Testing

README.md

@@ -14,7 +14,7 @@ Instant messaging server matrix network.
 
 Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
 
-**Shipped version:** 1.11.0
+**Shipped version:** 1.12.4
 
 ## Configuration
 
@@ -46,7 +46,7 @@ _matrix._tcp.example.com. 3600    IN      SRV     10 0 SYNAPSE_PORT synapse.exam
 ```
 You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
 
-For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
+For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
 
 If it is not automatically done, you need to open this in your ISP box.
 

check_process

@@ -13,7 +13,7 @@
         setup_public=1
         upgrade=1
         upgrade=1   from_commit=db374d2bff981d2660ebdac52ee77c684383c00d
-        upgrade=1   from_commit=0b8f2d4423bc48a1509dc0be4e231f02a0046eca
+        upgrade=1   from_commit=0571cc85334408a98f6766881b580a040fa6398a
         backup_restore=1
         multi_instance=1
         incorrect_path=0
@@ -24,5 +24,5 @@
 ;;; Upgrade options
 	; commit=db374d2bff981d2660ebdac52ee77c684383c00d
 		name=Fix postgresql helper from old_version_for_CI_2 branch
-    ; commit=0b8f2d4423bc48a1509dc0be4e231f02a0046eca
-        name=Migrate from self signed certificate to cert managed by Yunohost
+    ; commit=0571cc85334408a98f6766881b580a040fa6398a
+        name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch

conf/add_sso_conf.py

@@ -1,11 +1,28 @@
 import json
+import sys
+
+domain = sys.argv[1]
+server_name = sys.argv[2]
 
 with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
     data = json.load(jsonFile)
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/_matrix")
-    else:
-        data["skipped_urls"] = ["/_matrix"]
+
+    if "skipped_urls" not in data:
+        data["skipped_urls"] = []
+    if "protected_urls" not in data:
+        data["protected_urls"] = []
+
+    # Remove entry without the domain specified
+    if "/_matrix" in data["skipped_urls"]:
+        data["skipped_urls"].remove("/_matrix")
+
+    if domain + "/_matrix" not in data["skipped_urls"]:
+        data["skipped_urls"].append(domain + "/_matrix")
+    if server_name + "/.well-known/matrix/" not in data["skipped_urls"]:
+        data["skipped_urls"].append(server_name + "/.well-known/matrix/")
+
+    if domain +  "/_matrix/cas_server.php/login" not in data["protected_urls"]:
+        data["protected_urls"].append(domain + "/_matrix/cas_server.php/login")
 
 with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
+    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

conf/armv7_stretch.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.11.0/matrix-synapse_1.11.0-stretch-bin1_armv7l.tar.gz
-SOURCE_SUM=8a4f13bdbe429c94df3aab07d289a61f5f2e372d45cda21ea9d297f1cc224ece
+SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.12.4/matrix-synapse_1.12.4-stretch-bin1_armv7l.tar.gz
+SOURCE_SUM=2e36e8e280e9f72de575cc33e825a72d9229614ce2c7b91dc3e73fa455a8cf4d
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum

conf/homeserver.yaml

@@ -906,7 +906,7 @@ registration_shared_secret: "__REGISTRATION_SECRET__"
 # (By default, no suggestion is made, so it is left up to the client.
 # This setting is ignored unless public_baseurl is also set.)
 #
-#default_identity_server: https://matrix.org
+default_identity_server: https://vector.im
 
 # The list of identity servers trusted to verify third party
 # identifiers by this server.
@@ -949,8 +949,8 @@ registration_shared_secret: "__REGISTRATION_SECRET__"
 # If a delegate is specified, the config option public_baseurl must also be filled out.
 #
 account_threepid_delegates:
-    #email: https://example.com     # Delegate email sending to example.org
-    #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
+    email: https://vector.im     # Delegate email sending to vector.im # TODO use the Yunohost server to send email !!
+    msisdn: https://vector.im
 
 # Users who register on this homeserver will automatically be joined
 # to these rooms
@@ -1216,10 +1216,10 @@ saml2_config:
 
 # Enable CAS for registration and login.
 #
-#cas_config:
-#   enabled: true
-#   server_url: "https://cas-server.com"
-#   service_url: "https://homeserver.domain.com:8448"
+cas_config:
+  enabled: true
+  server_url: "https://__DOMAIN__/_matrix/cas_server.php"
+  service_url: "https://__DOMAIN__"
 #   #displayname_attribute: name
 #   #required_attributes:
 #   #    name: value
@@ -1342,16 +1342,17 @@ password_providers:
    - module: "ldap_auth_provider.LdapAuthProvider"
      config:
        enabled: true
+       mode: "search"
        uri: "ldap://localhost"
        start_tls: false
        base: "ou=users,dc=yunohost,dc=org"
        attributes:
           uid: "uid"
           mail: "mail"
           name: "givenName"
-#        #bind_dn:
+#        #bind_dn: # TODO Add authentication to have the filter working
 #        #bind_password:
-#        #filter: "(objectClass=posixAccount)"
+       filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
 
 
 

conf/nginx.conf

@@ -3,4 +3,15 @@ location __PATH__ {
         proxy_set_header X-Forwarded-For $remote_addr;
 
         client_max_body_size 100M;
+
+        # Use the specific path for the php file. It's more secure than global php path
+        location __PATH__/cas_server.php {
+            alias /var/www/__APP__/;
+            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+            fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
+            include fastcgi_params;
+            fastcgi_param REMOTE_USER $remote_user;
+            fastcgi_param PATH_INFO $fastcgi_path_info;
+            fastcgi_param SCRIPT_FILENAME cas_server.php;
+        }
 }