Version 1.15.3-1

CHANGELOG.md

@@ -252,246 +252,3 @@
 [1.15.3]
 * Update FreshRSS extensions repo to f66efcf5f
 
-[1.16.0]
-* Update FreshRSS to 1.21.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.21.0)
-* New XML+XPath mode for fetching XML documents when there is no RSS/ATOM feed #5076
-* Better support of feed enclosures (image / audio / video attachments) #4944
-* User-defined time-zone #4906
-* New CLI script cli/sensitive-log.sh to help e.g. Apache clear logs for sensitive information such as credentials #5001
-* Mark some themes as tentatively deprecated: BlueLagoon, Flat, Screwdriver #4807
-* Many UI improvements
-
-[1.17.0]
-* Update base image to 4.2.0
-
-[1.18.0]
-* Update FreshRSS to 1.22.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.22.0)
-* Rework trusted proxies
-* Improve scaling with many feeds and long processes, reduce database locks
-* Fix many bugs and regressions
-* Improve themes Origine (also with automatic dark mode), Nord, etc.
-* Several UI / UX improvements
-* New languages Hungarian, Latvian, Persian
-
-[1.19.0]
-* Implement OIDC login
-
-[1.19.1]
-* Update FreshRSS to 1.22.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.22.1)
-* Fix regression in extensions translations (i18n)
-* Better identification of proxied client IP
-
-[1.20.0]
-* Update FreshRSS to 1.23.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.23.0)
-* New Important feeds group in the main view, with corresponding new priority level for feeds #5782
-* Entries from important feeds are not marked as read during scroll, during focus, nor during Mark all as read
-* Add filter actions (auto mark as read) at category level and at global levels #5942
-* Increase SQL fields length to maximum possible #5788, #5570
-* Many bug fixes
-* Soft require Apache 2.4+ (but repair minimal compatibility with Apache 2.2)
-* Upgraded extensions require FreshRSS 1.23.0+ Extensions#181
-
-[1.20.1]
-* Update FreshRSS to 1.23.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.23.0)
-* Fix crash regression with the option Max number of tags shown #5978
-* Fix crash regression when enabling extensions defined by old FreshRSS installations #5979
-* Fix crash regression during export when using MySQL #5988
-* More robust assignment of categories to feeds #5986
-
-[1.21.0]
-* Update FreshRSS to 1.24.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.24.0)
-* New shareable user query mechanism to share lists of articles by HTML, RSS, OPML
-* New CLI for database backup & restore
-* New JSON scraping mode to consume JSON data and JSON Feeds
-* New support for HTTP POST
-* New option to automatically add labels to incoming articles
-* New button to download a feed configuration as OPML
-
-[1.21.1]
-* Update FreshRSS to 1.24.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.24.1)
-* New button to export OMPL of a category
-* Many bug fixes
-
-[1.21.2]
-* Update FreshRSS to 1.24.2
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.24.2)
-* New global option to automatically add articles to favourites
-* New option to share articles from the article title line
-* Add core extensions, shipped by default: UserCSS and UserJS
-* Security: Force log out of users when they are disabled
-* Last version supporting PHP 7.4 and initial support for PHP 8.4+
-* Many bug and regression fixes
-
-[1.21.3]
-* Update FreshRSS to 1.24.3
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.24.3)
-* Fix mark-as-read from user query #6738
-* Fix regression for shortcut to move between categories #6741
-* Fix feed title option #6771
-* Fix XPath for HTML documents with broken root (used by CSS selectors to fetch full content) #6774
-* Fix UI regression in Mapco/Ansum themes #6740
-* Fix minor style bug with some themes #6746
-* Fix export of OPML information for date format of JSON and HTML+XPath feeds #6779
-* OpenID Connect better definition of session parameters #6730
-
-[1.22.0]
-* checklist added to CloudronManifest
-
-[1.23.0]
-* Update FreshRSS to 1.25.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.25.0)
-* Features
-* Bug fixing
-* API
-* Compatibility
-* Deployment
-* SimplePie
-* Security
-* UI
-* Extensions
-* I18n
-* Misc.
-
-[1.24.0]
-* Update FreshRSS to 1.26.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.0)
-* Add order-by options to sort articles by received date (existing, default), publication date, title, link, random
-* Allow searching in all feeds, also feeds only visible at category level with &get=A, and also those archived with &get=Z
-* UI accessible from user-query view
-* New shortcuts for adding user labels to articles
-* Several improvements and bug fixes
-
-[1.24.1]
-* Update FreshRSS to 1.26.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.1)
-* Fix back-compatibility with cURL 7.51 (we require cURL 7.52+ for `CURLPROXY_HTTPS`)
-* Add cURL version to page about system information
-* Fix regression with cURL HTTP headers breaking conditional HTTP requests
-* Fix regression with saving states of user queries
-* Fix regression with dynamic OPML
-* Fix update of the users last activity on login action
-* Fix setting category option *Maximum number of articles to keep per feed*
-* Fix priority field when processing a new feed from an extension
-* Use case-insensitive sort for categories
-* Improve dark mode of *Origine* theme
-
-[1.25.0]
-* Update base image to 5.0.0
-
-[1.25.1]
-* Update FreshRSS to 1.26.2
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.2)
-* Implement JSON string concatenation with & operator [#7414](https://github.com/FreshRSS/FreshRSS/pull/7414)
-* Support multiple JSON fragments in HTML+XPath+JSON mode [#7369](https://github.com/FreshRSS/FreshRSS/pull/7369)
-* Fix escaping of tag search [#7468](https://github.com/FreshRSS/FreshRSS/pull/7468)
-* Fix CLI parsing of Boolean flags [#7430](https://github.com/FreshRSS/FreshRSS/pull/7430)
-* Fix API for labels with slash [#7437](https://github.com/FreshRSS/FreshRSS/pull/7437)
-* Fix support for feeds with XML preamble + DTD [#7515](https://github.com/FreshRSS/FreshRSS/pull/7515), [simplepie#914](https://github.com/simplepie/simplepie/pull/914)
-* Disallow `<iframe srcdoc="">` [#7494](https://github.com/FreshRSS/FreshRSS/pull/7494), [CVE-2025-32015](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-wgrq-mcwc-8f8v)
-* Disallow `<button formaction="">` [#7506](https://github.com/FreshRSS/FreshRSS/pull/7506)
-* Improve favicons hash to avoid favicon pollution [#7505](https://github.com/FreshRSS/FreshRSS/pull/7505), [CVE-2025-46339](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-8f79-3q3w-43c4)
-* Add `Content-Security-Policy` HTTP headers to favicons [#7471](https://github.com/FreshRSS/FreshRSS/pull/7471), [CVE-2025-31136](https://github.com/FreshRSS/FreshRSS/security/advisories/GHSA-f6r4-jrvc-cfmr)
-
-[1.25.2]
-* Update FreshRSS to 1.26.3
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.26.3)
-* Keep sort and order criteria during navigation [#&#8203;7585](https://github.com/FreshRSS/FreshRSS/pull/7585)
-* Add info about `PDO::ATTR_CLIENT_VERSION` (relevant for MySQL / MariaDB with obsolete driver) [#&#8203;7591](https://github.com/FreshRSS/FreshRSS/pull/7591)
-* Fix SQL request for user labels with custom sort (affecting PostgreSQL) [#&#8203;7588](https://github.com/FreshRSS/FreshRSS/pull/7588)
-* Fix regression for favicon in GReader and Fever APIs [#&#8203;7573](https://github.com/FreshRSS/FreshRSS/pull/7573)
-* Fix newest articles (within last second) not shown [#&#8203;7577](https://github.com/FreshRSS/FreshRSS/pull/7577)
-* Fix duplicate HTTP header for POST [#&#8203;7556](https://github.com/FreshRSS/FreshRSS/pull/7556)
-* Fix important articles on reader view [#&#8203;7602](https://github.com/FreshRSS/FreshRSS/pull/7602)
-* Fix remove last share method [#&#8203;7613](https://github.com/FreshRSS/FreshRSS/pull/7613)
-* Fix API handling of default category [#&#8203;7610](https://github.com/FreshRSS/FreshRSS/pull/7610)
-* Fix user self-deletion [#&#8203;7626](https://github.com/FreshRSS/FreshRSS/pull/7626)
-
-[1.26.0]
-* Update FreshRSS to 1.27.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.0)
-* Implement support for HTTP `429 Too Many Requests` and `503 Service Unavailable`, obey `Retry-After` [#&#8203;7760](https://github.com/FreshRSS/FreshRSS/pull/7760)  
-* Add sort by category title, or by feed title [#&#8203;7702](https://github.com/FreshRSS/FreshRSS/pull/7702)  
-* Add search operator `c:` for categories like `c:23,34` or `!c:45,56` [#&#8203;7696](https://github.com/FreshRSS/FreshRSS/pull/7696)  
-* Custom feed favicons [#&#8203;7646](https://github.com/FreshRSS/FreshRSS/pull/7646), [#&#8203;7704](https://github.com/FreshRSS/FreshRSS/pull/7704), [#&#8203;7717](https://github.com/FreshRSS/FreshRSS/pull/7717), [#&#8203;7792](https://github.com/FreshRSS/FreshRSS/pull/7792)  
-* Rework fetch favicons for fewer HTTP requests [#&#8203;7767](https://github.com/FreshRSS/FreshRSS/pull/7767)  
-* Add more unicity criteria based on title and/or content [#&#8203;7789](https://github.com/FreshRSS/FreshRSS/pull/7789)  
-* Automatically restore user configuration from backup [#&#8203;7682](https://github.com/FreshRSS/FreshRSS/pull/7682)  
-* API add support for states in `s` parameter of `streamId` [#&#8203;7695](https://github.com/FreshRSS/FreshRSS/pull/7695)  
-* Improve sharing via Print [#&#8203;7728](https://github.com/FreshRSS/FreshRSS/pull/7728)  
-* Redirect to the login page from bookmarklet instead of 403 [#&#8203;7782](https://github.com/FreshRSS/FreshRSS/pull/7782)
-
-[1.26.1]
-* Update FreshRSS to 1.27.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.27.1)
-* Automatic database recovery: skip broken entries during CLI export/import [#&#8203;7949](https://github.com/FreshRSS/FreshRSS/pull/7949)  
-* Add security option for CSP `frame-ancestors` [#&#8203;7857](https://github.com/FreshRSS/FreshRSS/pull/7857), [#&#8203;8021](https://github.com/FreshRSS/FreshRSS/pull/8021)  
-* Lazy-load `<track src>` [#&#8203;7997](https://github.com/FreshRSS/FreshRSS/pull/7997)  
-* Regenerate session ID on login [#&#8203;7829](https://github.com/FreshRSS/FreshRSS/pull/7829)  
-* Disallow setting non-existent language [#&#8203;7878](https://github.com/FreshRSS/FreshRSS/pull/7878), [#&#8203;7934](https://github.com/FreshRSS/FreshRSS/pull/7934)  
-* Safer calling of `install.php` [#&#8203;7971](https://github.com/FreshRSS/FreshRSS/pull/7971)  
-* Prevent log CR/LF injection [#&#8203;7883](https://github.com/FreshRSS/FreshRSS/pull/7883)  
-* Restrict allowed cURL parameters [#&#8203;7979](https://github.com/FreshRSS/FreshRSS/pull/7979), [#&#8203;8009](https://github.com/FreshRSS/FreshRSS/pull/8009)  
-* Fix reauthentication while updating [#&#8203;7989](https://github.com/FreshRSS/FreshRSS/pull/7989)  
-* Fix some CSRFs [#&#8203;8000](https://github.com/FreshRSS/FreshRSS/pull/8000)
-
-[1.27.0]
-* Update FreshRSS to 1.28.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.28.0)
-* Move unsafe autologin to an extension [#7958](https://github.com/FreshRSS/FreshRSS/pull/7958)
-* Housekeeping of `lib_rss.php` with potential breaking changes for some extensions [#8193](https://github.com/FreshRSS/FreshRSS/pull/8193)
-* New sorting and filtering by date of *User modified* [#7886](https://github.com/FreshRSS/FreshRSS/pull/7886), [#8090](https://github.com/FreshRSS/FreshRSS/pull/8090), [#8105](https://github.com/FreshRSS/FreshRSS/pull/8105), [#8118](https://github.com/FreshRSS/FreshRSS/pull/8118), [#8130](https://github.com/FreshRSS/FreshRSS/pull/8130)
-* New sorting by article length [#8119](https://github.com/FreshRSS/FreshRSS/pull/8119)
-* New advanced search form [#8103](https://github.com/FreshRSS/FreshRSS/pull/8103), [#8122](https://github.com/FreshRSS/FreshRSS/pull/8122), [#8226](https://github.com/FreshRSS/FreshRSS/pull/8226)
-* Add compatibility with PCRE word boundary `\b` and `\B` for regex search using PostgreSQL [#8141](https://github.com/FreshRSS/FreshRSS/pull/8141)
-* More uniform SQL search and PHP search for accents and case-sensitivity (e.g. for automatically marking as read) [#8329](https://github.com/FreshRSS/FreshRSS/pull/8329)
-* New overview of dates with most unread articles [#8089](https://github.com/FreshRSS/FreshRSS/pull/8089)
-* Exclude local networks for domain-wide HTTP `Retry-After` [#8195](https://github.com/FreshRSS/FreshRSS/pull/8195)
-* Fix OpenID Connect with Debian 13 [#8032](https://github.com/FreshRSS/FreshRSS/pull/8032)
-
-[1.27.1]
-* Update FreshRSS to 1.28.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.28.1)
-* Handle Web scraping of `text/plain` as `<pre class="text-plain">` [#&#8203;8340](https://github.com/FreshRSS/FreshRSS/pull/8340)
-* New customisable message for closed registrations [#&#8203;8462](https://github.com/FreshRSS/FreshRSS/pull/8462)
-* Fix unwanted expansion of user queries (saved searches) applied to filters [#&#8203;8395](https://github.com/FreshRSS/FreshRSS/pull/8395)
-* Fix encoding of filter actions for labels [#&#8203;8368](https://github.com/FreshRSS/FreshRSS/pull/8368)
-* Fix searching of tags [#&#8203;8425](https://github.com/FreshRSS/FreshRSS/pull/8425)
-* Fix refreshing feeds with token while anonymous refresh is disabled [#&#8203;8371](https://github.com/FreshRSS/FreshRSS/pull/8371)
-* Fix RSS and OPML access by token [#&#8203;8434](https://github.com/FreshRSS/FreshRSS/pull/8434)
-* Fix MySQL/MariaDB `transliterator_transliterate` fallback (when the `php-intl` extension is unavailable) [#&#8203;8427](https://github.com/FreshRSS/FreshRSS/pull/8427)
-* Fix regression with MySQL/MariaDB index hint [#&#8203;8460](https://github.com/FreshRSS/FreshRSS/pull/8460)
-* Auto-add `lastUserModified` database column also during mark-as-read action [#&#8203;8346](https://github.com/FreshRSS/FreshRSS/pull/8346)
-
-[1.28.0]
-* Update FreshRSS to 1.29.0
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.29.0)
-* New sort order preferences at global, category, and feed levels [#8234](https://github.com/FreshRSS/FreshRSS/pull/8234)
-* New filtering by date of *Server modification date* [#8131](https://github.com/FreshRSS/FreshRSS/pull/8131), [#8576](https://github.com/FreshRSS/FreshRSS/pull/8576)
-* New option to automatically mark new articles as read if an identical GUID already exists in the same category [#8673](https://github.com/FreshRSS/FreshRSS/pull/8673)
-* Add option to enable/disable notifications, also for PWA [#8458](https://github.com/FreshRSS/FreshRSS/pull/8458)
-* Fix wrong search `toString` in case of regex-looking string [#8479](https://github.com/FreshRSS/FreshRSS/pull/8479)
-* Fix redirect to wrong view after mark as read in *reader* and *global* views [#8552](https://github.com/FreshRSS/FreshRSS/pull/8552)
-* Fix do not include hidden feeds when counting total number of unread articles [#8715](https://github.com/FreshRSS/FreshRSS/pull/8715)
-* Limit cURL to protocols HTTP, HTTPS [#8713](https://github.com/FreshRSS/FreshRSS/pull/8713)
-* New Webhook extension for automated RSS notifications [Extensions#456](https://github.com/FreshRSS/Extensions/pull/456)
-* New `cli/purge.php` to apply purge policy [#8740](https://github.com/FreshRSS/FreshRSS/pull/8740)
-
-[1.28.1]
-* Update FreshRSS to 1.29.1
-* [Full Changelog](https://github.com/FreshRSS/FreshRSS/releases/tag/1.29.1)
-* Accept `.txt` import of feed URLs in additional to e.g. OPML [#8818](https://github.com/FreshRSS/FreshRSS/pull/8818), [#8837](https://github.com/FreshRSS/FreshRSS/pull/8837)
-* New CLI for automatic periodic SQLite export with retention [#8819](https://github.com/FreshRSS/FreshRSS/pull/8819)
-* More feed info: last received date, publication date [#8799](https://github.com/FreshRSS/FreshRSS/pull/8799)
-* Fix cookies with some browsers [#8867](https://github.com/FreshRSS/FreshRSS/pull/8867)
-* Fix search in shared user queries with empty results [#8863](https://github.com/FreshRSS/FreshRSS/pull/8863)
-* Fix XML errors with loading invalid OPML in `lib_opml` library [#8652](https://github.com/FreshRSS/FreshRSS/pull/8652), [#8853](https://github.com/FreshRSS/FreshRSS/pull/8853), [lib_opml#48](https://framagit.org/marienfressinaud/lib_opml/-/merge_requests/48), [lib_opml#51](https://framagit.org/marienfressinaud/lib_opml/-/merge_requests/51)
-* Fix ensure maximum number of feeds also with Dynamic OPML [#8832](https://github.com/FreshRSS/FreshRSS/pull/8832)
-* Fix click mark as read [#8817](https://github.com/FreshRSS/FreshRSS/pull/8817)
-

CloudronManifest.json

@@ -5,16 +5,13 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "RSS feed reader",
-  "version": "1.28.1",
+  "version": "1.15.3-1",
-  "upstreamVersion": "1.29.1",
+  "upstreamVersion": "1.20.2",
   "healthCheckPath": "/",
   "httpPort": 8000,
   "addons": {
     "localstorage": {},
     "mysql": {},
-    "oidc": {
-      "loginRedirectUri": "/i/oidc/"
-    },
     "scheduler": {
       "update_feeds": {
         "schedule": "*/1 * * * *",
@@ -22,35 +19,16 @@
       }
     }
   },
-  "checklist": {
-    "change-default-password": {
-      "sso": false,
-      "message": "Change the default admin password"
-    },
-    "create-admin": {
-      "sso": true,
-      "message": "On first visit, sign in using the built-in Cloudron authentication and then make the user administrator by running: `php cli/reconfigure.php --default_user YOUR_USERNAME`"
-    }
-  },
   "manifestVersion": 2,
   "website": "http://www.freshrss.org",
   "contactEmail": "support@cloudron.io",
   "icon": "logo.png",
-  "tags": [
+  "tags": [ "rss", "atom", "greader", "reader", "news", "feeds", "feedly" ],
-    "rss",
-    "atom",
-    "greader",
-    "reader",
-    "news",
-    "feeds",
-    "feedly"
-  ],
   "mediaLinks": [
     "https://screenshots.cloudron.io/org.freshrss.cloudronapp/1.png"
   ],
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "8.1.0",
+  "minBoxVersion": "7.1.0",
   "forumUrl": "https://forum.cloudron.io/category/27/freshrss",
-  "documentationUrl": "https://cloudron.io/documentation/packages/freshrss/",
+  "documentationUrl": "https://cloudron.io/documentation/apps/freshrss/"
-  "optionalSso": true
 }

Dockerfile

@@ -1,18 +1,15 @@
-FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
+FROM cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df
-
-RUN apt-get update && apt-get install --no-install-recommends -y libapache2-mod-auth-openidc && rm -rf /var/cache/apt /var/lib/apt/lists
 
 RUN mkdir -p /app/code
 WORKDIR /app/code
 
-# renovate: datasource=github-releases depName=FreshRSS/FreshRSS versioning=semver
+ARG VERSION=1.20.2
-ARG FRESHRSS_VERSION=1.29.1
+RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${VERSION}.tar.gz | tar -zxvf - --strip-components=1
 
-RUN curl -L https://github.com/FreshRSS/FreshRSS/archive/${FRESHRSS_VERSION}.tar.gz | tar -zxvf - --strip-components=1 && \
+RUN mv data data-orig && ln -s /app/data data
-    mv data data-orig && ln -s /app/data data
 
 # official extensions (https://github.com/FreshRSS/Extensions/commits/master)
-RUN wget https://github.com/FreshRSS/Extensions/archive/a82e080a1e68eb34539959a852fc5e800b7346dd.tar.gz -O - | tar -xz --strip-components=1 -C /app/code/extensions && \
+RUN wget https://github.com/FreshRSS/Extensions/archive/f66efcf5feb1245607c2e3ac9ef4176b5f2801b3.tar.gz -O - | tar -xz --strip-components=1 -C /app/code/extensions && \
     mv /app/code/extensions /app/code/extensions-orig && \
     ln -s /app/data/extensions /app/code/extensions
 
@@ -25,19 +22,19 @@ RUN a2disconf other-vhosts-access-log
 ADD apache/freshrss.conf /etc/apache2/sites-enabled/freshrss.conf
 RUN echo "Listen 8000" > /etc/apache2/ports.conf
 
-RUN a2enmod headers expires deflate mime dir rewrite setenvif auth_openidc
+RUN a2enmod headers expires deflate mime dir rewrite setenvif
 
 RUN rm -rf /var/lib/php && ln -s /run/php /var/lib/php
 
-RUN crudini --set /etc/php/8.3/apache2/php.ini PHP upload_max_filesize 64M && \
+RUN crudini --set /etc/php/8.1/apache2/php.ini PHP upload_max_filesize 64M && \
-    crudini --set /etc/php/8.3/apache2/php.ini PHP post_max_size 64M && \
+    crudini --set /etc/php/8.1/apache2/php.ini PHP post_max_size 64M && \
-    crudini --set /etc/php/8.3/apache2/php.ini PHP memory_limit 64M && \
+    crudini --set /etc/php/8.1/apache2/php.ini PHP memory_limit 64M && \
-    crudini --set /etc/php/8.3/apache2/php.ini Session session.save_path /run/php/session && \
+    crudini --set /etc/php/8.1/apache2/php.ini Session session.save_path /run/php/session && \
-    crudini --set /etc/php/8.3/apache2/php.ini Session session.gc_probability 1 && \
+    crudini --set /etc/php/8.1/apache2/php.ini Session session.gc_probability 1 && \
-    crudini --set /etc/php/8.3/apache2/php.ini Session session.gc_divisor 100
+    crudini --set /etc/php/8.1/apache2/php.ini Session session.gc_divisor 100
 
-RUN ln -s /app/data/php.ini /etc/php/8.3/apache2/conf.d/99-cloudron.ini && \
+RUN ln -s /app/data/php.ini /etc/php/8.1/apache2/conf.d/99-cloudron.ini && \
-    ln -s /app/data/php.ini /etc/php/8.3/cli/conf.d/99-cloudron.ini
+    ln -s /app/data/php.ini /etc/php/8.1/cli/conf.d/99-cloudron.ini
 
 ADD start.sh /app/code/start.sh
 

POSTINSTALL.md

@@ -1,7 +1,7 @@
-<nosso>
 This app is pre-setup with an admin account. The initial credentials are:
   
 **Username**: admin<br/>
 **Password**: changeme<br/>
 
-</nosso>
+Please change the admin password immediately.
+

apache/freshrss.conf

@@ -1,10 +1,6 @@
-# https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/FreshRSS.Apache.conf
+ServerName %{HTTP_HOST}
-
-ServerName localhost
 
 <VirtualHost *:8000>
-    ServerName localhost
-    UseCanonicalName Off
     DocumentRoot /app/code/p
     AllowEncodedSlashes On
 
@@ -17,44 +13,4 @@ ServerName localhost
         AllowOverride All
         Require all granted
     </Directory>
-
-    <Directory /app/code/p/api>
-        Include /app/code/p/api/.htaccess
-    </Directory>
-
-    <Directory /app/code/p/i>
-        ExpiresActive Off
-
-        <IfDefine OIDC_ENABLED>
-            AuthType openid-connect
-            Require valid-user
-        </IfDefine>
-        IncludeOptional /app/code/p/i/.htaccess
-    </Directory>
-
-    <Directory /app/code/p/themes>
-        Include /app/code/p/themes/.htaccess
-    </Directory>
-
-
-    <IfDefine OIDC_ENABLED>
-
-        # CLOUDRON_OIDC_PROVIDER_NAME is not supported
-
-        OIDCProviderMetadataURL ${CLOUDRON_OIDC_DISCOVERY_URL}
-        OIDCClientID ${CLOUDRON_OIDC_CLIENT_ID}
-        OIDCClientSecret ${CLOUDRON_OIDC_CLIENT_SECRET}
-
-        OIDCRedirectURI /i/oidc/
-
-        OIDCCryptoPassphrase ${OIDC_CRYPTO_PASSPHRASE}
-
-        OIDCRemoteUserClaim sub
-
-        OIDCScope "openid profile email"
-
-        OIDCRefreshAccessTokenBeforeExpiry 30
-        OIDCPassClaimsAs headers
-        OIDCXForwardedHeaders X-Forwarded-Proto
-    </IfDefine>
 </VirtualHost>

renovate.json5

@@ -1,4 +0,0 @@
-{
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["local>devops/renovator//default.renovate.json5"]
-}

start.sh

@@ -13,11 +13,7 @@ if ! [ -f /app/data/.installed ]; then
       --db-user "${CLOUDRON_MYSQL_USERNAME}" --db-password "${CLOUDRON_MYSQL_PASSWORD}" \
       --db-base "${CLOUDRON_MYSQL_DATABASE}" --db-prefix "" \
       --disable_update
-
+    php cli/create-user.php --user admin --password changeme --language en
-    if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
-        php cli/create-user.php --user admin --password changeme --language en
-    fi
-
     touch /app/data/.installed
     echo "==> Done."
 fi
@@ -39,24 +35,16 @@ for f in $(ls /app/code/extensions-orig); do
 done
 
 echo "==> Updating config file"
-if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+php cli/reconfigure.php --default_user admin --base_url "https://${CLOUDRON_APP_DOMAIN}" \
-    extra_args="--default_user admin"
-    [[ ! -f /app/data/.oauth_crypto_passphrase ]] && openssl rand -base64 42 > /app/data/.oauth_crypto_passphrase
-    export OIDC_CRYPTO_PASSPHRASE=$(</app/data/.oauth_crypto_passphrase) # used in apache config
-else
-    extra_args="--auth_type http_auth"
-fi
-
-php cli/reconfigure.php ${extra_args} --base_url "https://${CLOUDRON_APP_DOMAIN}" \
     --db-type mysql --db-host "${CLOUDRON_MYSQL_HOST}" \
     --db-user "${CLOUDRON_MYSQL_USERNAME}" --db-password "${CLOUDRON_MYSQL_PASSWORD}" \
     --db-base "${CLOUDRON_MYSQL_DATABASE}" --db-prefix "" \
     --disable_update
 
 echo "==> Setting permissions"
-chown -R www-data:www-data /run/php /app/data /tmp/log_api.txt
+chown -R www-data.www-data /run/php /app/data /tmp/log_api.txt
 
 echo "==> Starting apache"
 APACHE_CONFDIR="" source /etc/apache2/envvars
 rm -f "${APACHE_PID_FILE}"
-exec /usr/sbin/apache2 -D FOREGROUND $([[ -n "$CLOUDRON_OIDC_ISSUER" ]] && echo '-D OIDC_ENABLED')
+exec /usr/sbin/apache2 -DFOREGROUND

test/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "test",
+  "version": "1.0.0",
+  "description": "",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "dependencies": {
+    "chromedriver": "^108.0.0",
+    "expect.js": "^0.3.1",
+    "mkdirp": "^1.0.4",
+    "mocha": "^10.1.0",
+    "rimraf": "^3.0.2",
+    "selenium-webdriver": "^4.7.0",
+    "superagent": "^8.0.6"
+  }
+}

test/test.js

@@ -1,131 +1,196 @@
+#!/usr/bin/env node
 
-import assert from 'node:assert/strict';
+/* jshint esversion: 8 */
-import superagent from '@cloudron/superagent';
+/* global describe */
+/* global before */
+/* global after */
+/* global it */
 
-import { app, clearCache, click, cloudronCli, press, goto, loginOIDC, password, sendKeys, setupBrowser, takeScreenshot, teardownBrowser, username, waitFor } from '@cloudron/charlie';
+'use strict';
 
-/* global it, describe, before, after, afterEach */
+require('chromedriver');
+
+var execSync = require('child_process').execSync,
+    expect = require('expect.js'),
+    path = require('path'),
+    superagent = require('superagent'),
+    { Builder, By, Key, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
+
+var username = 'admin',
+    password = 'changeme';
 
 describe('Application life cycle test', function () {
-    const admin_username = 'admin';
+    this.timeout(0);
-    const admin_password = 'changeme';
 
-    before(setupBrowser);
+    const LOCATION = 'test';
-    after(teardownBrowser);
+    const TEST_TIMEOUT = 10000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
 
-    afterEach(async function () {
+    var browser, app;
-        await takeScreenshot(this.currentTest);
+
+    before(function () {
+        const options = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.HEADLESS) options.addArguments('headless');
+
+        browser = new Builder().forBrowser('chrome').setChromeOptions(options).build();
     });
 
+    after(function () {
+        browser.quit();
+    });
+
+    function getAppInfo() {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location.indexOf(LOCATION) === 0; })[0];
+        expect(app).to.be.an('object');
+    }
+
     function baseUrl() {
         if (app.manifest.version === '1.4.0') return `https://${app.fqdn}/p`;
         return `https://${app.fqdn}`;
     }
 
-    async function login(uname, pass) {
+    async function waitForElement(elem) {
-        await goto(`https://${app.fqdn}`, 'label=Username');
+        await browser.wait(until.elementLocated(elem), TEST_TIMEOUT);
-        await sendKeys('label=Username', uname);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
-        await sendKeys('label=Password', pass);
-        await click('Login', { role: 'button' }); // there is a link at the top
-        await waitFor('Subscription management');
     }
 
-    async function loginViaOIDC() {
+    async function login(password) {
-        await goto(`https://${app.fqdn}/i/`);
+        await browser.get('https://' + app.fqdn);
-        await loginOIDC('css=#btn-subscription');
+        await waitForElement(By.id('loginButton'));
+        await browser.findElement(By.id('username')).sendKeys(username);
+        await browser.findElement(By.id('passwordPlain')).sendKeys(password);
+        await browser.findElement(By.id('loginButton')).click();
+        await waitForElement(By.id('btn-subscription'));
+    }
+
+    async function logout() {
+        var logout_btn = By.xpath('//li/a[@class="signout"]');
+
+        await browser.get('https://' + app.fqdn);
+        await waitForElement(By.id('stream'));
+        await browser.findElement(By.className('dropdown-toggle')).click();
+        await waitForElement(logout_btn);
+        await browser.findElement(logout_btn).click();
+        await waitForElement(By.id('loginButton'));
     }
 
     async function addSubscription() {
-        await goto(`${baseUrl()}/i/?c=subscription&a=add`, 'label=Feed URL');
+        var url = 'https://blog.cloudron.io/rss/';
-        await sendKeys('label=Feed URL', 'https://blog.cloudron.io/rss/');
+        const addUrl = app.manifest.version === '1.10.0' ? `${baseUrl()}/i/?c=subscription` : `${baseUrl()}/i/?c=subscription&a=add`;
-        await press('label=Feed URL', 'Enter'); // there are multiple "Add" buttons on that page
+
-        await waitFor('RSS feed Cloudron has been added');
+        await browser.get(addUrl);
+        await waitForElement(By.xpath('//input[@name="url_rss"]'));
+        await browser.findElement(By.xpath('//input[@name="url_rss"]')).sendKeys(url);
+        await browser.findElement(By.xpath('//form[@id="add_rss"]//button[text()="Add"]')).click();
+        await waitForElement(By.xpath('//div[@id="notification" and @class="notification good"]'));
     }
 
-    async function enableApi({ relogin = true } = {}) {
+    async function addUser(password) {
-        await goto(`${baseUrl()}/i/?c=auth`);
+        var test_username = 'test';
 
-        if (relogin) {
+        await browser.get(`${baseUrl()}/i/?c=user&a=manage`);
-            await sendKeys('label=Password', admin_password);
+        await waitForElement(By.id('new_user_name'));
-            await click('Login');
+        await browser.findElement(By.id('new_user_name')).sendKeys(test_username);
-        }
+        await browser.findElement(By.id('new_user_passwordPlain')).sendKeys(password);
+        await browser.findElement(By.xpath('//button[text()="Create"]')).click();
+        await waitForElement(By.xpath('//div[@id="notification" and @class="notification good"]'));
+    }
 
-        await click(/Allow API access/);
+    async function enableApi() {
-        await click('Submit');
+        await browser.get(`${baseUrl()}/i/?c=auth`);
-        await waitFor(/Configuration has been updated/);
+        await waitForElement(By.id('api_enabled'));
+        await browser.findElement(By.id('api_enabled')).click();
+        await browser.findElement(By.xpath('//button[text()="Submit"]')).click();
     }
 
     async function checkApiConfiguration() {
-        await goto(`${baseUrl()}/api/`, /PASS/);
+        await browser.get(`${baseUrl()}/api/`);
-        await waitFor(/PASS/);
+        await waitForElement(By.xpath('//dd[@id="greaderOutput" and contains(text(), "PASS")]'));
+        await waitForElement(By.xpath('//dd[@id="feverOutput" and contains(text(), "PASS")]'));
     }
 
     async function subscriptionExists() {
-        await goto(`${baseUrl()}/i/?get=c_1`, 'Cloudron');
+        await browser.get(`${baseUrl()}/i/?get=c_1`);
+        return waitForElement(By.xpath('//span[text()="Cloudron"]'));
     }
 
-    async function getStaticExtensionFile() {
+    function getStaticExtensionFile(callback) {
-        const url = `${baseUrl()}/ext.php?f=xExtension-StickyFeeds/static/script.js&t=js`;
+        superagent.get(`${baseUrl()}/ext.php?f=xExtension-StickyFeeds/static/script.js&t=js`)
-        const response = await superagent.get(url)
+            .buffer(true)
-            .set('Cache-Control', 'no-store')
+            .end(function (err, res) {
-            .set('Pragma', 'no-cache')
+                expect(err).to.be(null);
-            .ok(() => true);
+                expect(res.status).to.be(200);
-        assert.strictEqual(response.status, 200);
+                expect(res.text).to.contain('sticky_feeds'); // relies on the buffer flag above
-        assert.ok(response.body.toString('utf8').includes('sticky_feeds')); // content-type is application/javascript, so body is a buffer
+                callback();
+        });
     }
 
-    // No SSO
+    xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
-    it('install app (no sso)', () => cloudronCli.install({ noSso: true }));
+    it('install app', function () { execSync('cloudron install --location ' + LOCATION, EXEC_ARGS); });
 
-    it('can login', login.bind(null, admin_username, admin_password));
+    it('can get app information', getAppInfo);
+
+    it('can login', login.bind(null, password));
     it('can subscribe', addSubscription);
-    it('can enable API', () => enableApi({ relogin: true }));
+    it('can add users', addUser.bind(null, password));
+    it('can enable API', enableApi);
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
-    it('can logout', clearCache);
+    it('can logout', logout);
-    it('uninstall app', cloudronCli.uninstall);
 
-    // SSO
+    it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
-    it('install app (sso)', cloudronCli.install);
 
-    it('can make user Administrator', () => cloudronCli.exec(`bash -c "php cli/reconfigure.php --default-user ${username}"`));
+    it('restore app', function () {
-    it('can login OIDC', () => loginViaOIDC(username, password));
+        const backups = JSON.parse(execSync(`cloudron backup list --raw --app ${app.id}`));
-    it('can subscribe', addSubscription);
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
-    it('can enable API', () => enableApi({ relogin: false }));
+        execSync('cloudron install --location ' + LOCATION, EXEC_ARGS);
+        getAppInfo();
+        execSync(`cloudron restore --backup ${backups[0].id} --app ${app.id}`, EXEC_ARGS);
+    });
+
+    it('can login', login.bind(null, password));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
+    it('can logout', logout);
 
-    it('backup app', cloudronCli.createBackup);
+    it('move to different location', function () {
-    it('restore app', cloudronCli.restoreFromLatestBackup);
+        browser.manage().deleteAllCookies();
+        execSync('cloudron configure --location ' + LOCATION + '2 --app ' + app.id, EXEC_ARGS);
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+        expect(app).to.be.an('object');
+    });
 
-    it('can login OIDC', loginViaOIDC);
+    it('can login', login.bind(null, password));
     it('can check configuration', checkApiConfiguration);
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
+    it('can logout', logout);
 
-    it('move to different location', cloudronCli.changeLocation);
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
-
-    it('can login OIDC', loginViaOIDC);
-    it('can check configuration', checkApiConfiguration);
-    it('subscription exists', subscriptionExists);
-    it('can get static extension file', getStaticExtensionFile);
-
-    it('uninstall app', cloudronCli.uninstall);
 
     // test update
-    it('can install app for update', cloudronCli.appstoreInstall);
+    it('can install app', function () { execSync('cloudron install --appstore-id org.freshrss.cloudronapp --location ' + LOCATION, EXEC_ARGS); });
 
-    it('can login OIDC', loginViaOIDC);
+    it('can get app information', getAppInfo);
-    it('can make user Administrator', () => cloudronCli.exec(`bash -c "php cli/reconfigure.php --default-user ${username}"`));
+    it('can login', login.bind(null, password));
     it('can subscribe', addSubscription);
+    it('can add users', addUser.bind(null, password));
 
-    it('can update', cloudronCli.update);
+    it('can update', function () {
+        execSync('cloudron update --app ' + app.id, EXEC_ARGS);
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+        expect(app).to.be.an('object');
+    });
 
-    it('can login OIDC', loginViaOIDC);
+    it('can login', login.bind(null, password));
     it('subscription exists', subscriptionExists);
     it('can get static extension file', getStaticExtensionFile);
 
-    it('uninstall app', cloudronCli.uninstall);
+    it('uninstall app', function () { execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS); });
 });