LDAP configuration

2024-09-03 20:36:09 +02:00 · 2019-07-07 22:34:33 +02:00 · 2019-07-07 22:34:33 +02:00 · 6b6befbe08
commit 6b6befbe08
parent 14c730c1b6
8 changed files with 253 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -33,8 +33,9 @@ An open source, modern and powerful wiki app built on Node.js, Git and Markdown

 #### Multi-users support

-No LDAP and HTTP auth for now but planned to be supported.
-The app can be used by multiple users?
+LDAP is implemented, root will receive a mail at the end of the installation or the upgrade with the informations to configure LDAP.
+HTTP auth for now but planned to be supported.
+The app can be used by multiple users

 #### Supported architectures

--- a/conf/ldap_message
+++ b/conf/ldap_message
@ -0,0 +1,18 @@
+Wikijs was successfully installed :)
+Please open https://__DOMAIN____PATH_URL__ and follow the steps to setup Wiki.js
+
+After following the setup steps, login, create an home page, click on the upper right wheel.
+In the Modules / Authentication, activate the LDAP / Active Directory and apply following parameters and click Apply:
+
+Strategy Configuration
+LDAP_URL: ldap://localhost:389
+Admin Bind DN: uid=__LDAP_USER__,ou=users,dc=yunohost,dc=org
+Admin Bind Credential: __LDAP_PASSWORD__
+Search Base: ou=users,dc=yunohost,dc=org
+Search Filter: (uid={{username}})
+
+Registration
+Allow self-registration: Yes
+Assign to group: Guest
+
+If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/wikijs_ynh
--- a/scripts/change_url
+++ b/scripts/change_url
@ -25,7 +25,7 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_print_info --message="Loading installation settings..."

 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
--- a/scripts/install
+++ b/scripts/install
@ -7,6 +7,7 @@
 #=================================================

 source _common.sh
+source ynh_send_readme_to_admin__2
 source /usr/share/yunohost/helpers

 #=================================================
@ -29,6 +30,9 @@ is_public=$YNH_APP_ARG_IS_PUBLIC

 app=$YNH_APP_INSTANCE_NAME

+ldap_user="${app}_ldap"
+ldap_password=$(ynh_string_random --length=8)
+
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
@ -49,6 +53,9 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public

+ynh_app_setting_set --app=$app --key=ldap_user --value=$ldap_user
+ynh_app_setting_set --app=$app --key=ldap_password --value=$ldap_password
+
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
@ -108,6 +115,13 @@ ynh_system_user_create --username=$app --home_dir="$final_path"

 #=================================================
 # SPECIFIC SETUP
+#=================================================
+# CREATE LDAP USER
+#=================================================
+ynh_print_info --message="Creating LDAP user..."
+
+yunohost user create $ldap_user --firstname $app --lastname $app --mail ${ldap_user}@$domain --password $ldap_password -q 0
+
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@ -121,18 +135,19 @@ ynh_add_systemd_config
 # MODIFY A CONFIG FILE
 #=================================================

-cp -f ../conf/config.sample.yml "$final_path/config.yml"
+config_file="$final_path/config.yml"
+cp -f ../conf/config.sample.yml $config_file

-ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config.yml"
-ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/config.yml"
-ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/config.yml"
+ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file=$config_file
+ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file=$config_file
+ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file=$config_file

 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
 #=================================================

 # Calculate and store the config file checksum into the app settings
-ynh_store_file_checksum --file="$final_path/config.yml"
+ynh_store_file_checksum --file=$config_file

 #=================================================
 # GENERIC FINALIZATION
@ -177,6 +192,18 @@ ynh_print_info --message="Reloading nginx web server..."

 ynh_systemd_action --service_name=nginx --action=reload

+#=================================================
+# SEND README TO ADMIN
+#=================================================
+ynh_print_info --message="Sending ReadMe to admin..."
+
+ynh_replace_string --match_string="__LDAP_USER__"    --replace_string="$ldap_user"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__LDAP_PASSWORD__"    --replace_string="$ldap_password"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__DOMAIN__"    --replace_string="$domain"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__PATH_URL__"    --replace_string="$path_url"    --target_file="../conf/ldap_message"
+
+ynh_send_readme_to_admin --app_message="../conf/ldap_message" --recipients="root" --type='install'
+
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/remove
+++ b/scripts/remove
@ -22,6 +22,8 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)

+ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user)
+
 #=================================================
 # STANDARD REMOVE
 #=================================================
@ -29,7 +31,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================

 # Remove a service from the admin panel, added by `yunohost service add`
-if yunohost service status $app >/dev/null 2>&1
+if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
 	ynh_print_info --message="Removing $app service..."
 	yunohost service remove $app
@ -82,10 +84,19 @@ ynh_remove_nginx_config

 if yunohost firewall list | grep -q "\- $port$"
 then
-	ynh_script_progression --message="Closing port $port..."
+	ynh_print_info --message="Closing port $port..."
 	ynh_exec_warn_less yunohost firewall disallow TCP $port
 fi

+#=================================================
+# SPECIFIC REMOVE
+#=================================================
+# REMOVE LDAP USER
+#=================================================
+ynh_print_info --message="Removing ldap user..."
+
+yunohost user delete $ldap_user --purge
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -6,6 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================

+#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
 source /usr/share/yunohost/helpers

@ -32,6 +33,8 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user)
+ldap_password=$(ynh_app_setting_get --app=$app --key=ldap_password)

 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@ -83,7 +86,6 @@ ynh_print_info --message="Reinstalling dependencies..."
 # Define and install dependencies

 ynh_install_nodejs --nodejs_version="10"
-
 ynh_install_app_dependencies $pkg_dependencies

 #=================================================
@ -118,6 +120,13 @@ ynh_systemd_action --service_name=$app --action=start --log_path=systemd

 sleep 30

+#=================================================
+# CREATE LDAP USER
+#=================================================
+ynh_print_info --message="Creating LDAP user..."
+
+yunohost user create $ldap_user --firstname $app --lastname $app --mail ${ldap_user}@$domain --password $ldap_password -q 0
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -7,6 +7,7 @@
 #=================================================

 source _common.sh
+source ynh_send_readme_to_admin__2
 source /usr/share/yunohost/helpers

 #=================================================
@ -25,6 +26,8 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
 port=$(ynh_app_setting_get --app=$app --key=port)
+ldap_user=$(ynh_app_setting_get --app=$app --key=ldap_user)
+ldap_password=$(ynh_app_setting_get --app=$app --key=ldap_password)

 #=================================================
 # CHECK VERSION
@ -58,6 +61,15 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi

+# If ldap_user doesn't exist, retrieve it or create it
+if [[ -z "$ldap_user" ]]; then
+	ldap_user="${app}_ldap"
+	ldap_password=$(ynh_string_random --length=8)
+	ynh_app_setting_set "$app" ldap_user "$ldap_user"
+	ynh_app_setting_set "$app" ldap_password "$ldap_password"
+	yunohost user create $ldap_user --firstname $app --lastname $app --mail ${ldap_user}@$domain --password $ldap_password -q 0
+fi
+
 # Remove yarn repository
 ynh_secure_remove --file="/etc/apt/sources.list.d/yarn.list"

@ -82,19 +94,12 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors

-#=================================================
-# CHECK THE PATH
-#=================================================
-
-# Normalize the URL path syntax
-
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
+ynh_print_info --message="Stopping a systemd service..."

 ynh_systemd_action --service_name=$app --action="stop"

@ -135,23 +140,26 @@ ynh_print_info --message="Making sure dedicated system user exists..."
 # Create a dedicated user (if not existing)
 ynh_system_user_create --username=$app --home_dir="$final_path"

+#=================================================
+# SPECIFIC UPGRADE
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================

-ynh_backup_if_checksum_is_different --file="$final_path/config.yml"
-cp -f ../conf/config.sample.yml "$final_path/config.yml"
+config_file="$final_path/config.yml"
+ynh_backup_if_checksum_is_different --file=$config_file
+cp -f ../conf/config.sample.yml $config_file

-ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config.yml"
-ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/config.yml"
-ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/config.yml"
+ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file=$config_file
+ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file=$config_file
+ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file=$config_file

 #=================================================
 # STORE THE CONFIG FILE CHECKSUM
 #=================================================

 # Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="$final_path/config.yml"
+ynh_store_file_checksum --file=$config_file

 #=================================================
 # SETUP SYSTEMD
@ -184,8 +192,9 @@ then
 fi

 #=================================================
-# START SERVICE
+# START SYSTEMD SERVICE
 #=================================================
+ynh_print_info --message="Starting a systemd service..."

 ynh_systemd_action --service_name=$app --action="start" --log_path=systemd

@ -198,6 +207,18 @@ ynh_print_info --message="Reloading nginx web server..."

 ynh_systemd_action --service_name=nginx --action=reload

+#=================================================
+# SEND README TO ADMIN
+#=================================================
+ynh_print_info --message="Sending ReadMe to admin..."
+
+ynh_replace_string --match_string="__LDAP_USER__"    --replace_string="$ldap_user"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__LDAP_PASSWORD__"    --replace_string="$ldap_password"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__DOMAIN__"    --replace_string="$domain"    --target_file="../conf/ldap_message"
+ynh_replace_string --match_string="__PATH_URL__"    --replace_string="$path_url"    --target_file="../conf/ldap_message"
+
+ynh_send_readme_to_admin --app_message="../conf/ldap_message" --recipients="root" --type='upgrade'
+
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/ynh_send_readme_to_admin__2
+++ b/scripts/ynh_send_readme_to_admin__2
@ -0,0 +1,140 @@
+#!/bin/bash
+
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
+# | arg: -m --app_message= - The file with the content to send to the administrator.
+# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+#	example: "root admin@domain"
+#	If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+#	example: "root admin@domain user1 user2"
+# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
+ynh_send_readme_to_admin() {
+	# Declare an array to define the options of this helper.
+	declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
+	local app_message
+	local recipients
+	local type
+	# Manage arguments with getopts
+
+	ynh_handle_getopts_args "$@"
+	app_message="${app_message:-}"
+	recipients="${recipients:-root}"
+	type="${type:-install}"
+
+	# Get the value of admin_mail_html
+	admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
+	admin_mail_html="${admin_mail_html:-0}"
+
+	# Retrieve the email of users
+	find_mails () {
+		local list_mails="$1"
+		local mail
+		local recipients=" "
+		# Read each mail in argument
+		for mail in $list_mails
+		do
+			# Keep root or a real email address as it is
+			if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+			then
+				recipients="$recipients $mail"
+			else
+				# But replace an user name without a domain after by its email
+				if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+				then
+					recipients="$recipients $mail"
+				fi
+			fi
+		done
+		echo "$recipients"
+	}
+	recipients=$(find_mails "$recipients")
+
+	# Subject base
+	local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
+
+	# Adapt the subject according to the type of mail required.
+	if [ "$type" = "backup" ]; then
+		mail_subject="$mail_subject has just been backup."
+	elif [ "$type" = "change_url" ]; then
+		mail_subject="$mail_subject has just been moved to a new URL!"
+	elif [ "$type" = "remove" ]; then
+		mail_subject="$mail_subject has just been removed!"
+	elif [ "$type" = "restore" ]; then
+		mail_subject="$mail_subject has just been restored!"
+	elif [ "$type" = "upgrade" ]; then
+		mail_subject="$mail_subject has just been upgraded!"
+	else	# install
+		mail_subject="$mail_subject has just been installed!"
+	fi
+
+	local mail_message="This is an automated message from your beloved YunoHost server.
+
+Specific information for the application $app.
+
+$(if [ -n "$app_message" ]
+then
+	cat "$app_message"
+else
+	echo "...No specific information..."
+fi)
+
+---
+Automatic diagnosis data from YunoHost
+
+__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
+
+	# Store the message into a file for further modifications.
+	echo "$mail_message" > mail_to_send
+
+	# If a html email is required. Apply html tags to the message.
+ 	if [ "$admin_mail_html" -eq 1 ]
+ 	then
+		# Insert 'br' tags at each ending of lines.
+		ynh_replace_string "$" "<br>" mail_to_send
+
+		# Insert starting HTML tags
+		sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
+
+		# Keep tabulations
+		ynh_replace_string "  " "\&#160;\&#160;" mail_to_send
+		ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
+
+		# Insert url links tags
+		ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
+
+		# Insert pre tags
+		ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
+		ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
+
+		# Insert finishing HTML tags
+		echo -e "\n</body>\n</html>" >> mail_to_send
+
+	# Otherwise, remove tags to keep a plain text.
+	else
+		# Remove URL tags
+		ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+		ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+
+		# Remove PRE tags
+		ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
+	fi
+
+	# Define binary to use for mail command
+	if [ -e /usr/bin/bsd-mailx ]
+	then
+		local mail_bin=/usr/bin/bsd-mailx
+	else
+		local mail_bin=/usr/bin/mail.mailutils
+	fi
+
+	if [ "$admin_mail_html" -eq 1 ]
+	then
+		content_type="text/html"
+	else
+		content_type="text/plain"
+	fi
+
+	# Send the email to the recipients
+	cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}