diff --git a/Dockerfile b/Dockerfile index 61de9750ac10a1d8663b18400e678c685d02fb63..776671d160704a7ab4557b92cd8f628e919a9ec3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,25 @@ FROM nextcloud:24.0.8-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG THEME_HELPER_JOB_ID="446245" -ARG NEWS_VERSION="19.0.0" -ARG QUOTA_WARN_VERSION="1.15.0" +ARG THEME_HELPER_JOB_ID="471836" ARG NOTES_VERSION="4.5.1" -ARG CONTACTS_JOB_ID="400045" -ARG CALENDAR_JOB_ID="435164" -ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" +ARG CONTACTS_JOB_ID="471108" +ARG CALENDAR_JOB_ID="471116" ARG EMAIL_RECOVERY_JOB_ID="445958" ARG RAINLOOP_VERSION="7.2.5" -ARG RAINLOOP_COMMIT_SHA="523518ba" -ARG EA_JOB_ID="445966" +ARG RAINLOOP_COMMIT_SHA="28a5d603" +ARG EA_JOB_ID="475893" ARG ECLOUD_LAUNCHER_JOB_ID="458901" ARG GOOGLE_INTEGRATION_VERSION="1.0.8" -RUN sed -i 's/24,0,8,2/24,0,8,4/' ${BASE_DIR}/version.php +RUN sed -i 's/24,0,8,2/24,0,8,6/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images # Install unzip for unzipping artifacts RUN apt-get update && apt-get install unzip -# Custom apps -RUN curl -fsSL -o news.tar.gz \ - "https://github.com/nextcloud/news/releases/download/${NEWS_VERSION}/news.tar.gz" && \ - tar -xf news.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm news.tar.gz; - -RUN curl -fsSL -o quota_warning.tar.gz \ - "https://github.com/nextcloud-releases/quota_warning/releases/download/v${QUOTA_WARN_VERSION}/quota_warning-v${QUOTA_WARN_VERSION}.tar.gz" && \ - tar -xf quota_warning.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm quota_warning.tar.gz; - RUN curl -fsSL -o notes.tar.gz \ "https://github.com/nextcloud/notes/releases/download/v${NOTES_VERSION}/notes.tar.gz" && \ tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \ @@ -46,18 +32,12 @@ RUN curl -fsSL -o contacts.zip \ mv dist/contacts ${BASE_DIR}/custom_apps/ && \ rm contacts.zip; -# custom Calendar 3.2.4 RUN curl -fsSL -o calendar.zip \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/calendar/-/jobs/${CALENDAR_JOB_ID}/artifacts/download" && \ unzip calendar.zip && \ mv dist/calendar ${BASE_DIR}/custom_apps/ && \ rm calendar.zip; -RUN curl -fsSL -o user_backend_sql_raw.tar.gz \ - "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \ - tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm user_backend_sql_raw.tar.gz; - RUN curl -fsSL -o email-recovery.zip \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/email-recovery/-/jobs/${EMAIL_RECOVERY_JOB_ID}/artifacts/download" && \ unzip email-recovery.zip && \ @@ -108,6 +88,7 @@ From nextcloud as selfhost ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="selfhost-22.0.0" +ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" # Patches COPY patches/ ${TMP_PATCH_DIR}/ @@ -136,6 +117,12 @@ RUN curl -fsSL -o eCloud-theme.tar.gz \ chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \ rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/ +# User Backend +RUN curl -fsSL -o user_backend_sql_raw.tar.gz \ + "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \ + tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \ + rm user_backend_sql_raw.tar.gz; + # Set default class of hidden to settings-hint RUN sed -i 's/settings-hint/settings-hint hidden/' ${BASE_DIR}/apps/settings/templates/settings/personal/security/twofactor.php # change notifications icon src @@ -152,7 +139,7 @@ ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="24.0.1" ARG LDAP_WRITE_SUPPORT_VERSION="1.6.0" -ARG OIDC_LOGIN_VERSION="2.4.0" +ARG OIDC_LOGIN_VERSION="provider-session-beta" # Patches COPY patches/ ${TMP_PATCH_DIR}/ @@ -160,9 +147,9 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003- RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch -RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch +RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ @@ -171,7 +158,8 @@ RUN curl -fsSL -o ldap_write_support.tar.gz \ rm ldap_write_support.tar.gz RUN curl -fsSL -o oidc_login.tar.gz \ - "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \ + "https://github.com/e-foundation/nextcloud-oidc-login/releases/download/${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \ + #"https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \ tar -xf oidc_login.tar.gz -C ${BASE_DIR}/custom_apps && \ rm oidc_login.tar.gz @@ -193,9 +181,6 @@ RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIV RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/calendar-main.js RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[a,"displayname"\]},//' js/calendar-main.js -# Set default widgets to calendar, tasks and notes -RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php - # Remove colored background from email template logo RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php diff --git a/custom_entrypoint.sh b/custom_entrypoint.sh index caaf8d8bb58db80c80105ace7147ab4b56448ac9..642a071f476f6ba70f377c133e98abb3ab85caa7 100644 --- a/custom_entrypoint.sh +++ b/custom_entrypoint.sh @@ -18,9 +18,7 @@ fi image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" if version_greater "$image_version" "$installed_version"; then - rsync $rsync_options --include "/news/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/notes/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ - rsync $rsync_options --include "/quota_warning/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ @@ -40,8 +38,10 @@ fi if [ "$(id -u)" = 0 ]; then su -p www-data -s /bin/sh -c "php $DST_DIR/occ config:system:set profile.enabled --value=false --type=boolean" + su -p www-data -s /bin/sh -c "php $DST_DIR/occ config:system:set oidc_refresh_tokens_enabled --value=true --type=boolean" else sh -c "php $DST_DIR/occ config:system:set profile.enabled --value=false --type=boolean" + sh -c "php $DST_DIR/occ config:system:set oidc_refresh_tokens_enabled --value=true --type=boolean" fi /entrypoint.sh "$@" diff --git a/patches/012-remove-user-status-widget.patch b/patches/012-remove-user-status-widget.patch deleted file mode 100644 index 40e0d3a57d87e4a6d13b4a2da1ce32aa70ea1ec0..0000000000000000000000000000000000000000 --- a/patches/012-remove-user-status-widget.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Akhil -Date: Fri, 17 Sep 2021 13:00 +0530 -Subject: [PATCH] Removes user status widget from Dashboard - -This patch removes user status widget from available widgets in dashboard - ---- DashboardController.php 2021-09-17 12:56:19.691685082 +0530 -+++ DashboardController-new.php 2021-09-17 12:59:18.906502554 +0530 -@@ -108,6 +108,9 @@ - 'url' => $widget->getUrl() - ]; - }, $this->dashboardManager->getWidgets()); -+ $widgets = array_filter($widgets, function($widget) { -+ return($widget['id'] !== "user_status"); -+ }); - $configStatuses = $this->config->getUserValue($this->userId, 'dashboard', 'statuses', ''); - $statuses = json_decode($configStatuses, true); - // We avoid getting an empty array as it will not produce an object in UI's JS diff --git a/patches/023-ldap-check-pwd-optimization.patch b/patches/023-ldap-check-pwd-optimization.patch new file mode 100644 index 0000000000000000000000000000000000000000..e03a811e20d12ce75cb340796332e64a46e474be --- /dev/null +++ b/patches/023-ldap-check-pwd-optimization.patch @@ -0,0 +1,73 @@ +From: Akhil +Date: Wed, 04 Jan 2023 16:24 +0530 +Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check + +--- ./apps/user_ldap/lib/User_LDAP.php 2023-01-04 16:20:02.747181606 +0530 ++++ ./apps/user_ldap/lib/User_LDAP-new.php 2023-01-04 16:22:34.282504132 +0530 +@@ -114,11 +114,12 @@ + * @return string|false + * @throws \Exception + */ +- public function loginName2UserName($loginName) { ++ public function loginName2UserName($loginName, bool $ignoreCacheIfFalseFound = false) { + $cacheKey = 'loginName2UserName-' . $loginName; + $username = $this->access->connection->getFromCache($cacheKey); + +- if ($username !== null) { ++ $forceLdapFetch = ($username === false && $ignoreCacheIfFalseFound); ++ if ($username !== null && !$forceLdapFetch) { + return $username; + } + +@@ -176,39 +177,27 @@ + * @return false|string + */ + public function checkPassword($uid, $password) { +- try { +- $ldapRecord = $this->getLDAPUserByLoginName($uid); +- } catch (NotOnLDAP $e) { +- $this->logger->debug( +- $e->getMessage(), +- ['app' => 'user_ldap', 'exception' => $e] +- ); ++ $username = $this->loginName2UserName($uid, true); ++ if(!$username) { + return false; + } +- $dn = $ldapRecord['dn'][0]; +- $user = $this->access->userManager->get($dn); + +- if (!$user instanceof User) { +- $this->logger->warning( +- 'LDAP Login: Could not get user object for DN ' . $dn . +- '. Maybe the LDAP entry has no set display name attribute?', +- ['app' => 'user_ldap'] +- ); +- return false; +- } +- if ($user->getUsername() !== false) { +- //are the credentials OK? +- if (!$this->access->areCredentialsValid($dn, $password)) { ++ $dn = $this->access->username2dn($username); ++ //are the credentials OK? ++ if ($dn && $this->access->areCredentialsValid($dn, $password)) { ++ $user = $this->access->userManager->get($username); ++ if (!$user instanceof User) { ++ $this->logger->warning( ++ 'LDAP Login: Could not get user object for DN ' . $dn . ++ '. Maybe the LDAP entry has no set display name attribute?', ++ ['app' => 'user_ldap'] ++ ); + return false; + } +- + $this->access->cacheUserExists($user->getUsername()); +- $user->processAttributes($ldapRecord); + $user->markLogin(); +- + return $user->getUsername(); + } +- + return false; + } +