mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
[enh] Backport prerefactoring branch modifications
This commit is contained in:
parent
fd55b8496f
commit
d2941035d4
6 changed files with 127 additions and 20 deletions
|
@ -487,6 +487,17 @@ app:
|
|||
full: --sql
|
||||
help: Initial SQL file
|
||||
|
||||
### app_makedefault()
|
||||
makedefault:
|
||||
action_help: Redirect domain root to an app
|
||||
api: PUT /app/default
|
||||
arguments:
|
||||
app:
|
||||
help: App name to put on domain root
|
||||
-d:
|
||||
full: --domain
|
||||
help: Specific domain to put app on (the app domain by default)
|
||||
|
||||
### app_ssowatconf()
|
||||
ssowatconf:
|
||||
action_help: Regenerate SSOwat configuration file
|
||||
|
|
|
@ -644,6 +644,48 @@ def app_clearaccess(auth, apps):
|
|||
|
||||
app_ssowatconf(auth)
|
||||
|
||||
def app_makedefault(app, domain=None):
|
||||
"""
|
||||
Redirect domain root to an app
|
||||
|
||||
Keyword argument:
|
||||
app
|
||||
domain
|
||||
|
||||
"""
|
||||
if not _is_installed(app):
|
||||
raise MoulinetteError(22, _("App is not installed"))
|
||||
|
||||
app_domain = app_setting(app, 'domain')
|
||||
app_path = app_setting(app, 'path')
|
||||
|
||||
if domain is None:
|
||||
domain = app_domain
|
||||
elif domain not in domain_list()['Domains']:
|
||||
raise MoulinetteError(22, _("Domain doesn't exists"))
|
||||
|
||||
if '/' in app_map(raw=True)[domain]:
|
||||
raise MoulinetteError(1, _("An app is already installed on this location"))
|
||||
|
||||
try:
|
||||
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||
ssowat_conf = json.loads(str(json_conf.read()))
|
||||
except IOError:
|
||||
ssowat_conf = {}
|
||||
|
||||
if 'redirected_urls' not in ssowat_conf:
|
||||
ssowat_conf['redirected_urls'] = {}
|
||||
|
||||
ssowat_conf['redirected_urls'][domain +'/'] = app_domain + app_path
|
||||
|
||||
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||
|
||||
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
|
||||
|
||||
win_msg('SSOwat persistent configuration has been updated')
|
||||
|
||||
|
||||
|
||||
def app_setting(app, key, value=None, delete=False):
|
||||
"""
|
||||
|
@ -840,6 +882,7 @@ def app_ssowatconf(auth):
|
|||
unprotected_regex = []
|
||||
protected_urls = []
|
||||
protected_regex = []
|
||||
redirected_regex = { main_domain +'/yunohost[\/]?$': 'https://'+ main_domain +'/yunohost/sso/' }
|
||||
|
||||
apps = {}
|
||||
for app in app_list()['Apps']:
|
||||
|
@ -880,7 +923,7 @@ def app_ssowatconf(auth):
|
|||
if not 'portal_domain' in conf_dict:
|
||||
conf_dict['portal_domain'] = main_domain
|
||||
if not 'portal_path' in conf_dict:
|
||||
conf_dict['portal_path'] = '/ynhsso/'
|
||||
conf_dict['portal_path'] = '/yunohost/sso/'
|
||||
if not 'portal_port' in conf_dict:
|
||||
conf_dict['portal_port'] = '443'
|
||||
if not 'portal_scheme' in conf_dict:
|
||||
|
@ -899,6 +942,7 @@ def app_ssowatconf(auth):
|
|||
conf_dict['skipped_regex'] = skipped_regex
|
||||
conf_dict['unprotected_regex'] = unprotected_regex
|
||||
conf_dict['protected_regex'] = protected_regex
|
||||
conf_dict['redirected_regex'] = redirected_regex
|
||||
conf_dict['users'] = users
|
||||
|
||||
with open('/etc/ssowat/conf.json', 'w+') as f:
|
||||
|
|
|
@ -2,10 +2,10 @@ UPNP:
|
|||
cron: false
|
||||
ports:
|
||||
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||
UDP: [53, 137, 138]
|
||||
UDP: [53]
|
||||
ipv4:
|
||||
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||
UDP: [53, 137, 138]
|
||||
ipv6:
|
||||
TCP: [22]
|
||||
UDP: [53]
|
||||
ipv6:
|
||||
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
|
||||
UDP: [53]
|
||||
|
|
|
@ -155,7 +155,7 @@ def firewall_reload(upnp=False):
|
|||
|
||||
if os.path.exists("/proc/net/if_inet6"):
|
||||
os.system("ip6tables -A INPUT -i lo -j ACCEPT")
|
||||
os.system("ip6tables -A INPUT -p icmp -j ACCEPT")
|
||||
os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT")
|
||||
os.system("ip6tables -P INPUT DROP")
|
||||
|
||||
os.system("service fail2ban restart")
|
||||
|
|
|
@ -225,6 +225,23 @@ def tools_postinstall(domain, password, dyndns=False):
|
|||
if os.system('hostname -d') != 0:
|
||||
os.system('hostname yunohost.yunohost.org')
|
||||
|
||||
# Add a temporary SSOwat rule to redirect SSO to admin page
|
||||
try:
|
||||
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||
ssowat_conf = json.loads(str(json_conf.read()))
|
||||
except IOError:
|
||||
ssowat_conf = {}
|
||||
|
||||
if 'redirected_urls' not in ssowat_conf:
|
||||
ssowat_conf['redirected_urls'] = {}
|
||||
|
||||
ssowat_conf['redirected_urls']['/'] = domain +'/yunohost/admin'
|
||||
|
||||
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||
|
||||
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
|
||||
|
||||
# Create SSL CA
|
||||
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
|
||||
command_list = [
|
||||
|
|
|
@ -28,6 +28,7 @@ import sys
|
|||
import crypt
|
||||
import random
|
||||
import string
|
||||
import json
|
||||
|
||||
from moulinette.core import MoulinetteError
|
||||
|
||||
|
@ -137,10 +138,39 @@ def user_create(auth, username, firstname, lastname, mail, password):
|
|||
'uidNumber' : uid,
|
||||
'homeDirectory' : '/home/' + username,
|
||||
'loginShell' : '/bin/false'
|
||||
|
||||
}
|
||||
|
||||
# If it is the first user, add some aliases
|
||||
if not yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=*'):
|
||||
with open('/etc/yunohost/current_host') as f:
|
||||
main_domain = f.readline().rstrip()
|
||||
aliases = [
|
||||
'root@'+ main_domain,
|
||||
'admin@'+ main_domain,
|
||||
'webmaster@'+ main_domain,
|
||||
'postmaster@'+ main_domain,
|
||||
]
|
||||
attr_dict['mail'] = [ attr_dict['mail'] ] + aliases
|
||||
|
||||
# If exists, remove the redirection from the SSO
|
||||
try:
|
||||
with open('/etc/ssowat/conf.json.persistent') as json_conf:
|
||||
ssowat_conf = json.loads(str(json_conf.read()))
|
||||
|
||||
if 'redirected_urls' in ssowat_conf and '/' in ssowat_conf['redirected_urls']:
|
||||
del ssowat_conf['redirected_urls']['/']
|
||||
|
||||
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
|
||||
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
|
||||
|
||||
except IOError: pass
|
||||
|
||||
|
||||
if auth.add(rdn, attr_dict):
|
||||
# Update SFTP user group
|
||||
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
|
||||
memberlist.append(username)
|
||||
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
|
||||
os.system("su - %s -c ''" % username)
|
||||
os.system('yunohost app ssowatconf > /dev/null 2>&1')
|
||||
#TODO: Send a welcome mail to user
|
||||
|
@ -148,7 +178,7 @@ def user_create(auth, username, firstname, lastname, mail, password):
|
|||
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
|
||||
|
||||
return { 'fullname' : fullname, 'username' : username, 'mail' : mail }
|
||||
else:
|
||||
|
||||
raise MoulinetteError(169, _("An error occurred during user creation"))
|
||||
|
||||
|
||||
|
@ -167,6 +197,11 @@ def user_delete(auth, users, purge=False):
|
|||
|
||||
for user in users:
|
||||
if auth.remove('uid=%s,ou=users' % user):
|
||||
# Update SFTP user group
|
||||
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
|
||||
try: memberlist.remove(user)
|
||||
except: pass
|
||||
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
|
||||
if purge:
|
||||
os.system('rm -rf /home/%s' % user)
|
||||
deleted.append(user)
|
||||
|
|
Loading…
Reference in a new issue