[enh] Backport prerefactoring branch modifications

data/actionsmap/yunohost.yml

@@ -487,6 +487,17 @@ app:
                     full: --sql
                     help: Initial SQL file
 
+       ### app_makedefault()
+        makedefault:
+            action_help: Redirect domain root to an app
+            api: PUT /app/default
+            arguments:
+                app:
+                    help: App name to put on domain root
+                -d:
+                    full: --domain
+                    help: Specific domain to put app on (the app domain by default)
+
         ### app_ssowatconf()
         ssowatconf:
             action_help: Regenerate SSOwat configuration file

lib/yunohost/app.py

@@ -644,6 +644,48 @@ def app_clearaccess(auth, apps):
 
     app_ssowatconf(auth)
 
+def app_makedefault(app, domain=None):
+    """
+    Redirect domain root to an app
+
+    Keyword argument:
+        app
+        domain
+
+    """
+    if not _is_installed(app):
+        raise MoulinetteError(22, _("App is not installed"))
+
+    app_domain = app_setting(app, 'domain')
+    app_path   = app_setting(app, 'path')
+
+    if domain is None:
+        domain = app_domain
+    elif domain not in domain_list()['Domains']:
+        raise MoulinetteError(22, _("Domain doesn't exists"))
+
+    if '/' in app_map(raw=True)[domain]:
+        raise MoulinetteError(1, _("An app is already installed on this location"))
+
+    try:
+        with open('/etc/ssowat/conf.json.persistent') as json_conf:
+            ssowat_conf = json.loads(str(json_conf.read()))
+    except IOError:
+        ssowat_conf = {}
+
+    if 'redirected_urls' not in ssowat_conf:
+        ssowat_conf['redirected_urls'] = {}
+
+    ssowat_conf['redirected_urls'][domain +'/'] = app_domain + app_path
+
+    with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
+        json.dump(ssowat_conf, f, sort_keys=True, indent=4)
+
+    os.system('chmod 644 /etc/ssowat/conf.json.persistent')
+
+    win_msg('SSOwat persistent configuration has been updated')
+
+
 
 def app_setting(app, key, value=None, delete=False):
     """
@@ -840,6 +882,7 @@ def app_ssowatconf(auth):
     unprotected_regex = []
     protected_urls = []
     protected_regex = []
+    redirected_regex = { main_domain +'/yunohost[\/]?$': 'https://'+ main_domain +'/yunohost/sso/' }
 
     apps = {}
     for app in app_list()['Apps']:
@@ -880,7 +923,7 @@ def app_ssowatconf(auth):
     if not 'portal_domain' in conf_dict:
         conf_dict['portal_domain'] = main_domain
     if not 'portal_path' in conf_dict:
-        conf_dict['portal_path'] = '/ynhsso/'
+        conf_dict['portal_path'] = '/yunohost/sso/'
     if not 'portal_port' in conf_dict:
         conf_dict['portal_port'] = '443'
     if not 'portal_scheme' in conf_dict:
@@ -899,6 +942,7 @@ def app_ssowatconf(auth):
     conf_dict['skipped_regex'] = skipped_regex
     conf_dict['unprotected_regex'] = unprotected_regex
     conf_dict['protected_regex'] = protected_regex
+    conf_dict['redirected_regex'] = redirected_regex
     conf_dict['users'] = users
 
     with open('/etc/ssowat/conf.json', 'w+') as f:

lib/yunohost/data/firewall.yml

@@ -2,10 +2,10 @@ UPNP:
     cron: false
     ports:
         TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
-        UDP: [53, 137, 138]
+        UDP: [53]
 ipv4:
     TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
-    UDP: [53, 137, 138]
+    UDP: [53]
-ipv6:
+ipv6:
-    TCP: [22]
+    TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
     UDP: [53]

lib/yunohost/firewall.py

@@ -155,7 +155,7 @@ def firewall_reload(upnp=False):
 
     if os.path.exists("/proc/net/if_inet6"):
         os.system("ip6tables -A INPUT -i lo -j ACCEPT")
-        os.system("ip6tables -A INPUT -p icmp -j ACCEPT")
+        os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT")
         os.system("ip6tables -P INPUT DROP")
 
     os.system("service fail2ban restart")

lib/yunohost/tools.py

@@ -225,6 +225,23 @@ def tools_postinstall(domain, password, dyndns=False):
     if os.system('hostname -d') != 0:
         os.system('hostname yunohost.yunohost.org')
 
+    # Add a temporary SSOwat rule to redirect SSO to admin page
+    try:
+        with open('/etc/ssowat/conf.json.persistent') as json_conf:
+            ssowat_conf = json.loads(str(json_conf.read()))
+    except IOError:
+        ssowat_conf = {}
+
+    if 'redirected_urls' not in ssowat_conf:
+        ssowat_conf['redirected_urls'] = {}
+
+    ssowat_conf['redirected_urls']['/'] = domain +'/yunohost/admin'
+
+    with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
+        json.dump(ssowat_conf, f, sort_keys=True, indent=4)
+
+    os.system('chmod 644 /etc/ssowat/conf.json.persistent')
+
     # Create SSL CA
     ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
     command_list = [

lib/yunohost/user.py

@@ -28,6 +28,7 @@ import sys
 import crypt
 import random
 import string
+import json
 
 from moulinette.core import MoulinetteError
 
@@ -137,10 +138,39 @@ def user_create(auth, username, firstname, lastname, mail, password):
         'uidNumber'     : uid,
         'homeDirectory' : '/home/' + username,
         'loginShell'    : '/bin/false'
-
     }
 
+    # If it is the first user, add some aliases
+    if not yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=*'):
+        with open('/etc/yunohost/current_host') as f:
+            main_domain = f.readline().rstrip()
+        aliases = [
+            'root@'+ main_domain,
+            'admin@'+ main_domain,
+            'webmaster@'+ main_domain,
+            'postmaster@'+ main_domain,
+        ]
+        attr_dict['mail'] = [ attr_dict['mail'] ] + aliases
+
+        # If exists, remove the redirection from the SSO
+        try:
+            with open('/etc/ssowat/conf.json.persistent') as json_conf:
+                ssowat_conf = json.loads(str(json_conf.read()))
+
+            if 'redirected_urls' in ssowat_conf and '/' in ssowat_conf['redirected_urls']:
+                del ssowat_conf['redirected_urls']['/']
+
+            with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
+                json.dump(ssowat_conf, f, sort_keys=True, indent=4)
+
+        except IOError: pass
+
+    
     if auth.add(rdn, attr_dict):
+        # Update SFTP user group
+        memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
+        memberlist.append(username)
+        if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
             os.system("su - %s -c ''" % username)
             os.system('yunohost app ssowatconf > /dev/null 2>&1')
             #TODO: Send a welcome mail to user
@@ -148,7 +178,7 @@ def user_create(auth, username, firstname, lastname, mail, password):
             hook_callback('post_user_create', [username, mail, password, firstname, lastname])
 
             return { 'fullname' : fullname, 'username' : username, 'mail' : mail }
-    else:
+
     raise MoulinetteError(169, _("An error occurred during user creation"))
 
 
@@ -167,6 +197,11 @@ def user_delete(auth, users, purge=False):
 
     for user in users:
         if auth.remove('uid=%s,ou=users' % user):
+            # Update SFTP user group
+            memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
+            try: memberlist.remove(user)
+            except: pass
+            if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
                 if purge:
                     os.system('rm -rf /home/%s' % user)
                 deleted.append(user)