diff --git a/patches/main/00-ldap-auth.patch b/patches/main/00-ldap-auth.patch index 3a36f5e..8e9a0d8 100644 --- a/patches/main/00-ldap-auth.patch +++ b/patches/main/00-ldap-auth.patch @@ -1,5 +1,15 @@ +From 488b781e030637ab6feafc0da640217e1d654ead Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= +Date: Tue, 11 Jun 2024 11:50:36 +0200 +Subject: [PATCH 1/3] Add ldap auth + +--- + app/config/security.yml | 12 ++++++++++++ + app/config/services.yml | 7 +++++++ + 2 files changed, 19 insertions(+) + diff --git a/app/config/security.yml b/app/config/security.yml -index 02afc9ea..5a3f7a34 100644 +index 9ab51621..f4ea3d47 100644 --- a/app/config/security.yml +++ b/app/config/security.yml @@ -13,6 +13,14 @@ security: @@ -8,39 +18,41 @@ index 02afc9ea..5a3f7a34 100644 id: fos_user.user_provider.username_email + yunohost_users: + ldap: -+ service: yunohost.ldap ++ service: Symfony\Component\Ldap\Ldap + base_dn: ou=users,dc=yunohost,dc=org + search_dn: + search_password: + filter: (&(uid={username})(objectClass=posixAccount)) + default_roles: ROLE_USER - + # the main part of the security, where you can set up firewalls # for specific sections of your app -@@ -38,6 +46,9 @@ security: - +@@ -39,6 +47,10 @@ security: + secured_area: pattern: ^/ + http_basic_ldap: -+ service: yunohost.ldap ++ provider: yunohost_users ++ service: Symfony\Component\Ldap\Ldap + dn_string: "uid={username},ou=users,dc=yunohost,dc=org" form_login: provider: fos_userbundle csrf_token_generator: security.csrf.token_manager diff --git a/app/config/services.yml b/app/config/services.yml -index 7b85d846..f23961c5 100644 +index 270e79d9..c67341e8 100644 --- a/app/config/services.yml +++ b/app/config/services.yml -@@ -43,6 +43,10 @@ services: +@@ -394,3 +394,10 @@ services: + public: false tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - -+ yunohost.ldap: -+ class: Symfony\Component\Ldap\LdapClient -+ arguments: ["localhost"] + - { name: pagerfanta.view, alias: default_wallabag } + - craue_config_cache_provider: - class: Symfony\Component\Cache\Adapter\FilesystemAdapter - public: false --- -2.17.1 ++ Symfony\Component\Ldap\Ldap: ++ arguments: ['@Symfony\Component\Ldap\Adapter\ExtLdap\Adapter'] ++ tags: [ldap] ++ Symfony\Component\Ldap\Adapter\ExtLdap\Adapter: ++ arguments: ++ - host: localhost +-- +2.45.1 + diff --git a/patches/main/01-logout-success-handler.patch b/patches/main/01-logout-success-handler.patch index d321d54..505c9f9 100644 --- a/patches/main/01-logout-success-handler.patch +++ b/patches/main/01-logout-success-handler.patch @@ -1,31 +1,40 @@ +From 711f4a49fa7d4c471cd905870fecaa6f83156d46 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= +Date: Tue, 11 Jun 2024 11:52:33 +0200 +Subject: [PATCH 2/3] Configure a custom logout success handler for yunohost + ldap + +--- + app/config/security.yml | 2 +- + app/config/services.yml | 3 +++ + .../Security/LogoutSuccessHandler.php | 27 +++++++++++++++++++ + 3 files changed, 31 insertions(+), 1 deletion(-) + create mode 100644 src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php + diff --git a/app/config/security.yml b/app/config/security.yml -index 5a3f7a34..1720e741 100644 +index f4ea3d47..de6b705b 100644 --- a/app/config/security.yml +++ b/app/config/security.yml -@@ -62,7 +62,7 @@ security: - +@@ -64,7 +64,7 @@ security: + logout: path: /logout - target: / + success_handler: yunohost.logout_success_handler - - access_control: - - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } + + two_factor: + provider: fos_userbundle diff --git a/app/config/services.yml b/app/config/services.yml -index f23961c5..f266e6d1 100644 +index c67341e8..7057ca42 100644 --- a/app/config/services.yml +++ b/app/config/services.yml -@@ -43,6 +43,10 @@ services: - tags: - - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - +@@ -401,3 +401,6 @@ services: + Symfony\Component\Ldap\Adapter\ExtLdap\Adapter: + arguments: + - host: localhost ++ + yunohost.logout_success_handler: + class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler -+ -+ - yunohost.ldap: - class: Symfony\Component\Ldap\LdapClient - arguments: ["localhost"] diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php new file mode 100644 index 00000000..b3268243 @@ -59,5 +68,6 @@ index 00000000..b3268243 + return new RedirectResponse($url); + } +} --- -2.17.1 +-- +2.45.1 + diff --git a/patches/main/02-oauth-workaround.patch b/patches/main/02-oauth-workaround.patch index 6326570..747030f 100644 --- a/patches/main/02-oauth-workaround.patch +++ b/patches/main/02-oauth-workaround.patch @@ -1,11 +1,25 @@ ---- a/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php 2016-02-22 13:57:55.000000000 +0000 -+++ b/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php 2017-04-13 17:16:06.298501506 +0000 -@@ -170,7 +170,7 @@ - if (null !== $user) { - $encoder = $this->encoderFactory->getEncoder($user); +From 85c26ff4df2191bf3494491f27e2922aa6b569c8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= +Date: Tue, 11 Jun 2024 11:54:25 +0200 +Subject: [PATCH 3/3] OAuthStorage workaround + +--- + .../oauth-server-bundle/Storage/OAuthStorage.php | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php b/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php +index 5ab6b7c9..7cb77913 100644 +--- a/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php ++++ b/vendor/friendsofsymfony/oauth-server-bundle/Storage/OAuthStorage.php +@@ -158,7 +158,7 @@ class OAuthStorage implements IOAuth2RefreshTokens, IOAuth2GrantUser, IOAuth2Gra + } + + $encoder = $this->encoderFactory->getEncoder($user); +- if ($encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) { ++ if (true) { + return [ + 'data' => $user, + ]; +-- +2.45.1 -- if ($encoder->isPasswordValid($user->getPassword(), $password, $user->getSalt())) { -+ if (true) { - return array( - 'data' => $user, - );