YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

admins: moaaar fixes, moaaar

Browse source
This commit is contained in:
Alexandre Aubin 2022-09-05 18:37:22 +02:00
parent 1d98604e88
commit 98bd15ebf2
3 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
src/migrations/0026_new_admins_group.py
View file

@ -24,7 +24,7 @@ class MyMigration(Migration):
@Migration.ldap_migration @Migration.ldap_migration
def run(self, *args): def run(self, *args):
from yunohost.user import user_list, user_info, user_group_update from yunohost.user import user_list, user_info, user_group_update, user_update
from yunohost.utils.ldap import _get_ldap_interface from yunohost.utils.ldap import _get_ldap_interface
ldap = _get_ldap_interface() ldap = _get_ldap_interface()
@ -36,7 +36,9 @@ class MyMigration(Migration):
new_admin_user = user new_admin_user = user
break break
if not new_admin_user: # NB: we handle the edge-case where no user exist at all
# which is useful for the CI etc.
if all_users and not new_admin_user:
new_admin_user = os.environ.get("YNH_NEW_ADMIN_USER") new_admin_user = os.environ.get("YNH_NEW_ADMIN_USER")
if new_admin_user: if new_admin_user:
assert new_admin_user in all_users, f"{new_admin_user} is not an existing yunohost user" assert new_admin_user in all_users, f"{new_admin_user} is not an existing yunohost user"
@ -52,10 +54,11 @@ yunohost tools migrations run""",
self.ldap_migration_started = True self.ldap_migration_started = True
aliases = user_info(new_admin_user).get("mail-aliases", []) if new_admin_user:
old_admin_aliases_to_remove = [alias for alias in aliases if any(alias.startswith(a) for a in ["root@", "admin@", "admins@", "webmaster@", "postmaster@", "abuse@"])] aliases = user_info(new_admin_user).get("mail-aliases", [])
old_admin_aliases_to_remove = [alias for alias in aliases if any(alias.startswith(a) for a in ["root@", "admin@", "admins@", "webmaster@", "postmaster@", "abuse@"])]
user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove) user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove)
stuff_to_delete = [ stuff_to_delete = [
"cn=admin,ou=sudo", "cn=admin,ou=sudo",
@ -88,7 +91,8 @@ yunohost tools migrations run""",
} }
) )
user_group_update(groupname="admins", add=new_admin_user, sync_perm=True) if new_admin_user:
user_group_update(groupname="admins", add=new_admin_user, sync_perm=True)
def run_after_system_restore(self): def run_after_system_restore(self):
self.run() self.run()

2
src/tests/test_user-group.py
View file

@ -28,7 +28,7 @@ def clean_user_groups():
user_delete(u, purge=True) user_delete(u, purge=True)
for g in user_group_list()["groups"]: for g in user_group_list()["groups"]:
if g not in ["all_users", "visitors"]: if g not in ["all_users", "visitors", "admins"]:
user_group_delete(g) user_group_delete(g)

2
src/user.py
View file

@ -425,7 +425,7 @@ def user_update(
# Ensure compatibility and sufficiently complex password # Ensure compatibility and sufficiently complex password
assert_password_is_compatible(change_password) assert_password_is_compatible(change_password)
is_admin = "cn=admins,ou=groups,dc=yunohost,dc=org" in result["memberOf"] is_admin = "cn=admins,ou=groups,dc=yunohost,dc=org" in user["memberOf"]
assert_password_is_strong_enough("admin" if is_admin else "user", change_password) assert_password_is_strong_enough("admin" if is_admin else "user", change_password)
new_attr_dict["userPassword"] = [_hash_user_password(change_password)] new_attr_dict["userPassword"] = [_hash_user_password(change_password)]