mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
[enh] Backport prerefactoring branch modifications
This commit is contained in:
parent
fd55b8496f
commit
d2941035d4
6 changed files with 127 additions and 20 deletions
|
@ -487,6 +487,17 @@ app:
|
||||||
full: --sql
|
full: --sql
|
||||||
help: Initial SQL file
|
help: Initial SQL file
|
||||||
|
|
||||||
|
### app_makedefault()
|
||||||
|
makedefault:
|
||||||
|
action_help: Redirect domain root to an app
|
||||||
|
api: PUT /app/default
|
||||||
|
arguments:
|
||||||
|
app:
|
||||||
|
help: App name to put on domain root
|
||||||
|
-d:
|
||||||
|
full: --domain
|
||||||
|
help: Specific domain to put app on (the app domain by default)
|
||||||
|
|
||||||
### app_ssowatconf()
|
### app_ssowatconf()
|
||||||
ssowatconf:
|
ssowatconf:
|
||||||
action_help: Regenerate SSOwat configuration file
|
action_help: Regenerate SSOwat configuration file
|
||||||
|
|
|
@ -644,6 +644,48 @@ def app_clearaccess(auth, apps):
|
||||||
|
|
||||||
app_ssowatconf(auth)
|
app_ssowatconf(auth)
|
||||||
|
|
||||||
|
def app_makedefault(app, domain=None):
|
||||||
|
"""
|
||||||
|
Redirect domain root to an app
|
||||||
|
|
||||||
|
Keyword argument:
|
||||||
|
app
|
||||||
|
domain
|
||||||
|
|
||||||
|
"""
|
||||||
|
if not _is_installed(app):
|
||||||
|
raise MoulinetteError(22, _("App is not installed"))
|
||||||
|
|
||||||
|
app_domain = app_setting(app, 'domain')
|
||||||
|
app_path = app_setting(app, 'path')
|
||||||
|
|
||||||
|
if domain is None:
|
||||||
|
domain = app_domain
|
||||||
|
elif domain not in domain_list()['Domains']:
|
||||||
|
raise MoulinetteError(22, _("Domain doesn't exists"))
|
||||||
|
|
||||||
|
if '/' in app_map(raw=True)[domain]:
|
||||||
|
raise MoulinetteError(1, _("An app is already installed on this location"))
|
||||||
|
|
||||||
|
try:
|
||||||
|
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||||
|
ssowat_conf = json.loads(str(json_conf.read()))
|
||||||
|
except IOError:
|
||||||
|
ssowat_conf = {}
|
||||||
|
|
||||||
|
if 'redirected_urls' not in ssowat_conf:
|
||||||
|
ssowat_conf['redirected_urls'] = {}
|
||||||
|
|
||||||
|
ssowat_conf['redirected_urls'][domain +'/'] = app_domain + app_path
|
||||||
|
|
||||||
|
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||||
|
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||||
|
|
||||||
|
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
|
||||||
|
|
||||||
|
win_msg('SSOwat persistent configuration has been updated')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def app_setting(app, key, value=None, delete=False):
|
def app_setting(app, key, value=None, delete=False):
|
||||||
"""
|
"""
|
||||||
|
@ -840,6 +882,7 @@ def app_ssowatconf(auth):
|
||||||
unprotected_regex = []
|
unprotected_regex = []
|
||||||
protected_urls = []
|
protected_urls = []
|
||||||
protected_regex = []
|
protected_regex = []
|
||||||
|
redirected_regex = { main_domain +'/yunohost[\/]?$': 'https://'+ main_domain +'/yunohost/sso/' }
|
||||||
|
|
||||||
apps = {}
|
apps = {}
|
||||||
for app in app_list()['Apps']:
|
for app in app_list()['Apps']:
|
||||||
|
@ -880,7 +923,7 @@ def app_ssowatconf(auth):
|
||||||
if not 'portal_domain' in conf_dict:
|
if not 'portal_domain' in conf_dict:
|
||||||
conf_dict['portal_domain'] = main_domain
|
conf_dict['portal_domain'] = main_domain
|
||||||
if not 'portal_path' in conf_dict:
|
if not 'portal_path' in conf_dict:
|
||||||
conf_dict['portal_path'] = '/ynhsso/'
|
conf_dict['portal_path'] = '/yunohost/sso/'
|
||||||
if not 'portal_port' in conf_dict:
|
if not 'portal_port' in conf_dict:
|
||||||
conf_dict['portal_port'] = '443'
|
conf_dict['portal_port'] = '443'
|
||||||
if not 'portal_scheme' in conf_dict:
|
if not 'portal_scheme' in conf_dict:
|
||||||
|
@ -899,6 +942,7 @@ def app_ssowatconf(auth):
|
||||||
conf_dict['skipped_regex'] = skipped_regex
|
conf_dict['skipped_regex'] = skipped_regex
|
||||||
conf_dict['unprotected_regex'] = unprotected_regex
|
conf_dict['unprotected_regex'] = unprotected_regex
|
||||||
conf_dict['protected_regex'] = protected_regex
|
conf_dict['protected_regex'] = protected_regex
|
||||||
|
conf_dict['redirected_regex'] = redirected_regex
|
||||||
conf_dict['users'] = users
|
conf_dict['users'] = users
|
||||||
|
|
||||||
with open('/etc/ssowat/conf.json', 'w+') as f:
|
with open('/etc/ssowat/conf.json', 'w+') as f:
|
||||||
|
|
|
@ -2,10 +2,10 @@ UPNP:
|
||||||
cron: false
|
cron: false
|
||||||
ports:
|
ports:
|
||||||
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||||
UDP: [53, 137, 138]
|
UDP: [53]
|
||||||
ipv4:
|
ipv4:
|
||||||
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||||
UDP: [53, 137, 138]
|
UDP: [53]
|
||||||
ipv6:
|
ipv6:
|
||||||
TCP: [22]
|
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||||
UDP: [53]
|
UDP: [53]
|
||||||
|
|
|
@ -155,7 +155,7 @@ def firewall_reload(upnp=False):
|
||||||
|
|
||||||
if os.path.exists("/proc/net/if_inet6"):
|
if os.path.exists("/proc/net/if_inet6"):
|
||||||
os.system("ip6tables -A INPUT -i lo -j ACCEPT")
|
os.system("ip6tables -A INPUT -i lo -j ACCEPT")
|
||||||
os.system("ip6tables -A INPUT -p icmp -j ACCEPT")
|
os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT")
|
||||||
os.system("ip6tables -P INPUT DROP")
|
os.system("ip6tables -P INPUT DROP")
|
||||||
|
|
||||||
os.system("service fail2ban restart")
|
os.system("service fail2ban restart")
|
||||||
|
|
|
@ -225,6 +225,23 @@ def tools_postinstall(domain, password, dyndns=False):
|
||||||
if os.system('hostname -d') != 0:
|
if os.system('hostname -d') != 0:
|
||||||
os.system('hostname yunohost.yunohost.org')
|
os.system('hostname yunohost.yunohost.org')
|
||||||
|
|
||||||
|
# Add a temporary SSOwat rule to redirect SSO to admin page
|
||||||
|
try:
|
||||||
|
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||||
|
ssowat_conf = json.loads(str(json_conf.read()))
|
||||||
|
except IOError:
|
||||||
|
ssowat_conf = {}
|
||||||
|
|
||||||
|
if 'redirected_urls' not in ssowat_conf:
|
||||||
|
ssowat_conf['redirected_urls'] = {}
|
||||||
|
|
||||||
|
ssowat_conf['redirected_urls']['/'] = domain +'/yunohost/admin'
|
||||||
|
|
||||||
|
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||||
|
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||||
|
|
||||||
|
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
|
||||||
|
|
||||||
# Create SSL CA
|
# Create SSL CA
|
||||||
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
||||||
command_list = [
|
command_list = [
|
||||||
|
|
|
@ -28,6 +28,7 @@ import sys
|
||||||
import crypt
|
import crypt
|
||||||
import random
|
import random
|
||||||
import string
|
import string
|
||||||
|
import json
|
||||||
|
|
||||||
from moulinette.core import MoulinetteError
|
from moulinette.core import MoulinetteError
|
||||||
|
|
||||||
|
@ -137,19 +138,48 @@ def user_create(auth, username, firstname, lastname, mail, password):
|
||||||
'uidNumber' : uid,
|
'uidNumber' : uid,
|
||||||
'homeDirectory' : '/home/' + username,
|
'homeDirectory' : '/home/' + username,
|
||||||
'loginShell' : '/bin/false'
|
'loginShell' : '/bin/false'
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if auth.add(rdn, attr_dict):
|
# If it is the first user, add some aliases
|
||||||
os.system("su - %s -c ''" % username)
|
if not yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=*'):
|
||||||
os.system('yunohost app ssowatconf > /dev/null 2>&1')
|
with open('/etc/yunohost/current_host') as f:
|
||||||
#TODO: Send a welcome mail to user
|
main_domain = f.readline().rstrip()
|
||||||
msignals.display(_("User '%s' successfully created.") % username, 'success')
|
aliases = [
|
||||||
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
|
'root@'+ main_domain,
|
||||||
|
'admin@'+ main_domain,
|
||||||
|
'webmaster@'+ main_domain,
|
||||||
|
'postmaster@'+ main_domain,
|
||||||
|
]
|
||||||
|
attr_dict['mail'] = [ attr_dict['mail'] ] + aliases
|
||||||
|
|
||||||
return { 'fullname' : fullname, 'username' : username, 'mail' : mail }
|
# If exists, remove the redirection from the SSO
|
||||||
else:
|
try:
|
||||||
raise MoulinetteError(169, _("An error occurred during user creation"))
|
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||||
|
ssowat_conf = json.loads(str(json_conf.read()))
|
||||||
|
|
||||||
|
if 'redirected_urls' in ssowat_conf and '/' in ssowat_conf['redirected_urls']:
|
||||||
|
del ssowat_conf['redirected_urls']['/']
|
||||||
|
|
||||||
|
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||||
|
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||||
|
|
||||||
|
except IOError: pass
|
||||||
|
|
||||||
|
|
||||||
|
if auth.add(rdn, attr_dict):
|
||||||
|
# Update SFTP user group
|
||||||
|
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
|
||||||
|
memberlist.append(username)
|
||||||
|
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
|
||||||
|
os.system("su - %s -c ''" % username)
|
||||||
|
os.system('yunohost app ssowatconf > /dev/null 2>&1')
|
||||||
|
#TODO: Send a welcome mail to user
|
||||||
|
msignals.display(_("User '%s' successfully created.") % username, 'success')
|
||||||
|
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
|
||||||
|
|
||||||
|
return { 'fullname' : fullname, 'username' : username, 'mail' : mail }
|
||||||
|
|
||||||
|
raise MoulinetteError(169, _("An error occurred during user creation"))
|
||||||
|
|
||||||
|
|
||||||
def user_delete(auth, users, purge=False):
|
def user_delete(auth, users, purge=False):
|
||||||
|
@ -167,10 +197,15 @@ def user_delete(auth, users, purge=False):
|
||||||
|
|
||||||
for user in users:
|
for user in users:
|
||||||
if auth.remove('uid=%s,ou=users' % user):
|
if auth.remove('uid=%s,ou=users' % user):
|
||||||
if purge:
|
# Update SFTP user group
|
||||||
os.system('rm -rf /home/%s' % user)
|
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
|
||||||
deleted.append(user)
|
try: memberlist.remove(user)
|
||||||
continue
|
except: pass
|
||||||
|
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
|
||||||
|
if purge:
|
||||||
|
os.system('rm -rf /home/%s' % user)
|
||||||
|
deleted.append(user)
|
||||||
|
continue
|
||||||
else:
|
else:
|
||||||
raise MoulinetteError(169, _("An error occurred during user deletion"))
|
raise MoulinetteError(169, _("An error occurred during user deletion"))
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue