diff --git a/action_map.yml b/action_map.yml index 897399ed..e9165a15 100644 --- a/action_map.yml +++ b/action_map.yml @@ -643,15 +643,15 @@ tools: action_help: Add/remove LemonLDAP location rule api: PUT /lemonrule arguments: - -i: - full: --id - help: ID to attribute to the rule - -u: - full: --url - help: URL to apply to the rule + -k: + full: --key + help: Key of the rule to write to the configuration file (tuple) -v: full: --value help: Value of the rule to write to the configuration file + -u: + full: --url + help: URL of the rule -p: full: --priority help: Priority of the rule @@ -661,6 +661,6 @@ tools: action: store_true -a: full: --apply - help: Apply the LemonLDAP configuration by reloading Apache + help: Apply the LemonLDAP configuration and reload Apache action: store_true diff --git a/yunohost.py b/yunohost.py index 20e36b27..92d1b0d4 100644 --- a/yunohost.py +++ b/yunohost.py @@ -210,33 +210,6 @@ def display_error(error, json_print=False): print(json.dumps({ error.code : error.message })) -def lemon_configuration(conf_dict): - conf_lines = [] - for key, value in conf_dict.items(): - if value is None: line = "delete $tmp" - else: line = "$tmp" - - if not isinstance(key, tuple): key = (key,) - for level in key: - line = line +"->{'"+ level +"'}" - - if value is None: conf_lines.append(line +';') - elif isinstance(value, int): conf_lines.append(line +' = '+ str(value) +';') - else: conf_lines.append(line +' = \''+ value +'\';') - - - with open(lemon_tmp_conf,'w') as lemon_conf: - for conf_line in conf_lines: - lemon_conf.write(conf_line + '\n') - - os.system('chown www-data '+ lemon_tmp_conf) - if os.system('/usr/share/lemonldap-ng/bin/lmYnhMoulinette') == 0: - os.system('service apache2 reload') - win_msg(_("LemonLDAP configured")) - else: - raise YunoHostError(1, _("An error occured during LemonLDAP configuration")) - - class YunoHostError(Exception): """ Custom exception diff --git a/yunohost_app.py b/yunohost_app.py index 1e48a774..fbef3cef 100644 --- a/yunohost_app.py +++ b/yunohost_app.py @@ -30,9 +30,10 @@ import shutil import stat import yaml import time -from yunohost import YunoHostError, YunoHostLDAP, win_msg, random_password, is_true, lemon_configuration +from yunohost import YunoHostError, YunoHostLDAP, win_msg, random_password, is_true from yunohost_domain import domain_list, domain_add from yunohost_user import user_info +from yunohost_tools import tools_lemonrule repo_path = '/var/cache/yunohost/repo' apps_path = '/usr/share/yunohost/apps' @@ -438,7 +439,7 @@ def app_addaccess(apps, users): win_msg(_("App setting file updated")) #TODO: create lemon tool - tools_lemon(id=app, access='grant', url=app_settings['domain']+app_settings['path'], value='grep( /^$uid$/, qw('+ new_users.strip() +'))') + tools_lemonrule(url=app_settings['domain']+app_settings['path'], value='grep( /^$uid$/, qw('+ new_users.strip() +'))') tools_lemon(apply=True) @@ -476,7 +477,7 @@ def app_removeaccess(apps, users): yaml.safe_dump(app_settings, f, default_flow_style=False) win_msg(_("App setting file updated")) - tools_lemon(id=app, access='grant', url=app_settings['domain']+app_settings['path'], value='grep( /^$uid$/, qw('+ new_users.strip() +'))') + tools_lemonrule(url=app_settings['domain']+app_settings['path'], value='grep( /^$uid$/, qw('+ new_users.strip() +'))') tools_lemon(apply=True) diff --git a/yunohost_domain.py b/yunohost_domain.py index ad1b0fd4..d67113d6 100644 --- a/yunohost_domain.py +++ b/yunohost_domain.py @@ -29,7 +29,8 @@ import datetime import re import shutil from urllib import urlopen -from yunohost import YunoHostError, YunoHostLDAP, win_msg, colorize, validate, get_required_args, lemon_configuration +from yunohost import YunoHostError, YunoHostLDAP, win_msg, colorize, validate, get_required_args +from yunohost_tools import tools_lemonrule a2_template_path = '/etc/yunohost/apache/templates' a2_app_conf_path = '/etc/yunohost/apache/domains' @@ -113,18 +114,19 @@ def domain_add(domains, raw=False, main=False): raise YunoHostError(17, _("An error occurred during certificate generation")) if not raw: - lemon_configuration({ - ('exportedHeaders', domain, 'Auth-User'): '$uid', - ('exportedHeaders', domain, 'Remote-User'): '$uid', - ('exportedHeaders', domain, 'Desc'): '$description', - ('exportedHeaders', domain, 'Email'): "(ref($mail) eq 'ARRAY' ? $mail[0] : $mail)", - ('exportedHeaders', domain, 'Name'): '$cn', - ('exportedHeaders', domain, 'Authorization'): '"Basic ".encode_base64("$uid:$_password")', - ('vhostOptions', domain, 'vhostMaintenance'): 0, - ('vhostOptions', domain, 'vhostPort'): -1, - ('vhostOptions', domain, 'vhostHttps'): -1, - ('locationRules', domain, 'default'): 'accept', - }) + lemonrules = [ + (('exportedHeaders', domain, 'Auth-User'), '$uid'), + (('exportedHeaders', domain, 'Remote-User'), '$uid'), + (('exportedHeaders', domain, 'Desc'), '$description'), + (('exportedHeaders', domain, 'Email'), "(ref($mail) eq 'ARRAY' ? $mail[0] : $mail)"), + (('exportedHeaders', domain, 'Name'), '$cn'), + (('exportedHeaders', domain, 'Authorization'), '"Basic ".encode_base64("$uid:$_password")'), + (('vhostOptions', domain, 'vhostMaintenance'), 0), + (('vhostOptions', domain, 'vhostPort'), -1), + (('vhostOptions', domain, 'vhostHttps'), -1), + (('locationRules', domain, 'default'), 'accept', apply=True) + ] + for lemonrule in lemonrules: tools_lemonrule(*lemonrule) _apache_config(domain) try: diff --git a/yunohost_tools.py b/yunohost_tools.py index 87ee40b8..7a893b21 100644 --- a/yunohost_tools.py +++ b/yunohost_tools.py @@ -166,23 +166,21 @@ def tools_maindomain(old_domain, new_domain, dyndns=False): domain_add([new_domain], raw=False, main=True) - lemon_conf_lines = [ - "$tmp->{'domain'} = '"+ new_domain +"';", # Replace Lemon domain - "$tmp->{'ldapBase'} = 'dc=yunohost,dc=org';", # Set ldap basedn - "$tmp->{'portal'} = 'https://"+ new_domain +"/sso/';", # Set SSO url - "$tmp->{'locationRules'}->{'"+ new_domain +"'}->{'(?#0ynh_admin)^/ynh-admin/'} = '$uid eq \"admin\"';", - "$tmp->{'locationRules'}->{'"+ new_domain +"'}->{'(?#0ynh_user)^/ynh-user/'} = '$uid ne \"admin\"';" + lemonrules = [ + ('domain', new_domain), # Replace Lemon domain + ('ldapBase', 'dc=yunohost,dc=org'), # Set ldap basedn + ('portal', 'https://'+ new_domain +'/sso/'), # Set SSO url + (url=new_domain+'/ynh-admin/', value='$uid eq "admin"'), + (url=new_domain+'/ynh-user/', value='$uid ne "admin"') ] - if old_domain is not 'yunohost.org': - lemon_conf_lines.extend([ - "delete $tmp->{'locationRules'}->{'"+ old_domain +"'}->{'(?#0ynh_admin)^/ynh-admin/'};", - "delete $tmp->{'locationRules'}->{'"+ old_domain +"'}->{'(?#0ynh_user)^/ynh-user/'};" + if old_domain is 'yunohost.org': + lemonrules.extend([ + (url=old_domain+'/ynh-admin/', delete=True), + (url=old_domain+'/ynh-user/', delete=True) ]) - with open('/tmp/tmplemonconf','w') as lemon_conf: - for line in lemon_conf_lines: - lemon_conf.write(line + '\n') + for lemonrule in lemonrules: tools_lemonrule(*lemonrule) os.system('rm /etc/yunohost/apache/domains/' + old_domain + '.d/*.fixed.conf') # remove SSO apache conf dir from old domain conf (fail if postinstall) os.system('rm /etc/ssl/private/yunohost_key.pem') @@ -193,6 +191,7 @@ def tools_maindomain(old_domain, new_domain, dyndns=False): 'cp /etc/yunohost/apache/templates/admin.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/admin.fixed.conf', 'cp /etc/yunohost/apache/templates/user.fixed.conf /etc/yunohost/apache/domains/' + new_domain + '.d/user.fixed.conf', '/usr/share/lemonldap-ng/bin/lmYnhMoulinette', + 'echo "" > /tmp/tmplemonconf', 'cp /etc/yunohost/certs/'+ new_domain +'/key.pem /etc/metronome/certs/yunohost_key.pem', 'chown metronome: /etc/metronome/certs/yunohost_key.pem', 'ln -s /etc/yunohost/certs/'+ new_domain +'/key.pem /etc/ssl/private/yunohost_key.pem', @@ -302,7 +301,7 @@ def tools_postinstall(domain, password, dyndns=False): win_msg(_("YunoHost has been successfully configured")) -def tools_lemonrule(id=None, url=None, key=None, value=None, priority=None, delete=False, apply=False): +def tools_lemonrule(key=None, value=None, url=None, priority=None, delete=False, apply=False): """ """ @@ -312,7 +311,7 @@ def tools_lemonrule(id=None, url=None, key=None, value=None, priority=None, dele else: line = "$tmp" # locationRule formatter - if url is not None and id is not None: + if url is not None: # Remove potential "http://" or "https://" if '://' in url: url = url[url.index('://') + 3:] @@ -329,9 +328,9 @@ def tools_lemonrule(id=None, url=None, key=None, value=None, priority=None, dele line = line +"->{'locationRules'}->{'"+ domain +"'}" if priority is not None: - line = line +"->{'(?#"+ priority + id +")^"+ path +"'}" + line = line +"->{'(?#"+ priority + domain +")^"+ path +"'}" else: - line = line +"->{'(?#"+ id +"Z)^"+ path +"'}" + line = line +"->{'(?#"+ domain +"Z)^"+ path +"'}" # Free key formatter from tuple elif key is not None: