From 0c77e8c32a45da24ec22cc63aeea94499cdb35ca Mon Sep 17 00:00:00 2001
From: Johannes Zellner <johannes@nebulon.de>
Date: Fri, 23 Feb 2024 16:45:18 +0100
Subject: [PATCH] Update for closed regsitration release

---
 CloudronManifest.json |  1 -
 Dockerfile            |  4 +---
 POSTINSTALL.md        | 10 +++++++++-
 migrateUsers.js       | 45 -------------------------------------------
 start.sh              | 26 -------------------------
 test/test.js          |  4 ++--
 6 files changed, 12 insertions(+), 78 deletions(-)
 delete mode 100755 migrateUsers.js

diff --git a/CloudronManifest.json b/CloudronManifest.json
index c9a4d45..24f04b4 100644
--- a/CloudronManifest.json
+++ b/CloudronManifest.json
@@ -16,7 +16,6 @@
     "postgresql": {},
     "redis": {},
     "sendmail": {},
-    "ldap": {},
     "oidc": { "loginRedirectUri": "/auth/auth/openid_connect/callback" },
     "scheduler": {
       "cleanup": {
diff --git a/Dockerfile b/Dockerfile
index 8acb327..d1f2b79 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,9 +69,7 @@ RUN ln -sf /run/mastodon/supervisord.log /var/log/supervisor/supervisord.log
 RUN ln -fs /app/data/env.production /app/code/.env.production
 RUN ln -fs /app/data/system /app/code/public/system
 
-COPY migrateUsers.js start.sh cleanup.sh config.sh env.template cache-env.sh.template /app/pkg/
-
-RUN chmod +x /app/pkg/migrateUsers.js
+COPY start.sh cleanup.sh config.sh env.template cache-env.sh.template /app/pkg/
 
 CMD [ "/app/pkg/start.sh" ]
 
diff --git a/POSTINSTALL.md b/POSTINSTALL.md
index fa1a494..64de883 100644
--- a/POSTINSTALL.md
+++ b/POSTINSTALL.md
@@ -1,4 +1,6 @@
-Accounts are created with the username and the subdomain under which this app is installed  e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-FQDN`. Mastodon does not allow changing the domain part of the account later. See [the docs](https://docs.cloudron.io/apps/mastodon/#federation) for more information, if you want to change this domain.
+Accounts are created with the username and the subdomain under which this app is installed  e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-FQDN`.
+Mastodon does not allow changing the domain part of the account later.
+See [the docs](https://docs.cloudron.io/apps/mastodon/#federation) for more information, f you want to change this domain.
 
 <sso>
 **NOTE:**
@@ -7,3 +9,9 @@ Accounts are created with the username and the subdomain under which this app is
 * External registration [does not work well](https://github.com/mastodon/mastodon/issues/20655) when Cloudron user management is enabled.
 </sso>
 
+<nosso>
+**NOTE:**
+* Open registration is disabled by default. To enable this, see the [docs](https://docs.cloudron.io/apps/mastodon/#registration)
+
+* To add an initial account follow those [instructions](https://docs.cloudron.io/apps/mastodon/#adding-users)
+</nosso>
diff --git a/migrateUsers.js b/migrateUsers.js
deleted file mode 100755
index 89f760a..0000000
--- a/migrateUsers.js
+++ /dev/null
@@ -1,45 +0,0 @@
-#!/usr/bin/env node
-
-'use strict';
-
-const execSync = require('child_process').execSync;
-
-const ldapUserSearchCmd = `ldapsearch -LLL -x -H "${process.env.CLOUDRON_LDAP_URL}" -D "${process.env.CLOUDRON_LDAP_BIND_DN}" -w "${process.env.CLOUDRON_LDAP_BIND_PASSWORD}" -b "${process.env.CLOUDRON_LDAP_USERS_BASE_DN}"`
-const postgresCmd = `PGPASSWORD=${process.env.CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${process.env.CLOUDRON_POSTGRESQL_HOST} -p ${process.env.CLOUDRON_POSTGRESQL_PORT} -U ${process.env.CLOUDRON_POSTGRESQL_USERNAME} -d ${process.env.CLOUDRON_POSTGRESQL_DATABASE}`
-
-let usersTableExists = execSync(`${postgresCmd} -AXqtc "SELECT count(*) FROM information_schema.tables WHERE table_schema LIKE 'public' AND table_type LIKE 'BASE TABLE' AND table_name = 'users'"`);
-if (usersTableExists == 0) {
-    console.log("DB hasn't been initialised yet. Nothing to migrate.");
-    process.exit(0);
-}
-
-let ldapProfiles = execSync(`${postgresCmd} -AXqtc "SELECT count(*) FROM users u JOIN accounts a ON a.id=u.account_id LEFT JOIN identities i ON i.uid=a.username WHERE i.uid IS NULL"`);
-console.log(`LDAP profiles in DB: ${ldapProfiles}`);
-if (ldapProfiles == 0) {
-    console.log("Nothing to migrate. All users' profiles are up-to-date.");
-    process.exit(0);
-}
-
-const ldapSearchOutput = execSync(ldapUserSearchCmd, { encoding: 'utf8' });
-
-const users = {};
-
-let userId;
-for (let line of ldapSearchOutput.split('\n')) {
-    if (line.startsWith('uid:')) userId = line.split(':')[1].trim();
-    if (line.startsWith('username:')) users[userId] = line.split(':')[1].trim();
-}
-
-console.log('Found usermapping:', users);
-
-for (let id in users) {
-    let uid = execSync(`${postgresCmd} -AXqtc "SELECT u.id FROM users u JOIN accounts a ON a.id=u.account_id WHERE NOT EXISTS (SELECT 1 FROM identities WHERE provider='openid_connect' AND uid='${users[id]}') AND a.username='${users[id]}'"`).toString().trim();
-    if (!uid)
-        continue;
-
-    console.log(`Migrate ${users[id]} to OIDC`);
-    execSync(`${postgresCmd} -c "INSERT INTO identities (provider, uid, user_id, created_at, updated_at) VALUES ('openid_connect', '${users[id]}', ${uid}, NOW(), NOW())"`);
-    console.log(`"INSERT INTO identities (provider, uid, user_id, created_at, updated_at) VALUES ('openid_connect', '${users[id]}', ${uid}, NOW(), NOW())"`);
-}
-
-console.log('Done');
diff --git a/start.sh b/start.sh
index cc3900b..a79dc36 100755
--- a/start.sh
+++ b/start.sh
@@ -30,33 +30,7 @@ sed -e "s/DB_HOST=.*/DB_HOST=${CLOUDRON_POSTGRESQL_HOST}/g" \
     -e "s/WEB_DOMAIN=.*/WEB_DOMAIN=${CLOUDRON_APP_DOMAIN}/g" \
     -i /app/data/env.production
 
-# migrate LDAP settings to OIDC (should be removed on the next release)
-if grep -q "^LDAP_ENABLED" /app/data/env.production; then
-    # get rid LDAP settings
-    sed -e "s/LDAP_.*//g" \
-        -e "s/# SSO configuration//g" \
-        -i /app/data/env.production
-
-    cat >> /app/data/env.production <<EOT
-# SSO configuration
-OIDC_ENABLED=
-OIDC_DISPLAY_NAME=
-OIDC_ISSUER=
-OIDC_CLIENT_ID=
-OIDC_CLIENT_SECRET=
-OIDC_REDIRECT_URI=
-OIDC_DISCOVERY=
-OIDC_SCOPE=
-OIDC_UID_FIELD=
-OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=
-EOT
-fi
-
 if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
-    # should be removed on the next release
-    echo "==> migrating LDAP users to OIDC"
-    /app/pkg/migrateUsers.js
-
     echo "==> Setting up OIDC"
     sed -e "s/OIDC_ENABLED=.*/OIDC_ENABLED=true/g" \
         -e "s/OIDC_DISPLAY_NAME=.*/OIDC_DISPLAY_NAME=Cloudron/g" \
diff --git a/test/test.js b/test/test.js
index 6dae568..2e92d02 100755
--- a/test/test.js
+++ b/test/test.js
@@ -134,7 +134,7 @@ describe('Application life cycle test', function () {
     it('install app (no sso)', function () { execSync('cloudron install --no-sso --location ' + LOCATION, EXEC_ARGS); });
     it('can get app information', getAppInfo);
 
-    it('has registration open', checkRegistration.bind(null, 'open'));
+    it('has registration open', checkRegistration.bind(null, 'none'));
     let testPassword;
     it('create a user with CLI', function () {
         let output = execSync('cloudron exec --app ' + LOCATION + ' -- bin/tootctl accounts create test --email=test@cloudron.io', { cwd: path.resolve(__dirname, '..'), encoding: 'utf8' });
@@ -199,7 +199,7 @@ describe('Application life cycle test', function () {
     it('can install app', function () { execSync('cloudron install --appstore-id ' + manifest.id + ' --location ' + LOCATION, EXEC_ARGS); });
     it('can get app information', getAppInfo);
     // needs to be changed to loginOIDC on the next release
-    it('can LDAP login', login.bind(null, username, password));
+    it('can OIDC login', loginOIDC.bind(null, username, password));
     it('can logout', logout);
 
     it('can update', async function () {