# The path to NODEJS
+PATH=__NODEJS_PATH__
+
+# Activate Debug mode
+#DEBUG=true
+
+# URL of the mongodb
+MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
+
+# Root URL
+ROOT_URL=https://__DOMAIN_URI__
+
+# Mail URL
+MAIL_URL='smtp://user:pass@mailserver.example.com:25/'
+
+# This is local port where Wekan Node.js runs
+PORT=__PORT__
+
+#---------------------------------------------
+# Wekan Export Board works when WITH_API=true.
+# If you disable Wekan API with false, Export Board does not work.
+WITH_API='true'
+
+#---------------------------------------------
+# CORS: Set Access-Control-Allow-Origin header. Example: *
+#CORS=*
+
+#---------------------------------------------
+## Optional: Integration with Matomo https://matomo.org that is installed to your server
+## The address of the server where Matomo is hosted:
+# Example: MATOMO_ADDRESS=https://example.com/matomo
+#MATOMO_ADDRESS=
+
+## The value of the site ID given in Matomo server for Wekan
+# Example: MATOMO_SITE_ID=123456789
+#MATOMO_SITE_ID=''
+
+## The option do not track which enables users to not be tracked by matomo"
+#Example: MATOMO_DO_NOT_TRACK=false
+#MATOMO_DO_NOT_TRACK=true
+
+## The option that allows matomo to retrieve the username:
+# Example: MATOMO_WITH_USERNAME=true
+#MATOMO_WITH_USERNAME='false'
+
+#---------------------------------------------
+# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside.
+# Setting this to false is not recommended, it also disables all other browser policy protections
+# and allows all iframing etc. See wekan/server/policy.js
+# Default value: true
+BROWSER_POLICY_ENABLED=true
+
+# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside.
+# Example: TRUSTED_URL=http://example.com
+TRUSTED_URL=''
+
+# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId .
+# Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId
+WEBHOOKS_ATTRIBUTES=''
+
+#---------------------------------------------
+# ==== OAUTH2 AZURE ====
+# https://github.com/wekan/wekan/wiki/Azure
+# 1) Register the application with Azure. Make sure you capture
+#    the application ID as well as generate a secret key.
+# 2) Configure the environment variables. This differs slightly
+#     by installation type, but make sure you have the following:
+#OAUTH2_ENABLED=true
+
+# Application GUID captured during app registration:
+#OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
+
+# Secret key generated during app registration:
+#OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+#OAUTH2_SERVER_URL=https://login.microsoftonline.com/
+#OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize
+#OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo
+#OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token
+
+# The claim name you want to map to the unique ID field:
+#OAUTH2_ID_MAP=email
+
+# The claim name you want to map to the username field:
+#OAUTH2_USERNAME_MAP=email
+
+# The claim name you want to map to the full name field:
+#OAUTH2_FULLNAME_MAP=name
+
+# The claim name you want to map to the email field:
+#OAUTH2_EMAIL_MAP=email
+
+#-----------------------------------------------------------------
+# ==== OAUTH2 KEYCLOAK ====
+# https://github.com/wekan/wekan/wiki/Keycloak  <== MAPPING INFO, REQUIRED
+#OAUTH2_ENABLED=true
+#OAUTH2_CLIENT_ID=<Keycloak create Client ID>
+#OAUTH2_SERVER_URL=<Keycloak server name>/auth
+#OAUTH2_AUTH_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/auth
+#OAUTH2_USERINFO_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/userinfo
+#OAUTH2_TOKEN_ENDPOINT=/realms/<keycloak realm>/protocol/openid-connect/token
+#OAUTH2_SECRET=<keycloak client secret>
+
+#-----------------------------------------------------------------
+# ==== OAUTH2 DOORKEEPER ====
+# https://github.com/wekan/wekan/issues/1874
+# https://github.com/wekan/wekan/wiki/OAuth2
+# Enable the OAuth2 connection
+#OAUTH2_ENABLED=true
+
+# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2
+# OAuth2 Client ID.
+#OAUTH2_CLIENT_ID=abcde12345
+
+# OAuth2 Secret.
+#OAUTH2_SECRET=54321abcde
+
+# OAuth2 Server URL.
+#OAUTH2_SERVER_URL=https://chat.example.com
+
+# OAuth2 Authorization Endpoint.
+#OAUTH2_AUTH_ENDPOINT=/oauth/authorize
+
+# OAuth2 Userinfo Endpoint.
+#OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo
+
+# OAuth2 Token Endpoint.
+#OAUTH2_TOKEN_ENDPOINT=/oauth/token
+
+# OAuth2 ID Mapping
+#OAUTH2_ID_MAP=
+
+# OAuth2 Username Mapping
+#OAUTH2_USERNAME_MAP=
+
+# OAuth2 Fullname Mapping
+#OAUTH2_FULLNAME_MAP=
+
+# OAuth2 Email Mapping
+#OAUTH2_EMAIL_MAP=
+
+#---------------------------------------------
+# LDAP_ENABLE : Enable or not the connection by the LDAP
+# example :  LDAP_ENABLE=true
+#LDAP_ENABLE=false
+
+# LDAP_PORT : The port of the LDAP server
+# example :  LDAP_PORT=389
+#LDAP_PORT=389
+
+# LDAP_HOST : The host server for the LDAP server
+# example :  LDAP_HOST=localhost
+#LDAP_HOST=
+
+# LDAP_BASEDN : The base DN for the LDAP Tree
+# example :  LDAP_BASEDN=ou=user,dc=example,dc=org
+#LDAP_BASEDN=
+
+# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method
+# example :  LDAP_LOGIN_FALLBACK=true
+#LDAP_LOGIN_FALLBACK=false
+
+# LDAP_RECONNECT : Reconnect to the server if the connection is lost
+# example :  LDAP_RECONNECT=false
+#LDAP_RECONNECT=true
+
+# LDAP_TIMEOUT : Overall timeout, in milliseconds
+# example :  LDAP_TIMEOUT=12345
+#LDAP_TIMEOUT=10000
+
+# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds
+# example :  LDAP_IDLE_TIMEOUT=12345
+#LDAP_IDLE_TIMEOUT=10000
+
+# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds
+# example :  LDAP_CONNECT_TIMEOUT=12345
+#LDAP_CONNECT_TIMEOUT=10000
+
+# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search
+# example :  LDAP_AUTHENTIFICATION=true
+#LDAP_AUTHENTIFICATION=false
+
+# LDAP_AUTHENTIFICATION_USERDN : The search user DN
+# example :  LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org
+#LDAP_AUTHENTIFICATION_USERDN=
+
+# LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user
+# example : AUTHENTIFICATION_PASSWORD=admin
+#LDAP_AUTHENTIFICATION_PASSWORD=
+
+# LDAP_LOG_ENABLED : Enable logs for the module
+# example :  LDAP_LOG_ENABLED=true
+#LDAP_LOG_ENABLED=false
+
+# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background
+# example :  LDAP_BACKGROUND_SYNC=true
+#LDAP_BACKGROUND_SYNC=false
+
+# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds
+# example :  LDAP_BACKGROUND_SYNC_INTERVAL=12345
+#LDAP_BACKGROUND_SYNC_INTERVAL=100
+
+# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED :
+# example :  LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true
+#LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false
+
+# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS :
+# example :  LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true
+#LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false
+
+# LDAP_ENCRYPTION : If using LDAPS
+# example :  LDAP_ENCRYPTION=ssl
+#LDAP_ENCRYPTION=false
+
+# LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file.
+# example :  LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE-----
+#LDAP_CA_CERT=
+
+# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate
+# example :  LDAP_REJECT_UNAUTHORIZED=true
+#LDAP_REJECT_UNAUTHORIZED=false
+
+# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed
+# example :  LDAP_USER_SEARCH_FILTER=
+#LDAP_USER_SEARCH_FILTER=
+
+# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree)
+# example :  LDAP_USER_SEARCH_SCOPE=one
+#LDAP_USER_SEARCH_SCOPE=
+
+# LDAP_USER_SEARCH_FIELD : Which field is used to find the user
+# example :  LDAP_USER_SEARCH_FIELD=uid
+#LDAP_USER_SEARCH_FIELD=
+
+# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited)
+# example :  LDAP_SEARCH_PAGE_SIZE=12345
+#LDAP_SEARCH_PAGE_SIZE=0
+
+# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited)
+# example :  LDAP_SEARCH_SIZE_LIMIT=12345
+#LDAP_SEARCH_SIZE_LIMIT=0
+
+# LDAP_GROUP_FILTER_ENABLE : Enable group filtering
+# example :  LDAP_GROUP_FILTER_ENABLE=true
+#LDAP_GROUP_FILTER_ENABLE=false
+
+# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering
+# example :  LDAP_GROUP_FILTER_OBJECTCLASS=group
+#LDAP_GROUP_FILTER_OBJECTCLASS=
+
+# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE :
+# example :
+#LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE=
+
+# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE :
+# example :
+#LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE=
+
+# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT :
+# example :
+#LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT=
+
+# LDAP_GROUP_FILTER_GROUP_NAME :
+# example :
+#LDAP_GROUP_FILTER_GROUP_NAME=
+
+# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier)
+# example :  LDAP_UNIQUE_IDENTIFIER_FIELD=guid
+#LDAP_UNIQUE_IDENTIFIER_FIELD=
+
+# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8
+# example :  LDAP_UTF8_NAMES_SLUGIFY=false
+#LDAP_UTF8_NAMES_SLUGIFY=true
+
+# LDAP_USERNAME_FIELD : Which field contains the ldap username
+# example :  LDAP_USERNAME_FIELD=username
+#LDAP_USERNAME_FIELD=
+
+# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname
+# example :  LDAP_FULLNAME_FIELD=fullname
+#LDAP_FULLNAME_FIELD=
+
+# LDAP_MERGE_EXISTING_USERS :
+# example :  LDAP_MERGE_EXISTING_USERS=true
+#LDAP_MERGE_EXISTING_USERS=false
+
+# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match
+# example: LDAP_EMAIL_MATCH_ENABLE=true
+#LDAP_EMAIL_MATCH_ENABLE=false
+
+# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match
+# example: LDAP_EMAIL_MATCH_REQUIRE=true
+#LDAP_EMAIL_MATCH_REQUIRE=false
+
+# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching
+# example: LDAP_EMAIL_MATCH_VERIFIED=true
+#LDAP_EMAIL_MATCH_VERIFIED=false
+
+# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address
+# example: LDAP_EMAIL_FIELD=mail
+#LDAP_EMAIL_FIELD=
+
+# LDAP_SYNC_USER_DATA :
+# example :  LDAP_SYNC_USER_DATA=true
+#LDAP_SYNC_USER_DATA=false
+
+# LDAP_SYNC_USER_DATA_FIELDMAP :
+# example :  LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"}
+#LDAP_SYNC_USER_DATA_FIELDMAP=
+
+# LDAP_SYNC_GROUP_ROLES :
+# example :
+#LDAP_SYNC_GROUP_ROLES=
+
+# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP
+# example :
+#LDAP_DEFAULT_DOMAIN=
+
+# Enable/Disable syncing of admin status based on ldap groups:
+#LDAP_SYNC_ADMIN_STATUS=true
+
+# Comma separated list of admin group names to sync.
+#LDAP_SYNC_ADMIN_GROUPS=group1,group2
+
+# LOGOUT_WITH_TIMER : Enables or not the option logout with timer
+# example : LOGOUT_WITH_TIMER=true
+#LOGOUT_WITH_TIMER=
+
+# LOGOUT_IN : The number of days
+# example : LOGOUT_IN=1
+#LOGOUT_IN=
+#LOGOUT_ON_HOURS=
+
+# LOGOUT_ON_MINUTES : The number of minutes
+# example : LOGOUT_ON_MINUTES=55
+#LOGOUT_ON_MINUTES=

conf/app.src

@@ -1,7 +1,7 @@
 # This is on YunoHost server just to avoid the file from disappearing
 # Original source is https://releases.wekan.team/
-SOURCE_URL=https://raw.githubusercontent.com/yalh76/wekan_ynh/2.37/conf/wekan-2.37.tar.gz
-SOURCE_SUM=471c3c9190119da0b988a9ae0c28aa80388e07bd8d3720ff44e8a9ecac681c5b
+SOURCE_URL=https://raw.githubusercontent.com/yalh76/wekan_ynh/2.40/conf/wekan-2.40.tar.gz
+SOURCE_SUM=d49ca72918f979ad1488dfa0f23b099e241eef1eabcbc865fa42f32e6c490018
 SOURCE_SUM_PRG=sha256sum
 ARCH_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true

conf/systemd.service

@@ -7,10 +7,7 @@ After=network.target mongodb.service
 Type=simple
 User=__APP__
 Group=__APP__
-Environment="PATH=__ENV_PATH__"
-Environment=NODE_ENV=production
-Environment=MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__
-Environment=ROOT_URL=https://__DOMAIN_URI__ PORT=__PORT__
+EnvironmentFile=__FINALPATH__/.env
 WorkingDirectory=__FINALPATH__
 ExecStart=/opt/node_n/bin/node __FINALPATH__/main.js
 Restart=on-failure

manifest.json

@@ -6,7 +6,7 @@
         "en": "Trello-like kanban",
         "fr": "Un kanban similaire à Trello"
     },
-    "version": "2.37~ynh1",
+    "version": "2.40~ynh1",
     "url": "https://wekan.io",
     "license": "MIT",
     "maintainer": {

scripts/install

@@ -166,16 +166,11 @@ ynh_system_user_create $app "$final_path"
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-# INSTALL WEKAN NPM DEPENDENCIES
-#=================================================
-ynh_print_info "Installing wekan npm dependencies ..."
 
-# Install wekan dependencies
-chown -R $app $final_path
-pushd $final_path/programs/server
-    ynh_use_nodejs
-    npm install
-popd
+# Start mogodb
+ynh_print_info "Starting mongodb ..."
+systemctl enable mongodb
+systemctl restart mongodb
 
 #=================================================
 # SETUP SYSTEMD
@@ -194,13 +189,32 @@ ynh_print_info "Configuring a systemd service..."
 ###		- And the section "SETUP SYSTEMD" in the upgrade script
 
 # Create a dedicated systemd config
-ynh_print_info "Adding wekan systemd service ..."
-ynh_replace_string "__ENV_PATH__" "$nodejs_path"               "../conf/systemd.service"
-ynh_replace_string "__DB_NAME__"  "$db_name"                "../conf/systemd.service"
-ynh_replace_string "__DOMAIN_URI__"      "$domain$path_url"          "../conf/systemd.service"
-ynh_replace_string "__PORT__"     "$port"               "../conf/systemd.service"
 ynh_add_systemd_config
 
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
+### `ynh_replace_string` is used to replace a string in a file.
+### (It's compatible with sed regular expressions syntax)
+cp "../conf/.env" "$final_path/.env"
+
+ynh_replace_string "__NODEJS_PATH__" "$nodejs_path" "$final_path/.env"
+ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/.env"
+ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "$final_path/.env"
+ynh_replace_string "__PORT__" "$port" "$final_path/.env"
+
+#=================================================
+# STORE THE CONFIG FILE CHECKSUM
+#=================================================
+
+### `ynh_store_file_checksum` is used to store the checksum of a file.
+### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`,
+### you can make a backup of this file before modifying it again if the admin had modified it.
+
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/.env"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================

scripts/upgrade

@@ -72,11 +72,15 @@ if ynh_version_gt "0.77-2" "${previous_version}" ; then
     ynh_install_nodejs 8.14.1
     ynh_use_nodejs
     # Create a dedicated systemd config
-    ynh_replace_string "__ENV_PATH__" "$nodejs_path"               "../conf/systemd.service"
-    ynh_replace_string "__DB_NAME__"  "$db_name"                "../conf/systemd.service"
-    ynh_replace_string "__DOMAIN_URI__"      "$domain$path_url"          "../conf/systemd.service"
-    ynh_replace_string "__PORT__"     "$port"               "../conf/systemd.service"
     ynh_add_systemd_config
+    # Create a dedicated .env config
+    ynh_backup_if_checksum_is_different "$final_path/.env"
+    cp "../conf/.env" "$final_path/.env"
+    ynh_replace_string "__NODEJS_PATH__" "$nodejs_path" "$final_path/.env"
+    ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/.env"
+    ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "$final_path/.env"
+    ynh_replace_string "__PORT__" "$port" "$final_path/.env"
+    ynh_store_file_checksum "$final_path/.env"
 fi
 
 if ynh_version_gt "1.07~ynh2" "${previous_version}" ; then
@@ -134,17 +138,6 @@ chown -R $app: "$final_path"
 chmod -R 640 "$final_path"
 find "$final_path" -type d -print0 | xargs -0 chmod 750
 
-#=================================================
-# INSTALL WEKAN NPM DEPENDENCIES
-#=================================================
-ynh_print_info "Installing wekan npm dependencies ..."
-
-# Relaunch a npm install
-pushd $final_path/programs/server
-    ynh_use_nodejs
-    npm install
-popd
-
 #=================================================
 # SETUP SSOWAT
 #=================================================