diff --git a/dockers/ldap/UIHooks/post-hook.sh b/dockers/ldap/UIHooks/post-hook.sh index dc89e1c..26819bb 100755 --- a/dockers/ldap/UIHooks/post-hook.sh +++ b/dockers/ldap/UIHooks/post-hook.sh @@ -1,13 +1,13 @@ #!/bin/bash EMAIL=$1 -NEWPASSWORD=$2 -OLDPASSWORD=$3 +NEWPASSWORD=$(base64 -d <<< $2) +OLDPASSWORD=$(base64 -d <<< $3) -URL_AGORA="https://${matterHost}.${domain}/api/v4" -mattermost_token=${MM_ADMIN_TOKEN} +URL_AGORA="https://${matterHost}.${domain}" +mattermost_token=${LDAPUI_MM_ADMIN_TOKEN} -IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') +IDUSER=$(curl -s -H "Authorization: Bearer ${mattermost_token}" "${URL_AGORA}/api/v4/users/email/${EMAIL}" | awk -F "," '{print $1}' | sed -e 's/{"id"://g' -e 's/"//g') if [ ${IDUSER} == 'app.user.missing_account.const' ] then exit 1 diff --git a/dockers/ldap/first.sh b/dockers/ldap/first.sh index 1609156..fa618df 100755 --- a/dockers/ldap/first.sh +++ b/dockers/ldap/first.sh @@ -43,7 +43,7 @@ updateVarInConf(){ # $2 val # $3 file # $4 : vide => la valeur sera encadré par des guillement, sinon c'est du php - if grep -q "\$$1" "$3" ; then + if grep -q "^\s*\$$1" "$3" ; then echo " update ${CYAN}${BOLD}$1${NC} => $2" # !!! les valeur ne doivent pas contenir le caractère '%' if [ -z "$4" ]; then @@ -81,7 +81,7 @@ updateVarInConf "mail_attributes" "array(\"mailDeSecours\", \"mail\")" "${CONFIG updateVarInConf "pwd_min_length" "10" "${CONFIG_IHM}" updateVarInConf "pwd_min_special" "2" "${CONFIG_IHM}" updateVarInConf "pwd_show_policy" "always" "${CONFIG_IHM}" -updateVarInConf "posthook" "/var/www/kaz/post_hook.sh" "${CONFIG_IHM}" +updateVarInConf "posthook" "/var/www/kaz/post-hook.sh" "${CONFIG_IHM}" updateVarInConf "posthook_password_encodebase64" "true" "${CONFIG_IHM}" diff --git a/secret.tmpl/SetAllPass.sh b/secret.tmpl/SetAllPass.sh index f689a5a..51114ac 100755 --- a/secret.tmpl/SetAllPass.sh +++ b/secret.tmpl/SetAllPass.sh @@ -46,6 +46,36 @@ gandi_GANDI_KEY="xxx" gandi_GANDI_API="https://api.gandi.net/v5/livedns/domains/${domain}" gandi_dns_gandi_api_key="${gandi_GANDI_KEY}" +#################### +# mattermost +mattermost_MYSQL_ROOT_PASSWORD="--clean_val--" +mattermost_MYSQL_DATABASE="--clean_val--" +mattermost_MYSQL_USER="--clean_val--" +mattermost_MYSQL_PASSWORD="--clean_val--" + +# Share with mattermostDB +mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}" +mattermost_MM_USERNAME="${mattermost_MYSQL_USER}" +mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}" + +mattermost_DB_PORT_NUMBER="3306" +mattermost_DB_HOST="db" +mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql" +mattermost_MM_ADMIN_EMAIL="agora@kaz.bzh" +mattermost_MM_ADMIN_USER="admin" +mattermost_MM_ADMIN_PASSWORD="_--clean_val---" + +# mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" +# Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values. +mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" +# sinon avec postgres +# mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10" + +# pour envoyer des messages sur l'agora avec mmctl +mattermost_user="--clean_val--" +mattermost_pass="~--clean_val--_" +mattermost_token="xxx-private" + ################## # Openldap ldap_LDAP_ADMIN_USERNAME="--clean_val--" @@ -66,7 +96,7 @@ ldap_LDAPUI_ADMIN_BIND_DN=cn=ldapui,ou=applications,${ldap_root} ldap_LDAPUI_ADMIN_BIND_PWD=${ldap_LDAP_LDAPUI_PASSWORD} ldap_LDAPUI_IGNORE_CERT_ERRORS=TRUE ldap_LDAPUI_PASSWORD="--clean_val--" -ldap_LDAPUI_MM_ADMIN_TOKEN="xxx-private" +ldap_LDAPUI_MM_ADMIN_TOKEN=${mattermost_token} ################### # gitea @@ -85,34 +115,6 @@ gitea_admin_email="root@kaz.bzh" jirafeau_HTTPD_PASSWORD="--clean_val--" jirafeau_DATA_DIR="--clean_val--" -#################### -# mattermost -mattermost_MYSQL_ROOT_PASSWORD="--clean_val--" -mattermost_MYSQL_DATABASE="--clean_val--" -mattermost_MYSQL_USER="--clean_val--" -mattermost_MYSQL_PASSWORD="--clean_val--" - -# Share with mattermostDB -mattermost_MM_DBNAME="${mattermost_MYSQL_DATABASE}" -mattermost_MM_USERNAME="${mattermost_MYSQL_USER}" -mattermost_MM_PASSWORD="${mattermost_MYSQL_PASSWORD}" - -mattermost_DB_PORT_NUMBER="3306" -mattermost_DB_HOST="db" -mattermost_MM_SQLSETTINGS_DRIVERNAME="mysql" -mattermost_MM_ADMIN_EMAIL="agora@kaz.bzh" -mattermost_MM_ADMIN_USER="admin" -mattermost_MM_ADMIN_PASSWORD="_--clean_val---" - -# mattermost_MM_SQLSETTINGS_DATASOURCE = "MM_USERNAME:MM_PASSWORD@tcp(DB_HOST:DB_PORT_NUMBER)/MM_DBNAME?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" -# Don't forget to replace all entries (beginning by MM_ and DB_) in MM_SQLSETTINGS_DATASOURCE with the real variables values. -mattermost_MM_SQLSETTINGS_DATASOURCE="${mattermost_MYSQL_USER}:${mattermost_MYSQL_PASSWORD}@tcp(${mattermost_DB_HOST}:${mattermost_DB_PORT_NUMBER})/${mattermost_MM_DBNAME}?charset=utf8mb4,utf8&readTimeout=30s&writeTimeout=30s" -# sinon avec postgres -# mattermost_MM_SQLSETTINGS_DATASOURCE = "postgres://${MM_USERNAME}:${MM_PASSWORD}@db:5432/${MM_DBNAME}?sslmode=disable&connect_timeout=10" - -# pour envoyer des messages sur l'agora avec mmctl -mattermost_user="--clean_val--" -mattermost_pass="~--clean_val--_" #################### # nexcloud