From fd2d83bd2bf20fafc63daf5041db0151a4b4d17d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 7 May 2019 15:19:24 +0200 Subject: Move wallabag to pkgs --- nixops/modules/websites/tools/tools/default.nix | 5 +- nixops/modules/websites/tools/tools/wallabag.nix | 338 +++++----- .../websites/tools/tools/wallabag_ldap.patch | 698 --------------------- 3 files changed, 147 insertions(+), 894 deletions(-) delete mode 100644 nixops/modules/websites/tools/tools/wallabag_ldap.patch (limited to 'nixops/modules/websites') diff --git a/nixops/modules/websites/tools/tools/default.nix b/nixops/modules/websites/tools/tools/default.nix index 22588fb..addb2c3 100644 --- a/nixops/modules/websites/tools/tools/default.nix +++ b/nixops/modules/websites/tools/tools/default.nix @@ -16,7 +16,10 @@ let kanboard = pkgs.callPackage ./kanboard.nix { env = myconfig.env.tools.kanboard; }; - wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; }; + wallabag = pkgs.callPackage ./wallabag.nix { + inherit (pkgs.webapps) wallabag; + env = myconfig.env.tools.wallabag; + }; yourls = pkgs.callPackage ./yourls.nix { inherit (pkgs.webapps) yourls yourls-plugins; env = myconfig.env.tools.yourls; diff --git a/nixops/modules/websites/tools/tools/wallabag.nix b/nixops/modules/websites/tools/tools/wallabag.nix index 596b9bc..d6e5882 100644 --- a/nixops/modules/websites/tools/tools/wallabag.nix +++ b/nixops/modules/websites/tools/tools/wallabag.nix @@ -1,200 +1,148 @@ -{ stdenv, fetchurl, writeText, env, composerEnv, phpPackages, php, which }: -let - wallabag = rec { - varDir = "/var/lib/wallabag"; - keys = [{ - dest = "webapps/tools-wallabag"; - user = apache.user; - group = apache.group; - permissions = "0400"; - text = '' - # This file is auto-generated during the composer install - parameters: - database_driver: pdo_pgsql - database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver - database_host: ${env.postgresql.socket} - database_port: ${env.postgresql.port} - database_name: ${env.postgresql.database} - database_user: ${env.postgresql.user} - database_password: ${env.postgresql.password} - database_path: null - database_table_prefix: wallabag_ - database_socket: null - database_charset: utf8 - domain_name: https://tools.immae.eu/wallabag - mailer_transport: sendmail - mailer_host: 127.0.0.1 - mailer_user: null - mailer_password: null - locale: fr - secret: ${env.secret} - twofactor_auth: true - twofactor_sender: wallabag@tools.immae.eu - fosuser_registration: false - fosuser_confirmation: true - from_email: wallabag@tools.immae.eu - rss_limit: 50 - rabbitmq_host: localhost - rabbitmq_port: 5672 - rabbitmq_user: guest - rabbitmq_password: guest - rabbitmq_prefetch_count: 10 - redis_scheme: unix - redis_host: null - redis_port: null - redis_path: ${env.redis.socket} - redis_password: null - sites_credentials: { } - ldap_enabled: true - ldap_host: ldap.immae.eu - ldap_port: 636 - ldap_tls: false - ldap_ssl: true - ldap_bind_requires_dn: true - ldap_base: 'dc=immae,dc=eu' - ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' - ldap_manager_pw: ${env.ldap.password} - ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' - ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' - ldap_username_attribute: uid - ldap_email_attribute: mail - ldap_name_attribute: cn - ldap_enabled_attribute: null - services: - swiftmailer.mailer.default.transport: - class: Swift_SendmailTransport - arguments: ['/run/wrappers/bin/sendmail -bs'] - ''; - }]; - webappDir = composerEnv.buildPackage rec { - packages = { - "fr3d/ldap-bundle" = { - targetDir = ""; - src = composerEnv.buildZipPackage { - name = "fr3d-ldap-bundle-5a8927c11af45fa06331b97221c6da1a4a237475"; - src = fetchurl { - url = https://api.github.com/repos/Maks3w/FR3DLdapBundle/zipball/5a8927c11af45fa06331b97221c6da1a4a237475; - sha256 = "168zkd82j200wd6h0a3lq81g5s2pifg889rv27q2g429nppsbfxc"; - }; - }; - }; - "zendframework/zend-ldap" = { - targetDir = ""; - src = composerEnv.buildZipPackage { - name = "zendframework-zend-ldap-b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49"; - src = fetchurl { - url = https://api.github.com/repos/zendframework/zend-ldap/zipball/b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49; - sha256 = "0mn4yqnb5prqhrbbybmw1i2rx7xf4s4wagbdq9qi55fa0vk3jgw9"; - }; - }; - }; - }; - noDev = true; - doRemoveVendor = false; - # Beware when upgrading, I probably messed up with the migrations table - # (due to a psql bug in wallabag) - version = "2.3.6"; - name = "wallabag-${version}"; - src = fetchurl { - url = "https://static.wallabag.org/releases/wallabag-release-${version}.tar.gz"; - sha256 = "0m0dy3r94ks5pfxyb9vbgrsm0vrwdl3jd5wqwg4f5vd107lq90q1"; - }; - unpackPhase = '' - unpackFile "$src" - sourceRoot=${version} - src=$PWD/${version} - ''; - patches = [ ./wallabag_ldap.patch ]; - preInstall = '' - export SYMFONY_ENV="prod" +{ env, wallabag }: +rec { + varDir = "/var/lib/wallabag"; + keys = [{ + dest = "webapps/tools-wallabag"; + user = apache.user; + group = apache.group; + permissions = "0400"; + text = '' + # This file is auto-generated during the composer install + parameters: + database_driver: pdo_pgsql + database_driver_class: Wallabag\CoreBundle\Doctrine\DBAL\Driver\CustomPostgreSQLDriver + database_host: ${env.postgresql.socket} + database_port: ${env.postgresql.port} + database_name: ${env.postgresql.database} + database_user: ${env.postgresql.user} + database_password: ${env.postgresql.password} + database_path: null + database_table_prefix: wallabag_ + database_socket: null + database_charset: utf8 + domain_name: https://tools.immae.eu/wallabag + mailer_transport: sendmail + mailer_host: 127.0.0.1 + mailer_user: null + mailer_password: null + locale: fr + secret: ${env.secret} + twofactor_auth: true + twofactor_sender: wallabag@tools.immae.eu + fosuser_registration: false + fosuser_confirmation: true + from_email: wallabag@tools.immae.eu + rss_limit: 50 + rabbitmq_host: localhost + rabbitmq_port: 5672 + rabbitmq_user: guest + rabbitmq_password: guest + rabbitmq_prefetch_count: 10 + redis_scheme: unix + redis_host: null + redis_port: null + redis_path: ${env.redis.socket} + redis_password: null + sites_credentials: { } + ldap_enabled: true + ldap_host: ldap.immae.eu + ldap_port: 636 + ldap_tls: false + ldap_ssl: true + ldap_bind_requires_dn: true + ldap_base: 'dc=immae,dc=eu' + ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' + ldap_manager_pw: ${env.ldap.password} + ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' + ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' + ldap_username_attribute: uid + ldap_email_attribute: mail + ldap_name_attribute: cn + ldap_enabled_attribute: null + services: + swiftmailer.mailer.default.transport: + class: Swift_SendmailTransport + arguments: ['/run/wrappers/bin/sendmail -bs'] ''; - postInstall = '' - rm -rf web/assets var/{cache,logs,sessions} app/config/parameters.yml data - ln -sf /var/secrets/webapps/tools-wallabag app/config/parameters.yml - ln -sf ${varDir}/var/{cache,logs,sessions} var - ln -sf ${varDir}/data data - ln -sf ${varDir}/assets web/assets - ''; - }; - activationScript = '' - install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ - ${varDir}/var ${varDir}/data/db ${varDir}/assets/images - ''; - webRoot = "${webappDir}/web"; - # Domain migration: Table wallabag_entry contains whole - # https://tools.immae.eu/wallabag domain name in preview_picture - apache = rec { - user = "wwwrun"; - group = "wwwrun"; - modules = [ "proxy_fcgi" ]; - webappName = "tools_wallabag"; - root = "/run/current-system/webapps/${webappName}"; - vhostConf = '' - Alias /wallabag "${root}" - - AllowOverride None - Require all granted - # For OAuth (apps) - CGIPassAuth On + }]; + webappDir = wallabag.override { ldap = true; wallabag_config = "/var/secrets/webapps/tools-wallabag"; }; + activationScript = '' + install -m 0755 -o ${apache.user} -g ${apache.group} -d ${varDir} \ + ${varDir}/var ${varDir}/data/db ${varDir}/assets/images + ''; + webRoot = "${webappDir}/web"; + # Domain migration: Table wallabag_entry contains whole + # https://tools.immae.eu/wallabag domain name in preview_picture + apache = rec { + user = "wwwrun"; + group = "wwwrun"; + modules = [ "proxy_fcgi" ]; + webappName = "tools_wallabag"; + root = "/run/current-system/webapps/${webappName}"; + vhostConf = '' + Alias /wallabag "${root}" + + AllowOverride None + Require all granted + # For OAuth (apps) + CGIPassAuth On - - SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" - + + SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost" + - - Options -MultiViews - RewriteEngine On - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^(.*)$ app.php [QSA,L] - - - - - RewriteEngine Off - - - - AllowOverride None - Require all granted - - ''; - }; - phpFpm = rec { - preStart = '' - if [ ! -f "${varDir}/currentWebappDir" -o \ - ! -f "${varDir}/currentKey" -o \ - "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ - || ! sha512sum -c --status ${varDir}/currentKey; then - pushd ${webappDir} > /dev/null - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear - rm -rf /var/lib/wallabag/var/cache/pro_ - /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction - popd > /dev/null - echo -n "${webappDir}" > ${varDir}/currentWebappDir - sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey - fi - ''; - serviceDeps = [ "postgresql.service" "openldap.service" ]; - basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; - socket = "/var/run/phpfpm/wallabag.sock"; - pool = '' - listen = ${socket} - user = ${apache.user} - group = ${apache.group} - listen.owner = ${apache.user} - listen.group = ${apache.group} - pm = dynamic - pm.max_children = 60 - pm.start_servers = 2 - pm.min_spare_servers = 1 - pm.max_spare_servers = 10 + + Options -MultiViews + RewriteEngine On + RewriteCond %{REQUEST_FILENAME} !-f + RewriteRule ^(.*)$ app.php [QSA,L] + + + + + RewriteEngine Off + + + + AllowOverride None + Require all granted + + ''; + }; + phpFpm = rec { + preStart = '' + if [ ! -f "${varDir}/currentWebappDir" -o \ + ! -f "${varDir}/currentKey" -o \ + "${webappDir}" != "$(cat ${varDir}/currentWebappDir 2>/dev/null)" ] \ + || ! sha512sum -c --status ${varDir}/currentKey; then + pushd ${webappDir} > /dev/null + /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod cache:clear + rm -rf /var/lib/wallabag/var/cache/pro_ + /run/wrappers/bin/sudo -u wwwrun ./bin/console --env=prod doctrine:migrations:migrate --no-interaction + popd > /dev/null + echo -n "${webappDir}" > ${varDir}/currentWebappDir + sha512sum /var/secrets/webapps/tools-wallabag > ${varDir}/currentKey + fi + ''; + serviceDeps = [ "postgresql.service" "openldap.service" ]; + basedir = builtins.concatStringsSep ":" [ webappDir "/var/secrets/webapps/tools-wallabag" varDir ]; + socket = "/var/run/phpfpm/wallabag.sock"; + pool = '' + listen = ${socket} + user = ${apache.user} + group = ${apache.group} + listen.owner = ${apache.user} + listen.group = ${apache.group} + pm = dynamic + pm.max_children = 60 + pm.start_servers = 2 + pm.min_spare_servers = 1 + pm.max_spare_servers = 10 - ; Needed to avoid clashes in browser cookies (same domain) - php_value[session.name] = WallabagPHPSESSID - php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" - php_value[max_execution_time] = 300 - ''; - }; + ; Needed to avoid clashes in browser cookies (same domain) + php_value[session.name] = WallabagPHPSESSID + php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:${basedir}:/tmp" + php_value[max_execution_time] = 300 + ''; }; -in - wallabag +} diff --git a/nixops/modules/websites/tools/tools/wallabag_ldap.patch b/nixops/modules/websites/tools/tools/wallabag_ldap.patch deleted file mode 100644 index 9caf7da..0000000 --- a/nixops/modules/websites/tools/tools/wallabag_ldap.patch +++ /dev/null @@ -1,698 +0,0 @@ -diff --git a/.travis.yml b/.travis.yml -index 04cea258..56b1f576 100644 ---- a/.travis.yml -+++ b/.travis.yml -@@ -58,6 +58,7 @@ install: - - before_script: - - PHP=$TRAVIS_PHP_VERSION -+ - echo "extension=ldap.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini - - if [[ ! $PHP = hhvm* ]]; then echo "memory_limit=-1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/conf.d/travis.ini; fi; - # xdebug isn't enable for PHP 7.1 - - if [[ ! $PHP = hhvm* ]]; then phpenv config-rm xdebug.ini || echo "xdebug not available"; fi -diff --git a/app/AppKernel.php b/app/AppKernel.php -index 40726f05..c4f465dc 100644 ---- a/app/AppKernel.php -+++ b/app/AppKernel.php -@@ -42,6 +42,10 @@ class AppKernel extends Kernel - new OldSound\RabbitMqBundle\OldSoundRabbitMqBundle(), - ]; - -+ if (class_exists('FR3D\\LdapBundle\\FR3DLdapBundle')) { -+ $bundles[] = new FR3D\LdapBundle\FR3DLdapBundle(); -+ } -+ - if (in_array($this->getEnvironment(), ['dev', 'test'], true)) { - $bundles[] = new Symfony\Bundle\DebugBundle\DebugBundle(); - $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle(); -diff --git a/app/DoctrineMigrations/Version20170710113900.php b/app/DoctrineMigrations/Version20170710113900.php -new file mode 100644 -index 00000000..7be83110 ---- /dev/null -+++ b/app/DoctrineMigrations/Version20170710113900.php -@@ -0,0 +1,54 @@ -+container = $container; -+ } -+ -+ private function getTable($tableName) -+ { -+ return $this->container->getParameter('database_table_prefix').$tableName; -+ } -+ -+ /** -+ * @param Schema $schema -+ */ -+ public function up(Schema $schema) -+ { -+ $usersTable = $schema->getTable($this->getTable('user')); -+ -+ $this->skipIf($usersTable->hasColumn('dn'), 'It seems that you already played this migration.'); -+ -+ $usersTable->addColumn('dn', 'text', [ -+ 'default' => null, -+ 'notnull' => false, -+ ]); -+ } -+ -+ /** -+ * @param Schema $schema -+ */ -+ public function down(Schema $schema) -+ { -+ $usersTable = $schema->getTable($this->getTable('user')); -+ $usersTable->dropColumn('dn'); -+ } -+} -+ -diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist -index 6b0cb8e8..cfd41b69 100644 ---- a/app/config/parameters.yml.dist -+++ b/app/config/parameters.yml.dist -@@ -62,3 +62,23 @@ parameters: - redis_port: 6379 - redis_path: null - redis_password: null -+ -+ # ldap configuration -+ # To enable, you need to require fr3d/ldap-bundle -+ ldap_enabled: false -+ ldap_host: localhost -+ ldap_port: 389 -+ ldap_tls: false -+ ldap_ssl: false -+ ldap_bind_requires_dn: true -+ ldap_base: dc=example,dc=com -+ ldap_manager_dn: ou=Manager,dc=example,dc=com -+ ldap_manager_pw: password -+ ldap_filter: (&(ObjectClass=Person)) -+ # optional (if null: no ldap user is admin) -+ ldap_admin_filter: (&(memberOf=ou=admins,dc=example,dc=com)(uid=%s)) -+ ldap_username_attribute: uid -+ ldap_email_attribute: mail -+ ldap_name_attribute: cn -+ # optional (default sets user as enabled unconditionally) -+ ldap_enabled_attribute: ~ -diff --git a/app/config/security.yml b/app/config/security.yml -index 02afc9ea..48fbb553 100644 ---- a/app/config/security.yml -+++ b/app/config/security.yml -@@ -6,6 +6,7 @@ security: - ROLE_ADMIN: ROLE_USER - ROLE_SUPER_ADMIN: [ ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH ] - -+ # /!\ This list is modified in WallabagUserBundle when LDAP is enabled - providers: - administrators: - entity: -@@ -36,6 +37,7 @@ security: - pattern: ^/login$ - anonymous: ~ - -+ # /!\ This section is modified in WallabagUserBundle when LDAP is enabled - secured_area: - pattern: ^/ - form_login: -diff --git a/composer.json b/composer.json -index 68cfad05..32a3d1a4 100644 ---- a/composer.json -+++ b/composer.json -@@ -85,7 +85,11 @@ - "friendsofsymfony/jsrouting-bundle": "^1.6.3", - "bdunogier/guzzle-site-authenticator": "^1.0.0", - "defuse/php-encryption": "^2.1", -- "html2text/html2text": "^4.1" -+ "html2text/html2text": "^4.1", -+ "fr3d/ldap-bundle": "^3.0" -+ }, -+ "suggest": { -+ "fr3d/ldap-bundle": "If you want to authenticate via LDAP" - }, - "require-dev": { - "doctrine/doctrine-fixtures-bundle": "~2.2", -diff --git a/composer.lock b/composer.lock -index 251ee081..37795e0b 100644 ---- a/composer.lock -+++ b/composer.lock -@@ -4,7 +4,7 @@ - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", - "This file is @generated automatically" - ], -- "content-hash": "d2a0bd8408dccdeb7a7455996519829b", -+ "content-hash": "4699d166d03a8e5f70d802d0bc3e6a20", - "packages": [ - { - "name": "bdunogier/guzzle-site-authenticator", -@@ -1346,6 +1346,65 @@ - ], - "time": "2018-12-14T19:44:53+00:00" - }, -+ { -+ "name": "fr3d/ldap-bundle", -+ "version": "v3.0.0", -+ "source": { -+ "type": "git", -+ "url": "https://github.com/Maks3w/FR3DLdapBundle.git", -+ "reference": "5a8927c11af45fa06331b97221c6da1a4a237475" -+ }, -+ "dist": { -+ "type": "zip", -+ "url": "https://api.github.com/repos/Maks3w/FR3DLdapBundle/zipball/5a8927c11af45fa06331b97221c6da1a4a237475", -+ "reference": "5a8927c11af45fa06331b97221c6da1a4a237475", -+ "shasum": "" -+ }, -+ "require": { -+ "php": ">=5.5", -+ "psr/log": "~1.0", -+ "symfony/config": "2.3 - 3", -+ "symfony/dependency-injection": "2.3 - 3", -+ "symfony/polyfill-php56": "^1.1", -+ "symfony/security": "2.3 - 3", -+ "symfony/security-bundle": "2.3 - 3", -+ "zendframework/zend-ldap": "2.5 - 3" -+ }, -+ "require-dev": { -+ "fabpot/php-cs-fixer": "1.11.*", -+ "fr3d/psr3-message-assertions": "0.1.*", -+ "friendsofsymfony/user-bundle": "~1.3", -+ "maks3w/phpunit-methods-trait": "^4.6", -+ "phpunit/phpunit": "^4.6", -+ "symfony/validator": "2.3 - 3" -+ }, -+ "suggest": { -+ "friendsofsymfony/user-bundle": "Integrate authentication and management for DB users, useful for unmanned LDAP servers", -+ "symfony/validator": "Allow pre-validate for existing users before register new ones" -+ }, -+ "type": "symfony-bundle", -+ "autoload": { -+ "psr-4": { -+ "FR3D\\LdapBundle\\": "" -+ } -+ }, -+ "notification-url": "https://packagist.org/downloads/", -+ "license": [ -+ "MIT" -+ ], -+ "authors": [ -+ { -+ "name": "Maks3w" -+ } -+ ], -+ "description": "This package provide users and authentication services based on LDAP directories for Symfony2 framework", -+ "homepage": "https://github.com/Maks3w/FR3DLdapBundle", -+ "keywords": [ -+ "Authentication", -+ "ldap" -+ ], -+ "time": "2016-02-12T17:45:14+00:00" -+ }, - { - "name": "friendsofsymfony/jsrouting-bundle", - "version": "1.6.3", -@@ -7027,6 +7086,59 @@ - "zf2" - ], - "time": "2018-04-25T15:33:34+00:00" -+ }, -+ { -+ "name": "zendframework/zend-ldap", -+ "version": "2.10.0", -+ "source": { -+ "type": "git", -+ "url": "https://github.com/zendframework/zend-ldap.git", -+ "reference": "b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49" -+ }, -+ "dist": { -+ "type": "zip", -+ "url": "https://api.github.com/repos/zendframework/zend-ldap/zipball/b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49", -+ "reference": "b63c7884a08d3a6bda60ebcf7d6238cf8ad89f49", -+ "shasum": "" -+ }, -+ "require": { -+ "ext-ldap": "*", -+ "php": "^5.6 || ^7.0" -+ }, -+ "require-dev": { -+ "php-mock/php-mock-phpunit": "^1.1.2 || ^2.1.1", -+ "phpunit/phpunit": "^5.7.27 || ^6.5.8 || ^7.1.2", -+ "zendframework/zend-coding-standard": "~1.0.0", -+ "zendframework/zend-config": "^2.5", -+ "zendframework/zend-eventmanager": "^2.6.3 || ^3.0.1", -+ "zendframework/zend-stdlib": "^2.7 || ^3.0" -+ }, -+ "suggest": { -+ "zendframework/zend-eventmanager": "Zend\\EventManager component" -+ }, -+ "type": "library", -+ "extra": { -+ "branch-alias": { -+ "dev-master": "2.10.x-dev", -+ "dev-develop": "2.11.x-dev" -+ } -+ }, -+ "autoload": { -+ "psr-4": { -+ "Zend\\Ldap\\": "src/" -+ } -+ }, -+ "notification-url": "https://packagist.org/downloads/", -+ "license": [ -+ "BSD-3-Clause" -+ ], -+ "description": "Provides support for LDAP operations including but not limited to binding, searching and modifying entries in an LDAP directory", -+ "keywords": [ -+ "ZendFramework", -+ "ldap", -+ "zf" -+ ], -+ "time": "2018-07-05T05:05:12+00:00" - } - ], - "packages-dev": [ -@@ -7561,12 +7673,12 @@ - "source": { - "type": "git", - "url": "https://github.com/symfony/phpunit-bridge.git", -- "reference": "5dab0d4b2ac99ab22b447b615fdfdc10ec4af3d5" -+ "reference": "d61ec438634e0f234c6bda1c6ee97016bbb0e7a1" - }, - "dist": { - "type": "zip", -- "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/5dab0d4b2ac99ab22b447b615fdfdc10ec4af3d5", -- "reference": "5dab0d4b2ac99ab22b447b615fdfdc10ec4af3d5", -+ "url": "https://api.github.com/repos/symfony/phpunit-bridge/zipball/d61ec438634e0f234c6bda1c6ee97016bbb0e7a1", -+ "reference": "d61ec438634e0f234c6bda1c6ee97016bbb0e7a1", - "shasum": "" - }, - "require": { -@@ -7619,7 +7731,7 @@ - ], - "description": "Symfony PHPUnit Bridge", - "homepage": "https://symfony.com", -- "time": "2019-01-01T13:45:19+00:00" -+ "time": "2019-01-16T13:27:11+00:00" - }, - { - "name": "symfony/polyfill-php72", -diff --git a/scripts/install.sh b/scripts/install.sh -index 8b7ea03f..3a4a33ab 100755 ---- a/scripts/install.sh -+++ b/scripts/install.sh -@@ -26,5 +26,8 @@ ENV=$1 - TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) - - git checkout $TAG -+if [ -n "$LDAP_ENABLED" ]; then -+ SYMFONY_ENV=$ENV $COMPOSER_COMMAND require --no-update fr3d/ldap-bundle -+fi - SYMFONY_ENV=$ENV $COMPOSER_COMMAND install --no-dev -o --prefer-dist - php bin/console wallabag:install --env=$ENV -diff --git a/scripts/update.sh b/scripts/update.sh -index c62d104a..6259a431 100755 ---- a/scripts/update.sh -+++ b/scripts/update.sh -@@ -32,6 +32,9 @@ git fetch origin - git fetch --tags - TAG=$(git describe --tags $(git rev-list --tags --max-count=1)) - git checkout $TAG --force -+if [ -n "$LDAP_ENABLED" ]; then -+ SYMFONY_ENV=$ENV $COMPOSER_COMMAND require --no-update fr3d/ldap-bundle -+fi - SYMFONY_ENV=$ENV $COMPOSER_COMMAND install --no-dev -o --prefer-dist - php bin/console doctrine:migrations:migrate --no-interaction --env=$ENV - php bin/console cache:clear --env=$ENV -diff --git a/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php b/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php -index 5ca3482e..904a6af1 100644 ---- a/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php -+++ b/src/Wallabag/UserBundle/DependencyInjection/WallabagUserExtension.php -@@ -6,9 +6,34 @@ use Symfony\Component\Config\FileLocator; - use Symfony\Component\DependencyInjection\ContainerBuilder; - use Symfony\Component\DependencyInjection\Loader; - use Symfony\Component\HttpKernel\DependencyInjection\Extension; -+use Symfony\Component\DependencyInjection\Extension\PrependExtensionInterface; - --class WallabagUserExtension extends Extension -+class WallabagUserExtension extends Extension implements PrependExtensionInterface - { -+ public function prepend(ContainerBuilder $container) -+ { -+ $ldap = $container->getParameter('ldap_enabled'); -+ -+ if ($ldap) { -+ $container->prependExtensionConfig('security', array( -+ 'providers' => array( -+ 'chain_provider' => array(), -+ ), -+ )); -+ $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); -+ $loader->load('ldap.yml'); -+ } elseif ($container->hasExtension('fr3d_ldap')) { -+ $container->prependExtensionConfig('fr3_d_ldap', array( -+ 'driver' => array( -+ 'host' => 'localhost', -+ ), -+ 'user' => array( -+ 'baseDn' => 'dc=example,dc=com', -+ ), -+ )); -+ } -+ } -+ - public function load(array $configs, ContainerBuilder $container) - { - $configuration = new Configuration(); -@@ -16,6 +41,9 @@ class WallabagUserExtension extends Extension - - $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__ . '/../Resources/config')); - $loader->load('services.yml'); -+ if ($container->getParameter('ldap_enabled')) { -+ $loader->load('ldap_services.yml'); -+ } - $container->setParameter('wallabag_user.registration_enabled', $config['registration_enabled']); - } - -diff --git a/src/Wallabag/UserBundle/Entity/User.php b/src/Wallabag/UserBundle/Entity/User.php -index 48446e3c..f93c59c7 100644 ---- a/src/Wallabag/UserBundle/Entity/User.php -+++ b/src/Wallabag/UserBundle/Entity/User.php -@@ -1,5 +1,15 @@ - clients->first(); - } - } -+ -+ /** -+ * Set dn. -+ * -+ * @param string $dn -+ * -+ * @return User -+ */ -+ public function setDn($dn) -+ { -+ $this->dn = $dn; -+ -+ return $this; -+ } -+ -+ /** -+ * Get dn. -+ * -+ * @return string -+ */ -+ public function getDn() -+ { -+ return $this->dn; -+ } -+ -+ public function isLdapUser() -+ { -+ return $this->dn !== null; -+ } - } -diff --git a/src/Wallabag/UserBundle/LdapHydrator.php b/src/Wallabag/UserBundle/LdapHydrator.php -new file mode 100644 -index 00000000..cea2450f ---- /dev/null -+++ b/src/Wallabag/UserBundle/LdapHydrator.php -@@ -0,0 +1,103 @@ -+userManager = $user_manager; -+ $this->eventDispatcher = $event_dispatcher; -+ -+ $this->attributesMap = array( -+ 'setUsername' => $attributes_map[0], -+ 'setEmail' => $attributes_map[1], -+ 'setName' => $attributes_map[2], -+ ); -+ $this->enabledAttribute = $attributes_map[3]; -+ -+ $this->ldapBaseDn = $ldap_base_dn; -+ $this->ldapAdminFilter = $ldap_admin_filter; -+ $this->ldapDriver = $ldap_driver; -+ } -+ -+ public function hydrate(array $ldapEntry) -+ { -+ $user = $this->userManager->findUserBy(array('dn' => $ldapEntry['dn'])); -+ -+ if (!$user) { -+ $user = $this->userManager->createUser(); -+ $user->setDn($ldapEntry['dn']); -+ $user->setPassword(''); -+ $user->setSalt(''); -+ $this->updateUserFields($user, $ldapEntry); -+ -+ $event = new UserEvent($user); -+ $this->eventDispatcher->dispatch(FOSUserEvents::USER_CREATED, $event); -+ -+ $this->userManager->reloadUser($user); -+ } else { -+ $this->updateUserFields($user, $ldapEntry); -+ } -+ -+ return $user; -+ } -+ -+ private function updateUserFields($user, $ldapEntry) -+ { -+ foreach ($this->attributesMap as $key => $value) { -+ if (is_array($ldapEntry[$value])) { -+ $ldap_value = $ldapEntry[$value][0]; -+ } else { -+ $ldap_value = $ldapEntry[$value]; -+ } -+ -+ call_user_func([$user, $key], $ldap_value); -+ } -+ -+ if ($this->enabledAttribute !== null) { -+ $user->setEnabled($ldapEntry[$this->enabledAttribute]); -+ } else { -+ $user->setEnabled(true); -+ } -+ -+ if ($this->isAdmin($user)) { -+ $user->addRole('ROLE_SUPER_ADMIN'); -+ } else { -+ $user->removeRole('ROLE_SUPER_ADMIN'); -+ } -+ -+ $this->userManager->updateUser($user, true); -+ } -+ -+ private function isAdmin($user) -+ { -+ if ($this->ldapAdminFilter === null) { -+ return false; -+ } -+ -+ $escaped_username = ldap_escape($user->getUsername(), '', LDAP_ESCAPE_FILTER); -+ $filter = sprintf($this->ldapAdminFilter, $escaped_username); -+ $entries = $this->ldapDriver->search($this->ldapBaseDn, $filter); -+ -+ return $entries['count'] == 1; -+ } -+} -diff --git a/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php b/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php -new file mode 100644 -index 00000000..8a851f12 ---- /dev/null -+++ b/src/Wallabag/UserBundle/OAuthStorageLdapWrapper.php -@@ -0,0 +1,43 @@ -+ldapManager = $ldap_manager; -+ } -+ -+ public function checkUserCredentials(IOAuth2Client $client, $username, $password) -+ { -+ try { -+ $user = $this->userProvider->loadUserByUsername($username); -+ } catch (AuthenticationException $e) { -+ return false; -+ } -+ -+ if ($user->isLdapUser()) { -+ return $this->checkLdapUserCredentials($user, $password); -+ } else { -+ return parent::checkUserCredentials($client, $username, $password); -+ } -+ } -+ -+ private function checkLdapUserCredentials($user, $password) -+ { -+ if ($this->ldapManager->bind($user, $password)) { -+ return array( -+ 'data' => $user, -+ ); -+ } else { -+ return false; -+ } -+ } -+} -diff --git a/src/Wallabag/UserBundle/Resources/config/ldap.yml b/src/Wallabag/UserBundle/Resources/config/ldap.yml -new file mode 100644 -index 00000000..5ec16088 ---- /dev/null -+++ b/src/Wallabag/UserBundle/Resources/config/ldap.yml -@@ -0,0 +1,28 @@ -+fr3d_ldap: -+ service: -+ user_hydrator: ldap_user_hydrator -+ driver: -+ host: "%ldap_host%" -+ port: "%ldap_port%" -+ useSsl: "%ldap_ssl%" -+ useStartTls: "%ldap_tls%" -+ bindRequiresDn: "%ldap_bind_requires_dn%" -+ username: "%ldap_manager_dn%" -+ password: "%ldap_manager_pw%" -+ user: -+ baseDn: "%ldap_base%" -+ filter: "%ldap_filter%" -+ usernameAttribute: "%ldap_username_attribute%" -+security: -+ providers: -+ chain_provider: -+ chain: -+ providers: [ fr3d_ldapbundle, fos_userbundle ] -+ fr3d_ldapbundle: -+ id: fr3d_ldap.security.user.provider -+ firewalls: -+ secured_area: -+ fr3d_ldap: ~ -+ form_login: -+ provider: chain_provider -+ -diff --git a/src/Wallabag/UserBundle/Resources/config/ldap_services.yml b/src/Wallabag/UserBundle/Resources/config/ldap_services.yml -new file mode 100644 -index 00000000..b3e3fd8a ---- /dev/null -+++ b/src/Wallabag/UserBundle/Resources/config/ldap_services.yml -@@ -0,0 +1,22 @@ -+services: -+ fos_oauth_server.server: -+ class: OAuth2\OAuth2 -+ arguments: -+ - "@oauth_storage_ldap_wrapper" -+ - "%fos_oauth_server.server.options%" -+ oauth_storage_ldap_wrapper: -+ class: Wallabag\UserBundle\OAuthStorageLdapWrapper -+ parent: fos_oauth_server.storage -+ calls: -+ - [setLdapManager, ["@fr3d_ldap.ldap_manager"]] -+ -+ ldap_user_hydrator: -+ class: Wallabag\UserBundle\LdapHydrator -+ arguments: -+ - "@fos_user.user_manager" -+ - "@event_dispatcher" -+ - [ "%ldap_username_attribute%", "%ldap_email_attribute%", "%ldap_name_attribute%", "%ldap_enabled_attribute%" ] -+ - "%ldap_base%" -+ - "%ldap_admin_filter%" -+ - "@fr3d_ldap.ldap_driver" -+ -- cgit v1.2.3