mirror of
https://git.cloudron.io/cloudron/mastodon-app.git
synced 2024-11-23 08:10:59 +00:00
Update for closed regsitration release
This commit is contained in:
parent
6fa11cf195
commit
0c77e8c32a
6 changed files with 12 additions and 78 deletions
|
@ -16,7 +16,6 @@
|
|||
"postgresql": {},
|
||||
"redis": {},
|
||||
"sendmail": {},
|
||||
"ldap": {},
|
||||
"oidc": { "loginRedirectUri": "/auth/auth/openid_connect/callback" },
|
||||
"scheduler": {
|
||||
"cleanup": {
|
||||
|
|
|
@ -69,9 +69,7 @@ RUN ln -sf /run/mastodon/supervisord.log /var/log/supervisor/supervisord.log
|
|||
RUN ln -fs /app/data/env.production /app/code/.env.production
|
||||
RUN ln -fs /app/data/system /app/code/public/system
|
||||
|
||||
COPY migrateUsers.js start.sh cleanup.sh config.sh env.template cache-env.sh.template /app/pkg/
|
||||
|
||||
RUN chmod +x /app/pkg/migrateUsers.js
|
||||
COPY start.sh cleanup.sh config.sh env.template cache-env.sh.template /app/pkg/
|
||||
|
||||
CMD [ "/app/pkg/start.sh" ]
|
||||
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
Accounts are created with the username and the subdomain under which this app is installed e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-FQDN`. Mastodon does not allow changing the domain part of the account later. See [the docs](https://docs.cloudron.io/apps/mastodon/#federation) for more information, if you want to change this domain.
|
||||
Accounts are created with the username and the subdomain under which this app is installed e.g. `@$CLOUDRON-USERNAME@$CLOUDRON-APP-FQDN`.
|
||||
Mastodon does not allow changing the domain part of the account later.
|
||||
See [the docs](https://docs.cloudron.io/apps/mastodon/#federation) for more information, f you want to change this domain.
|
||||
|
||||
<sso>
|
||||
**NOTE:**
|
||||
|
@ -7,3 +9,9 @@ Accounts are created with the username and the subdomain under which this app is
|
|||
* External registration [does not work well](https://github.com/mastodon/mastodon/issues/20655) when Cloudron user management is enabled.
|
||||
</sso>
|
||||
|
||||
<nosso>
|
||||
**NOTE:**
|
||||
* Open registration is disabled by default. To enable this, see the [docs](https://docs.cloudron.io/apps/mastodon/#registration)
|
||||
|
||||
* To add an initial account follow those [instructions](https://docs.cloudron.io/apps/mastodon/#adding-users)
|
||||
</nosso>
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
#!/usr/bin/env node
|
||||
|
||||
'use strict';
|
||||
|
||||
const execSync = require('child_process').execSync;
|
||||
|
||||
const ldapUserSearchCmd = `ldapsearch -LLL -x -H "${process.env.CLOUDRON_LDAP_URL}" -D "${process.env.CLOUDRON_LDAP_BIND_DN}" -w "${process.env.CLOUDRON_LDAP_BIND_PASSWORD}" -b "${process.env.CLOUDRON_LDAP_USERS_BASE_DN}"`
|
||||
const postgresCmd = `PGPASSWORD=${process.env.CLOUDRON_POSTGRESQL_PASSWORD} psql -h ${process.env.CLOUDRON_POSTGRESQL_HOST} -p ${process.env.CLOUDRON_POSTGRESQL_PORT} -U ${process.env.CLOUDRON_POSTGRESQL_USERNAME} -d ${process.env.CLOUDRON_POSTGRESQL_DATABASE}`
|
||||
|
||||
let usersTableExists = execSync(`${postgresCmd} -AXqtc "SELECT count(*) FROM information_schema.tables WHERE table_schema LIKE 'public' AND table_type LIKE 'BASE TABLE' AND table_name = 'users'"`);
|
||||
if (usersTableExists == 0) {
|
||||
console.log("DB hasn't been initialised yet. Nothing to migrate.");
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
let ldapProfiles = execSync(`${postgresCmd} -AXqtc "SELECT count(*) FROM users u JOIN accounts a ON a.id=u.account_id LEFT JOIN identities i ON i.uid=a.username WHERE i.uid IS NULL"`);
|
||||
console.log(`LDAP profiles in DB: ${ldapProfiles}`);
|
||||
if (ldapProfiles == 0) {
|
||||
console.log("Nothing to migrate. All users' profiles are up-to-date.");
|
||||
process.exit(0);
|
||||
}
|
||||
|
||||
const ldapSearchOutput = execSync(ldapUserSearchCmd, { encoding: 'utf8' });
|
||||
|
||||
const users = {};
|
||||
|
||||
let userId;
|
||||
for (let line of ldapSearchOutput.split('\n')) {
|
||||
if (line.startsWith('uid:')) userId = line.split(':')[1].trim();
|
||||
if (line.startsWith('username:')) users[userId] = line.split(':')[1].trim();
|
||||
}
|
||||
|
||||
console.log('Found usermapping:', users);
|
||||
|
||||
for (let id in users) {
|
||||
let uid = execSync(`${postgresCmd} -AXqtc "SELECT u.id FROM users u JOIN accounts a ON a.id=u.account_id WHERE NOT EXISTS (SELECT 1 FROM identities WHERE provider='openid_connect' AND uid='${users[id]}') AND a.username='${users[id]}'"`).toString().trim();
|
||||
if (!uid)
|
||||
continue;
|
||||
|
||||
console.log(`Migrate ${users[id]} to OIDC`);
|
||||
execSync(`${postgresCmd} -c "INSERT INTO identities (provider, uid, user_id, created_at, updated_at) VALUES ('openid_connect', '${users[id]}', ${uid}, NOW(), NOW())"`);
|
||||
console.log(`"INSERT INTO identities (provider, uid, user_id, created_at, updated_at) VALUES ('openid_connect', '${users[id]}', ${uid}, NOW(), NOW())"`);
|
||||
}
|
||||
|
||||
console.log('Done');
|
26
start.sh
26
start.sh
|
@ -30,33 +30,7 @@ sed -e "s/DB_HOST=.*/DB_HOST=${CLOUDRON_POSTGRESQL_HOST}/g" \
|
|||
-e "s/WEB_DOMAIN=.*/WEB_DOMAIN=${CLOUDRON_APP_DOMAIN}/g" \
|
||||
-i /app/data/env.production
|
||||
|
||||
# migrate LDAP settings to OIDC (should be removed on the next release)
|
||||
if grep -q "^LDAP_ENABLED" /app/data/env.production; then
|
||||
# get rid LDAP settings
|
||||
sed -e "s/LDAP_.*//g" \
|
||||
-e "s/# SSO configuration//g" \
|
||||
-i /app/data/env.production
|
||||
|
||||
cat >> /app/data/env.production <<EOT
|
||||
# SSO configuration
|
||||
OIDC_ENABLED=
|
||||
OIDC_DISPLAY_NAME=
|
||||
OIDC_ISSUER=
|
||||
OIDC_CLIENT_ID=
|
||||
OIDC_CLIENT_SECRET=
|
||||
OIDC_REDIRECT_URI=
|
||||
OIDC_DISCOVERY=
|
||||
OIDC_SCOPE=
|
||||
OIDC_UID_FIELD=
|
||||
OIDC_SECURITY_ASSUME_EMAIL_IS_VERIFIED=
|
||||
EOT
|
||||
fi
|
||||
|
||||
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
|
||||
# should be removed on the next release
|
||||
echo "==> migrating LDAP users to OIDC"
|
||||
/app/pkg/migrateUsers.js
|
||||
|
||||
echo "==> Setting up OIDC"
|
||||
sed -e "s/OIDC_ENABLED=.*/OIDC_ENABLED=true/g" \
|
||||
-e "s/OIDC_DISPLAY_NAME=.*/OIDC_DISPLAY_NAME=Cloudron/g" \
|
||||
|
|
|
@ -134,7 +134,7 @@ describe('Application life cycle test', function () {
|
|||
it('install app (no sso)', function () { execSync('cloudron install --no-sso --location ' + LOCATION, EXEC_ARGS); });
|
||||
it('can get app information', getAppInfo);
|
||||
|
||||
it('has registration open', checkRegistration.bind(null, 'open'));
|
||||
it('has registration open', checkRegistration.bind(null, 'none'));
|
||||
let testPassword;
|
||||
it('create a user with CLI', function () {
|
||||
let output = execSync('cloudron exec --app ' + LOCATION + ' -- bin/tootctl accounts create test --email=test@cloudron.io', { cwd: path.resolve(__dirname, '..'), encoding: 'utf8' });
|
||||
|
@ -199,7 +199,7 @@ describe('Application life cycle test', function () {
|
|||
it('can install app', function () { execSync('cloudron install --appstore-id ' + manifest.id + ' --location ' + LOCATION, EXEC_ARGS); });
|
||||
it('can get app information', getAppInfo);
|
||||
// needs to be changed to loginOIDC on the next release
|
||||
it('can LDAP login', login.bind(null, username, password));
|
||||
it('can OIDC login', loginOIDC.bind(null, username, password));
|
||||
it('can logout', logout);
|
||||
|
||||
it('can update', async function () {
|
||||
|
|
Loading…
Reference in a new issue