From ba24575375859f78d54d8212a5a3dbfef9f04c68 Mon Sep 17 00:00:00 2001 From: Akhil Date: Wed, 2 Aug 2023 01:22:36 +0530 Subject: [PATCH 1/7] Add listeners to update snappymail pwd --- lib/AppInfo/Application.php | 6 +++ lib/Listeners/AccessTokenUpdatedListener.php | 47 ++++++++++++++++++++ lib/Listeners/PostLoginEventListener.php | 46 +++++++++++++++++++ 3 files changed, 99 insertions(+) create mode 100644 lib/Listeners/AccessTokenUpdatedListener.php create mode 100644 lib/Listeners/PostLoginEventListener.php diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 47cc7b6b..4a839d97 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -40,6 +40,10 @@ use OCA\EcloudAccounts\Listeners\BeforeTemplateRenderedListener; use OCA\EcloudAccounts\Listeners\TwoFactorStateChangedListener; use OCA\TwoFactorTOTP\Event\StateChanged; use OCP\IUserManager; +use OCA\OIDCLogin\Events\AccessTokenUpdatedEvent; +use OCA\EcloudAccounts\Listeners\AccessTokenUpdatedListener; +use OCP\User\Events\PostLoginEvent; +use OCA\EcloudAccounts\Listeners\PostLoginEventListener; class Application extends App implements IBootstrap { public const APP_ID = 'ecloud-accounts'; @@ -53,6 +57,8 @@ class Application extends App implements IBootstrap { $context->registerEventListener(UserChangedEvent::class, UserChangedListener::class); $context->registerEventListener(StateChanged::class, TwoFactorStateChangedListener::class); // $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class); + $context->registerEventListener(AccessTokenUpdatedEvent::class, AccessTokenUpdatedListener::class); + $context->registerEventListener(PostLoginEvent::class, PostLoginEventListener::class, 10); } public function boot(IBootContext $context): void { diff --git a/lib/Listeners/AccessTokenUpdatedListener.php b/lib/Listeners/AccessTokenUpdatedListener.php new file mode 100644 index 00000000..57f911a9 --- /dev/null +++ b/lib/Listeners/AccessTokenUpdatedListener.php @@ -0,0 +1,47 @@ +userSession = $userSession; + $this->session = $session; + $this->appManager = $appManager; + } + + public function handle(Event $event): void { + if (!($event instanceof AccessTokenUpdatedEvent) || !$this->userSession->isLoggedIn() || !$this->session->exists('is_oidc')) { + return; + } + + // just-in-case checks(also maybe useful for selfhosters) + if (!$this->appManager->isEnabledForUser(self::SNAPPYMAIL_APP_ID) || !$this->appManager->isEnabledForUser(self::OIDC_LOGIN_APP_ID)) { + return; + } + + $accessToken = $event->getAccessToken(); + $username = $this->userSession->getUser()->getUID(); + + $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); + } + +} diff --git a/lib/Listeners/PostLoginEventListener.php b/lib/Listeners/PostLoginEventListener.php new file mode 100644 index 00000000..f84622f8 --- /dev/null +++ b/lib/Listeners/PostLoginEventListener.php @@ -0,0 +1,46 @@ +session = $session; + $this->appManager = $appManager; + } + + public function handle(Event $event): void { + if (!($event instanceof PostLoginEvent) || !$this->session->exists('is_oidc')) { + return; + } + + // just-in-case checks(also maybe useful for selfhosters) + if (!$this->appManager->isEnabledForUser(self::SNAPPYMAIL_APP_ID) || !$this->appManager->isEnabledForUser(self::OIDC_LOGIN_APP_ID)) { + return; + } + + $accessToken = $this->session->get(self::ACCESS_TOKEN_KEY); + $username = $event->getUser()->getUID(); + + $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); + + } + +} -- GitLab From 9699b09b276cff49f8f072010f5158175bc34d41 Mon Sep 17 00:00:00 2001 From: Akhil Date: Thu, 3 Aug 2023 00:00:06 +0530 Subject: [PATCH 2/7] lint fix --- lib/Listeners/AccessTokenUpdatedListener.php | 4 +--- lib/Listeners/PostLoginEventListener.php | 5 +---- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/Listeners/AccessTokenUpdatedListener.php b/lib/Listeners/AccessTokenUpdatedListener.php index 57f911a9..4097dac1 100644 --- a/lib/Listeners/AccessTokenUpdatedListener.php +++ b/lib/Listeners/AccessTokenUpdatedListener.php @@ -12,7 +12,6 @@ use OCA\OIDCLogin\Events\AccessTokenUpdatedEvent; use OCA\SnappyMail\Util\SnappyMailHelper; use OCP\EventDispatcher\IEventListener; - class AccessTokenUpdatedListener implements IEventListener { private IUserSession $userSession; private ISession $session; @@ -22,7 +21,7 @@ class AccessTokenUpdatedListener implements IEventListener { private const OIDC_LOGIN_APP_ID = 'oidc_login'; - public function __construct( IUserSession $userSession, ISession $session,IAppManager $appManager) { + public function __construct(IUserSession $userSession, ISession $session, IAppManager $appManager) { $this->userSession = $userSession; $this->session = $session; $this->appManager = $appManager; @@ -43,5 +42,4 @@ class AccessTokenUpdatedListener implements IEventListener { $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); } - } diff --git a/lib/Listeners/PostLoginEventListener.php b/lib/Listeners/PostLoginEventListener.php index f84622f8..c183409d 100644 --- a/lib/Listeners/PostLoginEventListener.php +++ b/lib/Listeners/PostLoginEventListener.php @@ -11,7 +11,6 @@ use OCP\User\Events\PostLoginEvent; use OCA\SnappyMail\Util\SnappyMailHelper; use OCP\EventDispatcher\IEventListener; - class PostLoginEventListener implements IEventListener { private ISession $session; private IAppManager $appManager; @@ -21,7 +20,7 @@ class PostLoginEventListener implements IEventListener { private const ACCESS_TOKEN_KEY = 'oidc_access_token'; - public function __construct(ISession $session,IAppManager $appManager) { + public function __construct(ISession $session, IAppManager $appManager) { $this->session = $session; $this->appManager = $appManager; } @@ -40,7 +39,5 @@ class PostLoginEventListener implements IEventListener { $username = $event->getUser()->getUID(); $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); - } - } -- GitLab From a76c7650ab28f17ec5dfe7e0c87aa389cbcc6f99 Mon Sep 17 00:00:00 2001 From: Akhil Date: Thu, 3 Aug 2023 00:03:40 +0530 Subject: [PATCH 3/7] Remove beforetemplaterenderedlistener --- lib/AppInfo/Application.php | 3 - .../BeforeTemplateRenderedListener.php | 77 ------------------- 2 files changed, 80 deletions(-) delete mode 100644 lib/Listeners/BeforeTemplateRenderedListener.php diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 4a839d97..acf72746 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -35,8 +35,6 @@ use OCA\EcloudAccounts\Service\LDAPConnectionService; use OCP\User\Events\BeforeUserDeletedEvent; use OCP\User\Events\UserChangedEvent; use OCA\EcloudAccounts\Listeners\UserChangedListener; -use OCP\AppFramework\Http\Events\BeforeTemplateRenderedEvent; -use OCA\EcloudAccounts\Listeners\BeforeTemplateRenderedListener; use OCA\EcloudAccounts\Listeners\TwoFactorStateChangedListener; use OCA\TwoFactorTOTP\Event\StateChanged; use OCP\IUserManager; @@ -56,7 +54,6 @@ class Application extends App implements IBootstrap { $context->registerEventListener(BeforeUserDeletedEvent::class, BeforeUserDeletedListener::class); $context->registerEventListener(UserChangedEvent::class, UserChangedListener::class); $context->registerEventListener(StateChanged::class, TwoFactorStateChangedListener::class); - // $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class); $context->registerEventListener(AccessTokenUpdatedEvent::class, AccessTokenUpdatedListener::class); $context->registerEventListener(PostLoginEvent::class, PostLoginEventListener::class, 10); } diff --git a/lib/Listeners/BeforeTemplateRenderedListener.php b/lib/Listeners/BeforeTemplateRenderedListener.php deleted file mode 100644 index 9c6369c3..00000000 --- a/lib/Listeners/BeforeTemplateRenderedListener.php +++ /dev/null @@ -1,77 +0,0 @@ -appName = $appName; - $this->userSession = $userSession; - $this->request = $request; - $this->session = $session; - $this->config = $config; - $this->appManager = $appManager; - } - - public function handle(Event $event): void { - if (!($event instanceof BeforeTemplateRenderedEvent)) { - return; - } - if ($this->userSession->isLoggedIn() && $this->appManager->isEnabledForUser(self::SNAPPYMAIL_APP_ID) && strpos($this->request->getPathInfo(), self::SNAPPYMAIL_URL) !== false) { - $this->autoLoginWebmail(); - } - } - - - private function autoLoginWebmail() { - $isOidcLogin = $this->session->get('is_oidc'); - if (!$isOidcLogin) { - return; - } - $accountId = $this->getAccountId(); - $actions = \RainLoop\Api::Actions(); - - if (empty($accountId) || $actions->getMainAccountFromToken(false)) { - return; - } - - // Just send over '1' as password to trigger login as the plugin will set the correct access token - $password = self::SNAPPYMAIL_AUTOLOGIN_PWD; // As we cannot pass by reference to LoginProcess - $account = $actions->LoginProcess($accountId, $password, false); - if ($account) { - $actions->Plugins()->RunHook('login.success', array($account)); - $actions->SetAuthToken($account); - } - } - - private function getAccountId() : string { - $username = $this->userSession->getUser()->getUID(); - if ($this->config->getAppValue('snappymail', 'snappymail-autologin', false)) { - return $username; - } - if ($this->config->getAppValue('snappymail', 'snappymail-autologin-with-email', false)) { - return $this->config->getUserValue($username, 'settings', 'email', ''); - } - } -} -- GitLab From 234689e78162a133c591582d33de0ccd78cc850a Mon Sep 17 00:00:00 2001 From: Akhil Date: Wed, 16 Aug 2023 20:50:53 +0530 Subject: [PATCH 4/7] check if token exists in session in listener --- lib/Listeners/AccessTokenUpdatedListener.php | 4 ++++ lib/Listeners/PostLoginEventListener.php | 7 +++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lib/Listeners/AccessTokenUpdatedListener.php b/lib/Listeners/AccessTokenUpdatedListener.php index 4097dac1..52e87c52 100644 --- a/lib/Listeners/AccessTokenUpdatedListener.php +++ b/lib/Listeners/AccessTokenUpdatedListener.php @@ -38,6 +38,10 @@ class AccessTokenUpdatedListener implements IEventListener { } $accessToken = $event->getAccessToken(); + if (!$accessToken) { + return; + } + $username = $this->userSession->getUser()->getUID(); $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); diff --git a/lib/Listeners/PostLoginEventListener.php b/lib/Listeners/PostLoginEventListener.php index c183409d..1a5ffcfc 100644 --- a/lib/Listeners/PostLoginEventListener.php +++ b/lib/Listeners/PostLoginEventListener.php @@ -35,9 +35,12 @@ class PostLoginEventListener implements IEventListener { return; } - $accessToken = $this->session->get(self::ACCESS_TOKEN_KEY); - $username = $event->getUser()->getUID(); + $accessToken = (string) $this->session->get(self::ACCESS_TOKEN_KEY); + if (!$accessToken) { + return; + } + $username = $event->getUser()->getUID(); $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); } } -- GitLab From 70de982db2d7321fcd725cc3bd8c41f2317af471 Mon Sep 17 00:00:00 2001 From: Akhil Date: Wed, 16 Aug 2023 21:10:12 +0530 Subject: [PATCH 5/7] Remove redundant post login event --- lib/AppInfo/Application.php | 1 - lib/Listeners/PostLoginEventListener.php | 46 ------------------------ 2 files changed, 47 deletions(-) delete mode 100644 lib/Listeners/PostLoginEventListener.php diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index acf72746..f8e8765a 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -55,7 +55,6 @@ class Application extends App implements IBootstrap { $context->registerEventListener(UserChangedEvent::class, UserChangedListener::class); $context->registerEventListener(StateChanged::class, TwoFactorStateChangedListener::class); $context->registerEventListener(AccessTokenUpdatedEvent::class, AccessTokenUpdatedListener::class); - $context->registerEventListener(PostLoginEvent::class, PostLoginEventListener::class, 10); } public function boot(IBootContext $context): void { diff --git a/lib/Listeners/PostLoginEventListener.php b/lib/Listeners/PostLoginEventListener.php deleted file mode 100644 index 1a5ffcfc..00000000 --- a/lib/Listeners/PostLoginEventListener.php +++ /dev/null @@ -1,46 +0,0 @@ -session = $session; - $this->appManager = $appManager; - } - - public function handle(Event $event): void { - if (!($event instanceof PostLoginEvent) || !$this->session->exists('is_oidc')) { - return; - } - - // just-in-case checks(also maybe useful for selfhosters) - if (!$this->appManager->isEnabledForUser(self::SNAPPYMAIL_APP_ID) || !$this->appManager->isEnabledForUser(self::OIDC_LOGIN_APP_ID)) { - return; - } - - $accessToken = (string) $this->session->get(self::ACCESS_TOKEN_KEY); - if (!$accessToken) { - return; - } - - $username = $event->getUser()->getUID(); - $this->session->set('snappymail-password', SnappyMailHelper::encodePassword($accessToken, $username)); - } -} -- GitLab From 5b7029265472f458710719747185fe35f0dbe59d Mon Sep 17 00:00:00 2001 From: Akhil Date: Wed, 16 Aug 2023 21:13:21 +0530 Subject: [PATCH 6/7] Lint --- lib/AppInfo/Application.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index f8e8765a..5b1d6dff 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -40,8 +40,6 @@ use OCA\TwoFactorTOTP\Event\StateChanged; use OCP\IUserManager; use OCA\OIDCLogin\Events\AccessTokenUpdatedEvent; use OCA\EcloudAccounts\Listeners\AccessTokenUpdatedListener; -use OCP\User\Events\PostLoginEvent; -use OCA\EcloudAccounts\Listeners\PostLoginEventListener; class Application extends App implements IBootstrap { public const APP_ID = 'ecloud-accounts'; -- GitLab From 54d6b51f5aa08e7265b0f09f165eb3fbf96da1f3 Mon Sep 17 00:00:00 2001 From: Akhil Date: Wed, 16 Aug 2023 21:19:46 +0530 Subject: [PATCH 7/7] Allow push to staging temporarily --- .gitlab-ci.yml | 99 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 91 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6119917f..ba1be46b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,9 +1,92 @@ +#include: +# - project: "e/infra/ecloud/nextcloud-apps/ci-templates" +# ref: main +# file: "nc-apps-lint-build-frontend.yml" +# - project: "e/infra/ecloud/nextcloud-apps/ci-templates" +# ref: main +# file: "nc-apps-deploy.yml" + variables: - TO_PACKAGE: 'appinfo l10n lib templates js img' -include: - - project: "e/infra/ecloud/nextcloud-apps/ci-templates" - ref: main - file: "nc-apps-lint-build-frontend.yml" - - project: "e/infra/ecloud/nextcloud-apps/ci-templates" - ref: main - file: "nc-apps-deploy.yml" + APP_NAME: $CI_PROJECT_NAME + TO_PACKAGE: 'appinfo js css l10n lib img templates' + CONTAINER_IMAGE: ubuntu + CONTAINER_TAG: focal + CONTAINER_NAME: nextcloud + APP_ENABLE_ARGS: '' + +.frontend:base: + image: node:15.14.0-stretch + before_script: + - npm set cache .npm + - npm install --prefer-offline --no-audit + cache: + key: ${CI_COMMIT_REF_SLUG} + paths: + - .npm/ + - node_modules/ + +install-node-deps: + extends: .frontend:base + stage: .pre + before_script: + - node --version + - npm --version + script: + - npm ci --cache .npm --prefer-offline + only: + changes: + - package*.json + +build-frontend: + extends: .frontend:base + stage: build + script: + - npm run build + - mkdir -p dist/${APP_NAME} + - rm -f dist/js/*.map + - echo "packaging ${TO_PACKAGE}" && cp -a ${TO_PACKAGE} dist/${APP_NAME} && rm -rf dist/js + - find dist/${APP_NAME} -type d -exec chmod 755 {} \; + - find dist/${APP_NAME} -type f -exec chmod 644 {} \; + artifacts: + paths: + - dist/ + +.deploy:nextcloud-app: + stage: deploy + # assuming all deployment will happen with sames image + image: $CONTAINER_IMAGE:$CONTAINER_TAG + # assuming we will need to add SSH for all deployment + before_script: + - echo "FAIL" > .job_status + - mkdir $HOME/.ssh + - chmod 700 ~/.ssh + - echo "$SSH_PRIVATE_KEY_ED" > $HOME/.ssh/id_ed25519 + - echo "$SSH_PUBKEY_ED" > $HOME/.ssh/id_ed25519.pub + - echo "$SSH_KNOWN_HOSTS" > $HOME/.ssh/known_hosts + - chmod 600 ~/.ssh/id_ed25519 + - chmod 644 ~/.ssh/known_hosts ~/.ssh/id_ed25519.pub + - apt-get update && apt-get install -y openssh-client rsync + script: + - echo "Deploying ${APP_NAME} to $CI_ENVIRONMENT_NAME ($DEPLOYMENT_HOST)" + - rsync -avzh dist/ $SSH_USER@$DEPLOYMENT_HOST:/tmp/${CI_JOB_ID} + - ssh $SSH_USER@$DEPLOYMENT_HOST "sudo docker exec -u www-data $CONTAINER_NAME /usr/local/bin/php /var/www/html/occ app:disable ${APP_NAME} && + sudo rsync -avzh --chown www-data:www-data --delete /tmp/${CI_JOB_ID}/${APP_NAME} ${DEPLOYMENT_PATH}/html/custom_apps/ && + sudo docker exec -u www-data $CONTAINER_NAME /usr/local/bin/php /var/www/html/occ app:enable ${APP_ENABLE_ARGS} ${APP_NAME}" + - echo "SUCCESS" > .job_status + after_script: + # reading job status, checking it and implementing additional steps + # are not handled here as rm -rf /tmp/${CI_JOB_ID} will always execute + - ssh $SSH_USER@$DEPLOYMENT_HOST "rm -rf /tmp/${CI_JOB_ID}" + +deploy:staging: + extends: .deploy:nextcloud-app + when: manual + only: + - main + - murena-main + - production + - tags + - dev/post-login-for-oidc + environment: + name: staging/01 + url: https://eeo.one -- GitLab