Merge pull request #121 from YunoHost-Apps/testing

Testing
2024-09-03 20:36:10 +02:00 · 2021-03-22 10:58:35 +01:00 · 2021-03-22 10:58:35 +01:00 · 7382d8f806
commit 7382d8f806
parent 28322dbbcd 1a345d8544
19 changed files with 100 additions and 214 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 # WordPress for YunoHost

 [![Integration level](https://dash.yunohost.org/integration/wordpress.svg)](https://dash.yunohost.org/appci/app/wordpress) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.status.svg) [![](https://ci-apps.yunohost.org/ci/badges/wordpress.maintain.svg)](https://github.com/YunoHost/Apps/#what-to-do-if-i-cant-maintain-my-app-anymore-)  
-[![Install WordPress with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wordpress)
+[![Install WordPress with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wordpress)

 *[Lire ce readme en français.](./README_fr.md)*

@ -10,9 +10,9 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to

 ## Overview
 WordPress is open source software you can use to create a beautiful website, blog, or app.  
-With this package, you can even activate the [multisite](https://codex.wordpress.org/Glossary#Multisite) option.
+With this package, you can even activate the [multisite](https://wordpress.org/support/article/glossary/#multisite) option.

-**Shipped version:** 5.6
+**Shipped version:** 5.7

 ## Screenshots

--- a/README_fr.md
+++ b/README_fr.md
@ -1,7 +1,7 @@
 # WordPress pour YunoHost

 [![Niveau d'intégration](https://dash.yunohost.org/integration/wordpress.svg)](https://dash.yunohost.org/appci/app/wordpress) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/wordpress.maintain.svg)  
-[![Installer WordPress avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wordpress)
+[![Installer WordPress avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wordpress)

 *[Read this readme in english.](./README.md)* 

@ -12,7 +12,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install
 WordPress est un logiciel libre que vous pouvez utiliser pour créer un site ou un blog.
 Avec ce package, vous pouvez même activer l'option [multisite](https://codex.wordpress.org/Glossary#Multisite).

-**Version incluse :** 5.6
+**Version incluse :** 5.7

 ## Captures d'écran

--- a/actions.toml
+++ b/actions.toml
@ -1,15 +1,3 @@
-[public_private]
-name = "Move to public or private"
-command = "/bin/bash scripts/actions/public_private"
-accepted_return_codes = [0]
-description = "Change the public access of the app."
-
-    [public_private.arguments]
-        [public_private.arguments.is_public]
-            type = "boolean"
-            ask = "Is it a public app?"
-            default = true
-
 [reset_default_nginx]
 name = "Reset the NGINX config for this app."
 command = "/bin/bash scripts/actions/reset_default_system nginx"
--- a/conf/app.src
+++ b/conf/app.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://wordpress.org/wordpress-5.6.tar.gz
-SOURCE_SUM=47f466f375557bd4e3e1fff69b1ccbe29053423736b1af8f3dbf9d38c4c5fcd3
+SOURCE_URL=https://wordpress.org/wordpress-5.7.tar.gz
+SOURCE_SUM=92be8c4afd0186f783a12bad994baecc8f941a88535acddecbae0d7702169b71
 SOURCE_SUM_PRG=sha256sum
 ARCH_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/sql/multisite.sql
+++ b/conf/sql/multisite.sql
@ -1 +1 @@
-INSERT INTO wp_sitemeta VALUES(NULL,1,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}');
+REPLACE INTO wp_sitemeta VALUES(NULL,1,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}');
--- a/conf/sql/single.sql
+++ b/conf/sql/single.sql
@ -1 +1 @@
-INSERT INTO wp_options VALUES(NULL,'sll_settings','a:14:{s:14:"account_suffix";s:0:"";s:7:"base_dn";s:27:"ou=users,dc=yunohost,dc=org";s:18:"domain_controllers";a:1:{i:0;s:9:"localhost";}s:9:"directory";s:2:"ol";s:4:"role";s:10:"subscriber";s:13:"high_security";s:5:"false";s:8:"ol_login";s:3:"uid";s:7:"use_tls";s:5:"false";s:9:"ldap_port";s:3:"389";s:12:"ldap_version";s:1:"3";s:12:"create_users";s:4:"true";s:7:"enabled";s:4:"true";s:7:"version";s:3:"1.5";s:6:"groups";a:1:{i:0;s:0:"";}}','yes');
+REPLACE INTO wp_options VALUES(NULL,'authLDAPOptions','a:22:{s:7:"Enabled";s:1:"1";s:7:"CachePW";b:0;s:3:"URI";s:44:"ldap://localhost/ou=users,dc=yunohost,dc=org";s:12:"URISeparator";s:1:" ";s:6:"Filter";s:__LENGTH__:"(&(|(objectclass=posixAccount))(uid=%s)(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org))";s:8:"NameAttr";s:9:"givenName";s:7:"SecName";s:2:"sn";s:7:"UidAttr";s:3:"uid";s:8:"MailAttr";s:4:"mail";s:7:"WebAttr";s:0:"";s:6:"Groups";a:5:{s:13:"administrator";s:0:"";s:6:"editor";s:0:"";s:6:"author";s:0:"";s:11:"contributor";s:0:"";s:10:"subscriber";s:0:"";}s:5:"Debug";b:0;s:9:"GroupAttr";s:0:"";s:11:"GroupFilter";s:0:"";s:11:"DefaultRole";s:10:"subscriber";s:11:"GroupEnable";b:0;s:13:"GroupOverUser";b:0;s:7:"Version";i:1;s:26:"DoNotOverwriteNonLdapUsers";b:0;s:8:"StartTLS";b:0;s:14:"GroupSeparator";s:0:"";s:9:"GroupBase";s:0:"";}','yes');
--- a/conf/wp-config.php
+++ b/conf/wp-config.php
@ -18,6 +18,9 @@
 * @package WordPress
 */

+/** Disable the wordress cron because it's managed by the system */
+define('DISABLE_WP_CRON', true);
+
 // ** MySQL settings - You can get this info from your web host ** //
 /** The name of the database for WordPress */
 define('DB_NAME', '__DB_USER__');
--- a/config_panel.toml
+++ b/config_panel.toml
@ -5,15 +5,6 @@ name = "Wordpress configuration panel"
 name = "Wordpress configuration"


-    [main.is_public]
-    name = "Public access"
-
-        [main.is_public.is_public]
-        ask = "Is it a public WordPress site?"
-        type = "boolean"
-        default = true
-
-
    [main.overwrite_files]
    name = "Overwriting config files"

--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
 		"en": "Create a beautiful blog or website easily",
 		"fr": "Logiciel de création de blog ou de site Web"
 	},
-	"version": "5.6~ynh1",
+	"version": "5.7~ynh1",
 	"url": "https://wordpress.org/",
 	"license": "GPL-2.0",
 	"maintainer": {
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -6,7 +6,7 @@

 YNH_PHP_VERSION="7.3"

-extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-soap php${YNH_PHP_VERSION}-ssh2 php${YNH_PHP_VERSION}-tokenizer" 
+extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-soap php${YNH_PHP_VERSION}-ssh2 php${YNH_PHP_VERSION}-tokenizer php${YNH_PHP_VERSION}-ldap" 

 #=================================================
 # EXPERIMENTAL HELPERS
--- a/scripts/actions/public_private
+++ b/scripts/actions/public_private
@ -1,80 +0,0 @@
-#!/bin/bash
-
-#=================================================
-# GENERIC STARTING
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
-source /usr/share/yunohost/helpers
-
-#=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# RETRIEVE ARGUMENTS
-#=================================================
-
-# Get is_public
-is_public=${YNH_ACTION_IS_PUBLIC}
-
-app=$YNH_APP_INSTANCE_NAME
-
-#=================================================
-# CHECK IF ARGUMENTS ARE CORRECT
-#=================================================
-
-#=================================================
-# CHECK IF AN ACTION HAS TO BE DONE
-#=================================================
-
-is_public_old=$(ynh_app_setting_get --app=$app --key=is_public)
-
-if [ $is_public -eq $is_public_old ]
-then
-	ynh_die --message="is_public is already set as $is_public." --ret_code=0
-fi
-
-#=================================================
-# SPECIFIC ACTION
-#=================================================
-# MOVE TO PUBLIC OR PRIVATE
-#=================================================
-
-if [ $is_public -eq 0 ]; then
-	public_private="private"
-else
-	public_private="public"
-fi
-ynh_script_progression --message="Moving the application to $public_private..." --weight=3
-
-if [ $is_public -eq 0 ]
-then
-	ynh_app_setting_delete --app=$app --key=unprotected_uris
-else
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-# Regen ssowat configuration
-yunohost app ssowatconf
-
-# Update the config of the app
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading NGINX web server..."
-
-ynh_systemd_action --service_name=nginx --action=reload
-
-#=================================================
-# END OF SCRIPT
-#=================================================
-
-ynh_script_progression --message="Execution completed" --last
--- a/scripts/actions/reset_default_app
+++ b/scripts/actions/reset_default_app
@ -24,8 +24,8 @@ app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

 #=================================================
 # SPECIFIC ACTION
@ -66,8 +66,8 @@ yunohost app action run $app reset_default_phpfpm
 # CREATE A CRON TASK FOR AUTOMATIC UPDATE
 #=================================================

-echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron.
-0 3  *  *  * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app
+echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
+0 3  *  *  * $app php$phpversion  $final_path/wp-cron.php" > /etc/cron.d/$app

 #=================================================
 # SECURE FILES AND DIRECTORIES
@ -77,12 +77,15 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php

 # Reset permissions
 find $final_path/ -type f -print0 | xargs -0 chmod 0644
 find $final_path/ -type d -print0 | xargs -0 chmod 0755

+# Remove permissions for others
+chmod 640 $final_path/wp-config.php
+
 #=================================================
 # UPGRADE FAIL2BAN
 #=================================================
@ -91,21 +94,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=5
 # Create a dedicated fail2ban config
 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: <HOST>" --max_retry=5

-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1
-
-# Remove skipped_uris if it's still present
-ynh_app_setting_delete --app=$app --key=skipped_uris
-if [ $is_public -eq 0 ]; then
-	# Remove the public access
-	ynh_app_setting_delete --app=$app --key=unprotected_uris
-else
-	# Or replace skipped_uris by unprotected_uris
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================
--- a/scripts/actions/reset_default_system
+++ b/scripts/actions/reset_default_system
@ -29,7 +29,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)

 multisite=$(ynh_app_setting_get --app=$app --key=multisite)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)

 #=================================================
 # SPECIFIC ACTION
@ -63,7 +62,7 @@ then
 elif [ $type == phpfpm ]
 then
    # If the app is private, set the usage to low, otherwise to high.
-    if [ $is_public -eq 0 ]
+	if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ]
    then
        usage=low
    else
--- a/scripts/backup
+++ b/scripts/backup
@ -69,7 +69,7 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 # BACKUP CRON
 #=================================================

-ynh_backup "/etc/cron.d/$app"
+ynh_backup --src_path="/etc/cron.d/$app"

 #=================================================
 # END OF SCRIPT
--- a/scripts/change_url
+++ b/scripts/change_url
@ -123,13 +123,6 @@ db_prefix=$(grep '^$table_prefix' "$final_path/wp-config.php" | sed "s/.*'\(.*\)
 ynh_mysql_execute_as_root --sql="UPDATE ${db_prefix}options SET option_value='https://$new_domain$new_path' WHERE option_name='siteurl'" --database=$app
 ynh_mysql_execute_as_root --sql="UPDATE ${db_prefix}options SET option_value='https://$new_domain$new_path' WHERE option_name='home'" --database=$app

-#=================================================
-# UPDATE THE CRON
-#=================================================
-
-echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron.
-0 3  *  *  * root wget -q -O - https://$new_domain$new_path/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app
-
 #=================================================
 # GENERIC FINALISATION
 #=================================================
--- a/scripts/config
+++ b/scripts/config
@ -26,10 +26,6 @@ fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
 # If the form has a value for a variable, take the value from the form,
 # Otherwise, keep the value from the app config.

-# is_public
-old_is_public="$(ynh_app_setting_get --app=$app --key=is_public)"
-is_public="${YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC:-$old_is_public}"
-
 # Overwrite nginx configuration
 old_overwrite_nginx="$(ynh_app_setting_get --app=$app --key=overwrite_nginx)"
 overwrite_nginx="${YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX:-$old_overwrite_nginx}"
@ -78,8 +74,6 @@ show_config() {
    # here you are supposed to read some config file/database/other then print the values
    # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"

-    ynh_return "YNH_CONFIG_MAIN_IS_PUBLIC_IS_PUBLIC=$is_public"
-
    ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_NGINX=$overwrite_nginx"
    ynh_return "YNH_CONFIG_MAIN_OVERWRITE_FILES_OVERWRITE_PHPFPM=$overwrite_phpfpm"

@ -97,17 +91,6 @@ show_config() {

 apply_config() {

-    # Change public accessibility
-    if [ "$is_public" != "$old_is_public" ]
-    then
-        if [ "$is_public" = "1" ]
-        then
-            yunohost app action run $app public_private --args is_public=1
-        else
-            yunohost app action run $app public_private --args is_public=0
-        fi
-    fi
-
    #=================================================
    # MODIFY OVERWRITTING SETTINGS
    #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -52,7 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=2
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public
 ynh_app_setting_set --app=$app --key=language --value=$language
 ynh_app_setting_set --app=$app --key=multisite --value=$multisite

@ -140,7 +139,7 @@ ynh_script_progression --message="Installing wordpress with cURL..." --weight=10
 chown -R $app: $final_path

 # Set the app as temporarily public for cURL call
-ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+ynh_permission_update --permission="main" --add="visitors"
 # Regen SSOwat configuration
 yunohost app ssowatconf

@ -150,6 +149,9 @@ ynh_systemd_action --service_name=nginx --action=reload
 # Wordpress installation
 ynh_local_curl "/wp-admin/install.php?step=2" "&weblog_title=YunoBlog" "user_name=$admin_wordpress" "admin_password=$db_pwd" "admin_password2=$db_pwd" "admin_email=$admin_wordpress@$domain" "Submit=Install+WordPress"

+# Remove the public access
+ynh_permission_update --permission="main" --remove="visitors"
+
 ynh_print_info --message="Please wait during Wordpress installation..."
 for i in `seq 1 300`
 do
@ -169,7 +171,7 @@ ynh_script_progression --message="Installing WordPress plugins..." --weight=20
 ynh_exec_warn_less wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar
 wpcli_alias="php$phpversion $final_path/wp-cli.phar --allow-root --path=$final_path"

-$wpcli_alias plugin install simple-ldap-login
+$wpcli_alias plugin install authldap
 $wpcli_alias plugin install http-authentication
 $wpcli_alias plugin install companion-auto-update
 $wpcli_alias plugin install wp-fail2ban-redux
@ -200,9 +202,15 @@ then
 	# Activate multisite in wordpress config
 	ynh_replace_string --match_string="//--MULTISITE2--define" --replace_string="define" --target_file=$final_path/wp-config.php

+	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql
+	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql
+
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql
 	plugin_network="--network"
 else
+	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql
+	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql
+
 	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql
 	plugin_network=""
 fi
@ -212,7 +220,7 @@ fi
 #=================================================
 ynh_script_progression --message="Activating plugins..." --weight=4

-$wpcli_alias plugin activate simple-ldap-login $plugin_network
+$wpcli_alias plugin activate authldap $plugin_network
 # Do not activate http-authentication, this plugin is sometimes unstable
 $wpcli_alias plugin activate companion-auto-update $plugin_network
 $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network
@ -228,8 +236,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php"
 # CREATE A CRON TASK FOR AUTOMATIC UPDATE
 #=================================================

-echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal WordPress cron.
-0 3  *  *  * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app
+echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
+0 3  *  *  * $app php$phpversion  $final_path/wp-cron.php" > /etc/cron.d/$app

 #=================================================
 # GENERIC FINALISATION
@ -241,7 +249,8 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal WordPress
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php

 #=================================================
 # SETUP FAIL2BAN
@ -254,14 +263,19 @@ ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authenticatio
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..."
+ynh_script_progression --message="Configuring permissions..." --weight=1

-if [ $is_public -eq 0 ]
+# Make app public if necessary
+if [ $is_public -eq 1 ]
 then
-	# Remove the public access
-	ynh_app_setting_delete --app=$app --key=unprotected_uris
+	# Everyone can access the app.
+	# The "main" permission is automatically created before the install script.
+	ynh_permission_update --permission="main" --add="visitors"
 fi

+# Only the admin can access the admin panel of the app
+ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress
+
 #=================================================
 # RELOAD NGINX
 #=================================================
@ -273,7 +287,7 @@ ynh_systemd_action --service_name=nginx --action=reload
 # REMOVE WP-CLI.PHAR
 #=================================================

-ynh_secure_remove $final_path/wp-cli.phar
+ynh_secure_remove --file=$final_path/wp-cli.phar

 #=================================================
 # SEND A README FOR THE ADMIN
@ -282,7 +296,10 @@ ynh_secure_remove $final_path/wp-cli.phar
 # Get main domain and buid the url of the admin panel of the app.
 admin_panel="https://$(grep portal_domain /etc/ssowat/conf.json | cut -d'"' -f4)/yunohost/admin/#/apps/$app"

-echo "You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
+echo "Please manually trigger updates to major versions in the WordPress admin area.
+You can also activate the automatic update in the Companion Auto Update plugin settings.
+
+You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
 You can also find some specific actions for this app by using the experimental __URL_TAG1__action feature__URL_TAG2__$admin_panel/actions__URL_TAG3__.

 If you're facing an issue or want to improve this app, please open a new issue in this __URL_TAG1__project__URL_TAG2__https://github.com/YunoHost-Apps/wordpress_ynh__URL_TAG3__." > mail_to_send
--- a/scripts/restore
+++ b/scripts/restore
@ -25,7 +25,6 @@ app=$YNH_APP_INSTANCE_NAME

 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin)
@ -91,7 +90,8 @@ ynh_system_user_create --username=$app
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php

 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -20,7 +20,6 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin)
 language=$(ynh_app_setting_get --app=$app --key=language)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 multisite=$(ynh_app_setting_get --app=$app --key=multisite)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -63,15 +62,6 @@ if [ -z "$language" ]; then
 	ynh_app_setting_set --app=$app --key=language --value=$language
 fi

-# Fix is_public as a boolean
-if [ "${is_public,,}" = "yes" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=1
-	is_public=1
-elif [ "${is_public,,}" = "no" ]; then
-	ynh_app_setting_set --app=$app --key=is_public --value=0
-	is_public=0
-fi
-
 # Fix multisite as a boolean
 if [ "${multisite,,}" = "yes" ]; then
 	ynh_app_setting_set --app=$app --key=multisite --value=1
@ -110,14 +100,6 @@ if [ -z "$overwrite_phpfpm" ]; then
    ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm
 fi

-# If the app is private, set the usage to low, otherwise to high.
-if [ $is_public -eq 0 ]
-then
-    usage=low
-else
-    usage=high
-fi
-
 # If fpm_footprint doesn't exist, create it
 if [ -z "$fpm_footprint" ]; then
    fpm_footprint=medium
@ -126,6 +108,13 @@ fi

 # If fpm_usage doesn't exist, create it
 if [ -z "$fpm_usage" ]; then
+	# If the app is private, set the usage to low, otherwise to high.
+	if [ $(ynh_app_setting_get --app=$app --key=is_public) -eq 0 ]
+	then
+		usage=low
+	else
+		usage=high
+	fi
    fpm_usage=$usage
    ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
 fi
@ -145,6 +134,21 @@ fi
 $wpcli_alias plugin is-installed wp-fail2ban && $wpcli_alias plugin deactivate $plugin_network wp-fail2ban && $wpcli_alias plugin uninstall wp-fail2ban
 $wpcli_alias plugin is-installed wp-fail2ban-redux || $wpcli_alias plugin install wp-fail2ban-redux

+# Remove old ldap plugin
+$wpcli_alias plugin is-installed simple-ldap-login && $wpcli_alias plugin deactivate $plugin_network simple-ldap-login && $wpcli_alias plugin uninstall simple-ldap-login
+
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+if ! ynh_permission_exists --permission="admin"; then
+	# Create the required permissions
+	ynh_permission_create --permission="admin" --url="/wp-login.php" --additional_urls="/wp-admin.php" --allowed=$admin_wordpress
+fi
+
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@ -213,6 +217,8 @@ ynh_backup_if_checksum_is_different --file="$final_path/wp-config.php"
 #=================================================
 ynh_script_progression --message="Configuring multisite..." --weight=2

+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
+
 if [ $multisite -eq 1 ]
 then
 	ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf
@ -220,12 +226,20 @@ then
    ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"

    ynh_systemd_action --service_name=nginx --action=reload
-	
+
+	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/multisite.sql
+	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/multisite.sql
+
+	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/multisite.sql
 	plugin_network="--network"
 else
 	multisite=0
+	ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file=../conf/sql/single.sql
+	ynh_replace_string --match_string="__LENGTH__" --replace_string="$((${#app} + 95))" --target_file=../conf/sql/single.sql
+
+	ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ../conf/sql/single.sql
 	plugin_network=""
-	if [ $is_public -eq 1 ]
+	if ynh_permission_has_user --permission="main" --user="visitor"
 	then
 		ynh_replace_string --match_string="//--PUBLIC--define" --replace_string="define" --target_file=$final_path/wp-config.php
 	fi
@ -242,10 +256,11 @@ ynh_script_progression --message="Updating plugins" --weight=11
 update_plugin () {
 	( $wpcli_alias plugin is-installed $1 && $wpcli_alias plugin update $1 ) || $wpcli_alias plugin install $1
 }
-update_plugin simple-ldap-login
-$wpcli_alias plugin activate simple-ldap-login $plugin_network
+update_plugin authldap
+$wpcli_alias plugin activate authldap $plugin_network
 update_plugin companion-auto-update
 $wpcli_alias plugin activate companion-auto-update $plugin_network
+
 update_plugin wp-fail2ban-redux
 $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network

@ -263,8 +278,8 @@ ynh_store_file_checksum --file="$final_path/wp-config.php"
 # CREATE A CRON TASK FOR AUTOMATIC UPDATE
 #=================================================

-echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron.
-0 3  *  *  * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app
+echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
+0 3  *  *  * $app php$phpversion  $final_path/wp-cron.php" > /etc/cron.d/$app

 #=================================================
 # GENERIC FINALISATION
@ -276,7 +291,8 @@ echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php

 #=================================================
 # UPGRADE FAIL2BAN
@ -286,21 +302,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=9
 # Create a dedicated Fail2Ban config
 ynh_add_fail2ban_config --logpath="/var/log/auth.log" --failregex="Authentication (attempt for unknown user|failure for) .* from <HOST>" --max_retry=5

-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-# Remove skipped_uris if it's still present
-ynh_app_setting_delete --app=$app --key=skipped_uris
-if [ $is_public -eq 0 ]; then
-	# Remove the public access
-	ynh_app_setting_delete --app=$app --key=unprotected_uris
-else
-	# Or replace skipped_uris by unprotected_uris
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
-fi
-
 #=================================================
 # RELOAD NGINX
 #=================================================
@ -336,7 +337,10 @@ else
 fi
 ynh_app_changelog --format=$format

-echo "You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
+echo "Please manually trigger updates to major versions in the WordPress admin area.
+You can also activate the automatic update in the Companion Auto Update plugin settings.
+
+You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
 You can also find some specific actions for this app by using the experimental __URL_TAG1__action feature__URL_TAG2__$admin_panel/actions__URL_TAG3__.

 If you're facing an issue or want to improve this app, please open a new issue in this __URL_TAG1__project__URL_TAG2__https://github.com/YunoHost-Apps/wordpress_ynh__URL_TAG3__.