Version 1.26.0

CHANGELOG

@@ -433,3 +433,6 @@
 * #9269: panic: nil pointer dereference in (*indexHandlerRegistry).startLocked
 * #9274: Missing lock in DeviceStatistics ("fatal error: concurrent map read and map write")
 
+[1.26.0]
+* Add LDAP support
+

CloudronManifest.json

@@ -5,12 +5,13 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG",
   "tagline": "Decentralized file synchronization",
-  "version": "1.25.2",
+  "version": "1.26.0",
   "upstreamVersion": "1.27.1",
   "healthCheckPath": "/healthcheck",
   "httpPort": 8000,
   "addons": {
-    "localstorage": {}
+    "localstorage": {},
+    "ldap": {}
   },
   "tcpPorts": {
     "SYNC_PORT": {
@@ -36,5 +37,6 @@
     "https://screenshots.cloudron.io/net.syncthing.cloudronapp2/2.png",
     "https://screenshots.cloudron.io/net.syncthing.cloudronapp2/3.png"
   ],
+  "optionalSso": true,
   "postInstallMessage": "file://POSTINSTALL.md"
 }

POSTINSTALL.md

@@ -1,7 +1,11 @@
+<sso>
+All Cloudron users are admins and can manage synchronising files.
+</sso>
+<nosso>
 This app is pre-setup with an admin account. The initial credentials are:
 
 **Username**: admin<br/>
 **Password**: changeme<br/>
 
 Please change the admin password immediately.
-
+</nosso>

start.sh

@@ -17,8 +17,21 @@ if [[ ! -f /app/data/config/config.xml ]]; then
         --update "//configuration/options/defaultFolderPath" -v '/app/data/folders' \
         --update "//configuration/options/urAccepted" -v '-1' \
         /app/data/config/config.xml
+
 fi
 
+if [[ -n ${CLOUDRON_LDAP_HOST:-} ]]; then
+    xmlstarlet ed --inplace \
+        --subnode "//configuration/gui" -t elem -n "authMode" -v "ldap" \
+        --subnode "//configuration/ldap" -t elem -n "address" -v "${CLOUDRON_LDAP_HOST:-}:${CLOUDRON_LDAP_PORT}" \
+        --subnode "//configuration/ldap" -t elem -n "bindDN" -v "${CLOUDRON_LDAP_BIND_DN:-}" \
+        --subnode "//configuration/ldap" -t elem -n "insecureSkipVerify" -v "true" \
+        --subnode "//configuration/ldap" -t elem -n "searchBaseDN" -v "${CLOUDRON_LDAP_USERS_BASE_DN:-}" \
+        --subnode "//configuration/ldap" -t elem -n "searchFilter" -v "(&(objectclass=user)(|(username=%s)(mail=%s)))" \
+        /app/data/config/config.xml
+fi
+
+
 # Set the listenAddress and the gui enabled to make sure user doesnt lock themselves  out by accident.
 sed -e "s,<listenAddress>.*</listenAddress>,<listenAddress>tcp://:${SYNC_PORT}</listenAddress>," -i /app/data/config/config.xml
 sed -e 's,<gui .*>,<gui enabled="true" tls="false" debugging="false">,' -i /app/data/config/config.xml

test/package-lock.json

@@ -9,7 +9,7 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^119.0.1",
+        "chromedriver": "^120.0.0",
         "expect.js": "^0.3.1",
         "mocha": "^10.2.0",
         "selenium-webdriver": "^4.16.0",
@@ -236,9 +236,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "119.0.1",
+      "version": "120.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.0.tgz",
-      "integrity": "sha512-lpCFFLaXPpvElTaUOWKdP74pFb/sJhWtWqMjn7Ju1YriWn8dT5JBk84BGXMPvZQs70WfCYWecxdMmwfIu1Mupg==",
+      "integrity": "sha512-LGy2LhWRBiqDarFIU8gQ43EEyj+07Tc3JuUhthkESAwZ99lrifSnKZwKU0aVwansU84+k6bt71z7K3dkk65gZg==",
       "hasInstallScript": true,
       "dependencies": {
         "@testim/chrome-version": "^1.1.4",
@@ -1633,9 +1633,9 @@
       }
     },
     "chromedriver": {
-      "version": "119.0.1",
+      "version": "120.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-119.0.1.tgz",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.0.tgz",
-      "integrity": "sha512-lpCFFLaXPpvElTaUOWKdP74pFb/sJhWtWqMjn7Ju1YriWn8dT5JBk84BGXMPvZQs70WfCYWecxdMmwfIu1Mupg==",
+      "integrity": "sha512-LGy2LhWRBiqDarFIU8gQ43EEyj+07Tc3JuUhthkESAwZ99lrifSnKZwKU0aVwansU84+k6bt71z7K3dkk65gZg==",
       "requires": {
         "@testim/chrome-version": "^1.1.4",
         "axios": "^1.6.0",

test/package.json

@@ -9,7 +9,7 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^119.0.1",
+    "chromedriver": "^120.0.0",
     "expect.js": "^0.3.1",
     "mocha": "^10.2.0",
     "selenium-webdriver": "^4.16.0",

test/test.js

@@ -19,6 +19,11 @@ const execSync = require('child_process').execSync,
     { Builder, By, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
 
+if (!process.env.USERNAME || !process.env.PASSWORD) {
+    console.log('USERNAME and PASSWORD env vars need to be set');
+    process.exit(1);
+}
+
 describe('Application life cycle test', function () {
     this.timeout(0);
 
@@ -29,7 +34,9 @@ describe('Application life cycle test', function () {
     const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
 
     let browser, app;
-    const username = 'admin', password = 'changeme';
+    const adminUsername = 'admin', adminPassword = 'changeme';
+    let username = process.env.USERNAME;
+    let password = process.env.PASSWORD;
 
     before(function () {
         browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
@@ -50,7 +57,7 @@ describe('Application life cycle test', function () {
         await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
     }
 
-    async function login() {
+    async function login(username, password) {
         await browser.manage().deleteAllCookies();
         await browser.get('https://' + app.fqdn);
         await waitForElement(By.id('user'));
@@ -86,10 +93,25 @@ describe('Application life cycle test', function () {
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
 
-    it('install app', function () { execSync('cloudron install --port-bindings SYNC_PORT=' + SYNC_PORT + ' --location ' + LOCATION, EXEC_ARGS); });
+    // NO SSO
+    it('install app (NO SSO)', function () { execSync('cloudron install --no-sso --port-bindings SYNC_PORT=' + SYNC_PORT + ' --location ' + LOCATION, EXEC_ARGS); });
     it('can get app information', getAppInfo);
 
-    it('can login', login);
+    it('can admin login', login.bind(null, adminUsername, adminPassword));
+    it('can load page', loadPage);
+    it('can add folder', addFolder);
+    it('can check folder', checkFolder);
+
+    it('uninstall app', async function () {
+        await browser.get('about:blank');
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+    });
+
+    // SSO
+    it('install app (SSO)', function () { execSync('cloudron install --port-bindings SYNC_PORT=' + SYNC_PORT + ' --location ' + LOCATION, EXEC_ARGS); });
+    it('can get app information', getAppInfo);
+
+    it('can login', login.bind(null, username, password));
     it('can load page', loadPage);
     it('can add folder', addFolder);
 
@@ -100,7 +122,7 @@ describe('Application life cycle test', function () {
         await timers.setTimeout(5000);
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can load page', loadPage);
     it('can check folder', checkFolder);
 
@@ -111,7 +133,7 @@ describe('Application life cycle test', function () {
     });
     it('can get app information', getAppInfo);
 
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can load page', loadPage);
     it('can check folder', checkFolder);
 
@@ -126,7 +148,8 @@ describe('Application life cycle test', function () {
         await timers.setTimeout(30000);
     });
     it('can get app information', getAppInfo);
-    it('can login', login);
+    // next release it should be replaced with LDAP login
+    it('can admin login', login.bind(null, adminUsername, adminPassword));
     it('can load page', loadPage);
     it('can add folder', addFolder);
     it('can update', async function () {
@@ -134,7 +157,8 @@ describe('Application life cycle test', function () {
         execSync('cloudron update --app ' + LOCATION, EXEC_ARGS);
         await timers.setTimeout(30000);
     });
-    it('can login', login);
+    // next release it should be replaced with LDAP login
+    it('can admin login', login.bind(null, adminUsername, adminPassword));
     it('can check folder', checkFolder);
 
     it('uninstall app', async function () {