[enh] Backport prerefactoring branch modifications

This commit is contained in:
kload 2014-04-26 13:15:28 +00:00
parent fd55b8496f
commit d2941035d4
6 changed files with 127 additions and 20 deletions

View file

@ -487,6 +487,17 @@ app:
full: --sql
help: Initial SQL file
### app_makedefault()
makedefault:
action_help: Redirect domain root to an app
api: PUT /app/default
arguments:
app:
help: App name to put on domain root
-d:
full: --domain
help: Specific domain to put app on (the app domain by default)
### app_ssowatconf()
ssowatconf:
action_help: Regenerate SSOwat configuration file

View file

@ -644,6 +644,48 @@ def app_clearaccess(auth, apps):
app_ssowatconf(auth)
def app_makedefault(app, domain=None):
"""
Redirect domain root to an app
Keyword argument:
app
domain
"""
if not _is_installed(app):
raise MoulinetteError(22, _("App is not installed"))
app_domain = app_setting(app, 'domain')
app_path = app_setting(app, 'path')
if domain is None:
domain = app_domain
elif domain not in domain_list()['Domains']:
raise MoulinetteError(22, _("Domain doesn't exists"))
if '/' in app_map(raw=True)[domain]:
raise MoulinetteError(1, _("An app is already installed on this location"))
try:
with open('/etc/ssowat/conf.json.persistent') as json_conf:
ssowat_conf = json.loads(str(json_conf.read()))
except IOError:
ssowat_conf = {}
if 'redirected_urls' not in ssowat_conf:
ssowat_conf['redirected_urls'] = {}
ssowat_conf['redirected_urls'][domain +'/'] = app_domain + app_path
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
win_msg('SSOwat persistent configuration has been updated')
def app_setting(app, key, value=None, delete=False):
"""
@ -840,6 +882,7 @@ def app_ssowatconf(auth):
unprotected_regex = []
protected_urls = []
protected_regex = []
redirected_regex = { main_domain +'/yunohost[\/]?$': 'https://'+ main_domain +'/yunohost/sso/' }
apps = {}
for app in app_list()['Apps']:
@ -880,7 +923,7 @@ def app_ssowatconf(auth):
if not 'portal_domain' in conf_dict:
conf_dict['portal_domain'] = main_domain
if not 'portal_path' in conf_dict:
conf_dict['portal_path'] = '/ynhsso/'
conf_dict['portal_path'] = '/yunohost/sso/'
if not 'portal_port' in conf_dict:
conf_dict['portal_port'] = '443'
if not 'portal_scheme' in conf_dict:
@ -899,6 +942,7 @@ def app_ssowatconf(auth):
conf_dict['skipped_regex'] = skipped_regex
conf_dict['unprotected_regex'] = unprotected_regex
conf_dict['protected_regex'] = protected_regex
conf_dict['redirected_regex'] = redirected_regex
conf_dict['users'] = users
with open('/etc/ssowat/conf.json', 'w+') as f:

View file

@ -2,10 +2,10 @@ UPNP:
cron: false
ports:
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
UDP: [53, 137, 138]
UDP: [53]
ipv4:
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
UDP: [53, 137, 138]
ipv6:
TCP: [22]
UDP: [53]
ipv6:
TCP: [22, 25, 53, 80, 443, 465, 993, 5222, 5269, 5290]
UDP: [53]

View file

@ -155,7 +155,7 @@ def firewall_reload(upnp=False):
if os.path.exists("/proc/net/if_inet6"):
os.system("ip6tables -A INPUT -i lo -j ACCEPT")
os.system("ip6tables -A INPUT -p icmp -j ACCEPT")
os.system("ip6tables -A INPUT -p icmpv6 -j ACCEPT")
os.system("ip6tables -P INPUT DROP")
os.system("service fail2ban restart")

View file

@ -225,6 +225,23 @@ def tools_postinstall(domain, password, dyndns=False):
if os.system('hostname -d') != 0:
os.system('hostname yunohost.yunohost.org')
# Add a temporary SSOwat rule to redirect SSO to admin page
try:
with open('/etc/ssowat/conf.json.persistent') as json_conf:
ssowat_conf = json.loads(str(json_conf.read()))
except IOError:
ssowat_conf = {}
if 'redirected_urls' not in ssowat_conf:
ssowat_conf['redirected_urls'] = {}
ssowat_conf['redirected_urls']['/'] = domain +'/yunohost/admin'
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
os.system('chmod 644 /etc/ssowat/conf.json.persistent')
# Create SSL CA
ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
command_list = [

View file

@ -28,6 +28,7 @@ import sys
import crypt
import random
import string
import json
from moulinette.core import MoulinetteError
@ -137,10 +138,39 @@ def user_create(auth, username, firstname, lastname, mail, password):
'uidNumber' : uid,
'homeDirectory' : '/home/' + username,
'loginShell' : '/bin/false'
}
# If it is the first user, add some aliases
if not yldap.search(base='ou=users,dc=yunohost,dc=org', filter='uid=*'):
with open('/etc/yunohost/current_host') as f:
main_domain = f.readline().rstrip()
aliases = [
'root@'+ main_domain,
'admin@'+ main_domain,
'webmaster@'+ main_domain,
'postmaster@'+ main_domain,
]
attr_dict['mail'] = [ attr_dict['mail'] ] + aliases
# If exists, remove the redirection from the SSO
try:
with open('/etc/ssowat/conf.json.persistent') as json_conf:
ssowat_conf = json.loads(str(json_conf.read()))
if 'redirected_urls' in ssowat_conf and '/' in ssowat_conf['redirected_urls']:
del ssowat_conf['redirected_urls']['/']
with open('/etc/ssowat/conf.json.persistent', 'w+') as f:
json.dump(ssowat_conf, f, sort_keys=True, indent=4)
except IOError: pass
if auth.add(rdn, attr_dict):
# Update SFTP user group
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
memberlist.append(username)
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
os.system("su - %s -c ''" % username)
os.system('yunohost app ssowatconf > /dev/null 2>&1')
#TODO: Send a welcome mail to user
@ -148,7 +178,7 @@ def user_create(auth, username, firstname, lastname, mail, password):
hook_callback('post_user_create', [username, mail, password, firstname, lastname])
return { 'fullname' : fullname, 'username' : username, 'mail' : mail }
else:
raise MoulinetteError(169, _("An error occurred during user creation"))
@ -167,6 +197,11 @@ def user_delete(auth, users, purge=False):
for user in users:
if auth.remove('uid=%s,ou=users' % user):
# Update SFTP user group
memberlist = auth.search(filter='cn=sftpusers', attrs=['memberUid'])[0]['memberUid']
try: memberlist.remove(user)
except: pass
if auth.update('cn=sftpusers,ou=groups', { 'memberUid': memberlist }):
if purge:
os.system('rm -rf /home/%s' % user)
deleted.append(user)