diff --git a/.gitignore b/.gitignore index ef624d1..b70c2e6 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ config_ldap.php config_db.php data certs +.idea diff --git a/Demo/config.json b/Demo/config.json index 29447cd..94230b3 100644 --- a/Demo/config.json +++ b/Demo/config.json @@ -36,7 +36,6 @@ "EnableDeveloper": false, "DeveloperFlags": "", "EnableClientPerformanceDebugging": false, - "EnableOpenTracing": false, "EnableSecurityFixAlert": true, "EnableInsecureOutgoingConnections": false, "AllowedUntrustedInternalConnections": "", @@ -49,6 +48,7 @@ "CorsDebug": false, "AllowCookiesForSubdomains": false, "ExtendSessionLengthWithActivity": false, + "TerminateSessionsOnPasswordChange": false, "SessionLengthWebInDays": 180, "SessionLengthWebInHours": 4320, "SessionLengthMobileInDays": 180, @@ -66,6 +66,7 @@ "EnableEmojiPicker": true, "PostEditTimeLimit": -1, "TimeBetweenUserTypingUpdatesMilliseconds": 5000, + "EnableCrossTeamSearch": true, "EnablePostSearch": true, "EnableFileSearch": true, "MinimumHashtagLength": 3, @@ -74,7 +75,6 @@ "EnableUserStatuses": true, "ExperimentalEnableAuthenticationTransfer": true, "ClusterLogTimeoutMilliseconds": 2000, - "EnablePreviewFeatures": true, "EnableTutorial": true, "EnableOnboardingFlow": true, "ExperimentalEnableDefaultChannelLeaveJoinMessages": true, @@ -82,6 +82,8 @@ "EnableAPITeamDeletion": false, "EnableAPITriggerAdminNotifications": false, "EnableAPIUserDeletion": false, + "EnableAPIPostDeletion": false, + "EnableDesktopLandingPage": true, "ExperimentalEnableHardenedMode": false, "ExperimentalStrictCSRFEnforcement": false, "EnableEmailInvitations": false, @@ -107,11 +109,15 @@ "CollapsedThreads": "always_on", "ManagedResourcePaths": "", "EnableCustomGroups": true, - "SelfHostedPurchase": true, "AllowSyncedDrafts": true, "UniqueEmojiReactionLimitPerPost": 50, "RefreshPostStatsRunTime": "00:00", - "MaximumPayloadSizeBytes": 100000 + "MaximumPayloadSizeBytes": 100000, + "MaximumURLLength": 2048, + "ScheduledPosts": true, + "EnableWebHubChannelIteration": false, + "FrameAncestors": "", + "DeleteAccountLink": "" }, "TeamSettings": { "SiteName": "Mattermost", @@ -175,7 +181,6 @@ "VerboseDiagnostics": false, "EnableSentry": true, "AdvancedLoggingJSON": {}, - "AdvancedLoggingConfig": "", "MaxFieldSize": 2048 }, "ExperimentalAuditSettings": { @@ -187,7 +192,7 @@ "FileCompress": false, "FileMaxQueueSize": 1000, "AdvancedLoggingJSON": {}, - "AdvancedLoggingConfig": "" + "Certificate": "" }, "NotificationLogSettings": { "EnableConsole": true, @@ -198,8 +203,7 @@ "FileLevel": "INFO", "FileJson": true, "FileLocation": "", - "AdvancedLoggingJSON": {}, - "AdvancedLoggingConfig": "" + "AdvancedLoggingJSON": {} }, "PasswordSettings": { "MinimumLength": 8, @@ -234,6 +238,8 @@ "AmazonS3SSE": false, "AmazonS3Trace": false, "AmazonS3RequestTimeoutMilliseconds": 30000, + "AmazonS3UploadPartSizeBytes": 5242880, + "AmazonS3StorageClass": "", "DedicatedExportStore": false, "ExportDriverName": "local", "ExportDirectory": "./data/", @@ -248,7 +254,9 @@ "ExportAmazonS3SSE": false, "ExportAmazonS3Trace": false, "ExportAmazonS3RequestTimeoutMilliseconds": 30000, - "ExportAmazonS3PresignExpiresSeconds": 21600 + "ExportAmazonS3PresignExpiresSeconds": 21600, + "ExportAmazonS3UploadPartSizeBytes": 104857600, + "ExportAmazonS3StorageClass": "" }, "EmailSettings": { "EnableSignUpWithEmail": false, @@ -301,6 +309,9 @@ "AboutLink": "https://mattermost.com/pl/about-mattermost", "HelpLink": "https://mattermost.com/pl/help/", "ReportAProblemLink": "https://mattermost.com/pl/report-a-bug", + "ReportAProblemType": "default", + "ReportAProblemMail": "", + "AllowDownloadLogs": true, "ForgotPasswordLink": "", "SupportEmail": "", "CustomTermsOfServiceEnabled": false, @@ -327,8 +338,8 @@ }, "GitLabSettings": { "Enable": true, - "Secret": "fedcba987654321fedcba987654321", - "Id": "123456789abcdef123456789abcdef", + "Secret": "987654321", + "Id": "123456789", "Scope": "", "AuthEndpoint": "http://localhost/oauth/authorize", "TokenEndpoint": "http://webserver/oauth/token.php", @@ -381,6 +392,7 @@ "BaseDN": "", "BindUsername": "", "BindPassword": "", + "MaximumLoginAttempts": 10, "UserFilter": "", "GroupFilter": "", "GuestFilter": "", @@ -398,6 +410,7 @@ "LoginIdAttribute": "", "PictureAttribute": "", "SyncIntervalMinutes": 60, + "ReAddRemovedMembers": false, "SkipCertificateVerification": false, "PublicCertificateFile": "", "PrivateKeyFile": "", @@ -406,8 +419,7 @@ "LoginFieldName": "", "LoginButtonColor": "#0000", "LoginButtonBorderColor": "#2389D7", - "LoginButtonTextColor": "#2389D7", - "Trace": false + "LoginButtonTextColor": "#2389D7" }, "ComplianceSettings": { "Enable": false, @@ -418,7 +430,8 @@ "LocalizationSettings": { "DefaultServerLocale": "en", "DefaultClientLocale": "en", - "AvailableLocales": "" + "AvailableLocales": "", + "EnableExperimentalLocales": false }, "SamlSettings": { "Enable": false, @@ -463,7 +476,21 @@ ], "AppDownloadLink": "https://mattermost.com/pl/download-apps", "AndroidAppDownloadLink": "https://mattermost.com/pl/android-app/", - "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/" + "IosAppDownloadLink": "https://mattermost.com/pl/ios-app/", + "MobileExternalBrowser": false, + "MobileEnableBiometrics": false, + "MobilePreventScreenCapture": false, + "MobileJailbreakProtection": false, + "MobileEnableSecureFilePreview": false, + "MobileAllowPdfLinkNavigation": false + }, + "CacheSettings": { + "CacheType": "lru", + "RedisAddress": "", + "RedisPassword": "********************************", + "RedisDB": -1, + "RedisCachePrefix": "", + "DisableClientCache": false }, "ClusterSettings": { "Enable": false, @@ -475,35 +502,39 @@ "UseIPAddress": true, "EnableGossipCompression": true, "EnableExperimentalGossipEncryption": false, + "EnableGossipEncryption": false, "ReadOnlyConfig": true, - "GossipPort": 8074, - "StreamingPort": 8075, - "MaxIdleConns": 100, - "MaxIdleConnsPerHost": 128, - "IdleConnTimeoutMilliseconds": 90000 + "GossipPort": 8074 }, "MetricsSettings": { "Enable": false, "BlockProfileRate": 0, - "ListenAddress": ":8067" + "ListenAddress": ":8067", + "EnableClientMetrics": true, + "EnableNotificationMetrics": true, + "ClientSideUserIds": [] }, "ExperimentalSettings": { "ClientSideCertEnable": false, "ClientSideCertCheck": "secondary", "LinkMetadataTimeoutMilliseconds": 5000, "RestrictSystemAdmin": false, - "UseNewSAMLLibrary": false, "EnableSharedChannels": false, "EnableRemoteClusterService": false, "DisableAppBar": false, "DisableRefetchingOnBrowserFocus": false, - "DelayChannelAutocomplete": false + "DelayChannelAutocomplete": false, + "DisableWakeUpReconnectHandler": false, + "UsersStatusAndProfileFetchingPollIntervalMilliseconds": 3000, + "YoutubeReferrerPolicy": false, + "ExperimentalChannelCategorySorting": false }, "AnalyticsSettings": { "MaxUsersForStatistics": 2500 }, "ElasticsearchSettings": { "ConnectionURL": "", + "Backend": "elasticsearch", "Username": "elastic", "Password": "changeme", "EnableIndexing": false, @@ -519,6 +550,7 @@ "AggregatePostsAfterDays": 365, "PostsAggregatorJobStartTime": "03:00", "IndexPrefix": "", + "GlobalSearchPrefix": "", "LiveIndexingBatchSize": 1, "BatchSize": 10000, "RequestTimeoutSeconds": 30, @@ -548,7 +580,8 @@ "DeletionJobStartTime": "02:00", "BatchSize": 3000, "TimeBetweenBatchesMilliseconds": 100, - "RetentionIdsBatchSize": 100 + "RetentionIdsBatchSize": 100, + "PreservePinnedPosts": false }, "MessageExportSettings": { "EnableExport": false, @@ -557,6 +590,8 @@ "ExportFromTimestamp": 0, "BatchSize": 10000, "DownloadExportResults": false, + "ChannelBatchSize": 100, + "ChannelHistoryBatchSize": 10, "GlobalRelaySettings": { "CustomerType": "A9", "SMTPUsername": "", @@ -573,7 +608,6 @@ "CleanupJobsThresholdDays": -1, "CleanupConfigThresholdDays": -1 }, - "ProductSettings": {}, "PluginSettings": { "Enable": true, "EnableUploads": true, @@ -582,8 +616,40 @@ "Directory": "./plugins", "ClientDirectory": "./client/plugins", "Plugins": { + "mattermost-ai": { + "allowedUpstreamHostnames": "", + "bots": null, + "defaultBotName": "", + "embeddingSearchConfig": { + "chunkingOptions": { + "chunkOverlap": 0, + "chunkSize": 0, + "chunkingStrategy": "", + "minChunkSize": 0 + }, + "dimensions": 0, + "embeddingProvider": { + "parameters": null, + "type": "" + }, + "parameters": null, + "type": "", + "vectorStore": { + "parameters": null, + "type": "" + } + }, + "enableLLMTrace": false, + "mcp": { + "enabled": false, + "idleTimeoutMinutes": 0, + "servers": null + }, + "services": null, + "transcriptBackend": "" + }, "playbooks": { - "BotUserID": "xn8i86tz47rtjp8yxs4cdofh1a" + "BotUserID": "6ieoijnzdfgnzq7535rbomzqjy" } }, "PluginStates": { @@ -593,6 +659,9 @@ "com.mattermost.nps": { "Enable": true }, + "mattermost-ai": { + "Enable": true + }, "playbooks": { "Enable": true } @@ -644,5 +713,60 @@ "MoveThreadFromPrivateChannelEnable": false, "MoveThreadFromDirectMessageChannelEnable": false, "MoveThreadFromGroupMessageChannelEnable": false + }, + "ConnectedWorkspacesSettings": { + "EnableSharedChannels": false, + "EnableRemoteClusterService": false, + "DisableSharedChannelsStatusSync": false, + "SyncUsersOnConnectionOpen": false, + "GlobalUserSyncBatchSize": 25, + "MaxPostsPerSync": 50, + "MemberSyncBatchSize": 20 + }, + "AccessControlSettings": { + "EnableAttributeBasedAccessControl": false, + "EnableChannelScopeAccessControl": false, + "EnableUserManagedAttributes": false + }, + "ContentFlaggingSettings": { + "EnableContentFlagging": false, + "ReviewerSettings": { + "CommonReviewers": true, + "CommonReviewerIds": [], + "TeamReviewersSetting": {}, + "SystemAdminsAsReviewers": false, + "TeamAdminsAsReviewers": true + }, + "NotificationSettings": { + "EventTargetMapping": { + "assigned": [ + "reviewers" + ], + "dismissed": [ + "reviewers", + "reporter" + ], + "flagged": [ + "reviewers" + ], + "removed": [ + "reviewers", + "author", + "reporter" + ] + } + }, + "AdditionalSettings": { + "Reasons": [ + "Inappropriate content", + "Sensitive data", + "Security concern", + "Harassment or abuse", + "Spam or phishing" + ], + "ReporterCommentRequired": true, + "ReviewerCommentRequired": true, + "HideFlaggedContent": true + } } } \ No newline at end of file diff --git a/Demo/docker-compose.yaml b/Demo/docker-compose.yaml index ae44233..a19222f 100644 --- a/Demo/docker-compose.yaml +++ b/Demo/docker-compose.yaml @@ -1,87 +1,76 @@ version: '3' services: - ldap: - image: osixia/openldap:1.4.0 - restart: always - domainname: "example.com" - hostname: "ldap" - command: --copy-service - ports: - - 389:389 - - 636:636 - volumes: - - ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif - environment: - LDAP_ORGANISATION: "Example Corp" - LDAP_DOMAIN: "example.com" - LDAP_ADMIN_PASSWORD: "changeMe-Pl34$e" - LDAP_READONLY_USER: "true" - LDAP_READONLY_USER_USERNAME: "butler" - LDAP_READONLY_USER_PASSWORD: "readonly" + ldap: + image: osixia/openldap:1.4.0 + restart: always + domainname: "example.com" + hostname: "ldap" + command: --copy-service + ports: + - 389:389 + - 636:636 + volumes: + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif + environment: + LDAP_ORGANISATION: "Example Corp" + LDAP_DOMAIN: "example.com" + LDAP_ADMIN_PASSWORD: "changeMe-Pl34$e" + LDAP_READONLY_USER: "true" + LDAP_READONLY_USER_USERNAME: "butler" + LDAP_READONLY_USER_PASSWORD: "readonly" - webserver: - image: nginx - restart: always - ports: - - 80:80 - - 443:443 - volumes: - - ../oauth:/var/www/html/oauth - - ./nginx.conf:/etc/nginx/nginx.conf - depends_on: - - php + webserver: + image: nginx + restart: always + ports: + - 80:80 + - 443:443 + volumes: + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/oauth:/var/www/html/oauth + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/nginx.conf:/etc/nginx/nginx.conf + depends_on: + - php - php: - build: ../Docker/php-ldap-pgsql - image: php-ldap-pgsql - volumes: - - ../oauth:/var/www/html/oauth - environment: - ldap_host: ldap://ldap:389/ - ldap_port: 389 - ldap_version: 3 - ldap_search_attribute: uid - ldap_base_dn: "dc=example,dc=com" - ldap_filter: "(objectClass=*)" - ldap_bind_dn: "cn=butler,dc=example,dc=com" - ldap_bind_pass: "readonly" - db_host: "database" - db_port: "5432" - db_type: "pgsql" - db_name: "oauth_db" - db_user: "oauth" - db_pass: "oauth_secure-pass" - depends_on: - - database - - ldap + php: + build: D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Docker/php-ldap-pgsql + image: php-ldap-pgsql + volumes: + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/oauth:/var/www/html/oauth + environment: + ldap_host: ldap://ldap:389/ + ldap_port: 389 + ldap_version: 3 + ldap_search_attribute: uid + ldap_base_dn: "dc=example,dc=com" + ldap_filter: "(objectClass=*)" + ldap_bind_dn: "cn=butler,dc=example,dc=com" + ldap_bind_pass: "readonly" + db_host: "database" + db_port: "5432" + db_type: "pgsql" + db_name: "oauth_db" + db_user: "oauth" + db_pass: "oauth_secure-pass" + depends_on: + - database + - ldap - database: - image: postgres:alpine - restart: always - volumes: - - ../db_init/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh - - ../db_init/config_init.sh.example:/docker-entrypoint-initdb.d/config_init.sh - environment: - POSTGRES_USER: postgres - POSTGRES_PASSWORD: rootroot - POSTGRES_HOST_AUTH_METHOD: trust - client_id: 123456789abcdef123456789abcdef - client_secret: fedcba987654321fedcba987654321 - redirect_uri: "http://localhost/signup/gitlab/complete" - grant_types: "authorization_code" - scope: "api" - user_id: "" - db_user: "oauth" - db_pass: "oauth_secure-pass" - db_name: "oauth_db" - db_host: "127.0.0.1" - db_port: "5432" + database: + image: postgres:alpine + restart: always + volumes: + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/db_init/init_postgres.sh:/docker-entrypoint-initdb.d/init_postgres.sh + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/db_init/config_init.sh.example:/docker-entrypoint-initdb.d/config_init.sh + environment: + POSTGRES_USER: postgres + POSTGRES_PASSWORD: rootroot + POSTGRES_HOST_AUTH_METHOD: trust - mattermost: - image: mattermost/mattermost-preview - ports: - - 8065:8065 - extra_hosts: - - dockerhost:127.0.0.1 - volumes: - - ./config.json:/mm/mattermost/config/config_docker.json + mattermost: + image: mattermost/mattermost-preview + ports: + - 8065:8065 + extra_hosts: + - dockerhost:127.0.0.1 + volumes: + - D:/23_Gitlab/dockerCompose/mattermost-ldap/Mattermost-LDAP/Demo/config.json:/mm/mattermost/config/config_docker.json diff --git a/db_init/config_init.sh.example b/db_init/config_init.sh.example index ab92836..8554478 100755 --- a/db_init/config_init.sh.example +++ b/db_init/config_init.sh.example @@ -1,16 +1,18 @@ +#!/bin/bash + #####################################--CONFIGURATION FILE--######################################## -#Client configuration -client_id=$(if [ -z $client_id ]; then echo "123456789"; else echo $client_id; fi) -client_secret=$(if [ -z $client_secret ]; then echo "987654321"; else echo $client_secret; fi) -redirect_uri=$(if [ -z $redirect_uri ]; then echo "http://mattermost.company.com/signup/gitlab/complete"; else echo $redirect_uri; fi) -grant_types=$(if [ -z $grant_types ]; then echo "authorization_code"; else echo $grant_types; fi) -scope=$(if [ -z $scope ]; then echo "api"; else echo $client_id; fi) -user_id=$(if [ -z $user_id ]; then echo ""; else echo $user_id; fi) +# Client configuration +client_id=${client_id:-123456789} +client_secret=${client_secret:-987654321} +redirect_uri=${redirect_uri:-http://mattermost.company.com/signup/gitlab/complete} +grant_types=${grant_types:-authorization_code} +scope=${scope:-api} +user_id=${user_id:-} -#Database configuration -db_user=$(if [ -z $db_user ]; then echo "oauth"; else echo $db_user; fi) -db_name=$(if [ -z $db_name ]; then echo "oauth_db"; else echo $db_name; fi) -db_pass=$(if [ -z $db_pass ]; then echo "oauth_secure-pass"; else echo $db_pass; fi) -db_host=$(if [ -z $db_host ]; then echo "localhost"; else echo $db_host; fi) -db_port=$(if [ -z $db_port ]; then echo "5432"; else echo $db_port; fi) +# Database configuration +db_user=${db_user:-oauth} +db_name=${db_name:-oauth_db} +db_pass=${db_pass:-oauth_secure-pass} +db_host=${db_host:-localhost} +db_port=${db_port:-5432} diff --git a/db_init/init_postgres.sh b/db_init/init_postgres.sh index fef715c..07c7be8 100755 --- a/db_init/init_postgres.sh +++ b/db_init/init_postgres.sh @@ -1,46 +1,46 @@ #!/bin/bash -#This script need right to become postgres user (so root) and to read/write in httpd directory +# This script needs root privileges and access to Postgres -source config_init.sh +set -e +source /docker-entrypoint-initdb.d/config_init.sh -#######################################--Fonctions--############################################### +#######################################--Functions--############################################### -ok() { echo -e '\e[32m'$1'\e[m'; } -error() { echo -e '\e[31m'$1'\e[m'; } -info() { echo -e '\e[34m'$1'\e[m'; } -warn() { echo -e '\e[33m'$1'\e[m'; } +ok() { echo -e '\e[32m'"$1"'\e[m'; } +error(){ echo -e '\e[31m'"$1"'\e[m'; } +info() { echo -e '\e[34m'"$1"'\e[m'; } +warn() { echo -e '\e[33m'"$1"'\e[m'; } #######################################--SQL STATEMENT--########################################### -#Tables creation -create_table_oauth_client="CREATE TABLE oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));" -create_table_oauth_access_tokens="CREATE TABLE oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));" -create_table_oauth_authorization_codes="CREATE TABLE oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));" -create_table_oauth_refresh_tokens="CREATE TABLE oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));" -create_table_users="CREATE TABLE users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));" -create_table_oauth_scopes="CREATE TABLE oauth_scopes (scope TEXT, is_default BOOLEAN);" +# Tables creation +create_table_oauth_client="CREATE TABLE IF NOT EXISTS oauth_clients (client_id VARCHAR(80) NOT NULL, client_secret VARCHAR(80), redirect_uri VARCHAR(2000) NOT NULL, grant_types VARCHAR(80), scope VARCHAR(100), user_id VARCHAR(80), CONSTRAINT clients_client_id_pk PRIMARY KEY (client_id));" +create_table_oauth_access_tokens="CREATE TABLE IF NOT EXISTS oauth_access_tokens (access_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT access_token_pk PRIMARY KEY (access_token));" +create_table_oauth_authorization_codes="CREATE TABLE IF NOT EXISTS oauth_authorization_codes (authorization_code VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), redirect_uri VARCHAR(2000), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT auth_code_pk PRIMARY KEY (authorization_code));" +create_table_oauth_refresh_tokens="CREATE TABLE IF NOT EXISTS oauth_refresh_tokens (refresh_token VARCHAR(40) NOT NULL, client_id VARCHAR(80) NOT NULL, user_id VARCHAR(255), expires TIMESTAMP NOT NULL, scope VARCHAR(2000), CONSTRAINT refresh_token_pk PRIMARY KEY (refresh_token));" +create_table_users="CREATE TABLE IF NOT EXISTS users (id SERIAL NOT NULL, username VARCHAR(255) NOT NULL, CONSTRAINT id_pk PRIMARY KEY (id));" +create_table_oauth_scopes="CREATE TABLE IF NOT EXISTS oauth_scopes (scope TEXT, is_default BOOLEAN);" -#Client creation -create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id');" +# Client creation +create_client="INSERT INTO oauth_clients (client_id,client_secret,redirect_uri,grant_types,scope,user_id) VALUES ('$client_id','$client_secret','$redirect_uri','$grant_types','$scope','$user_id') ON CONFLICT (client_id) DO NOTHING;" ################################################################################################### -#Welcome Message -info "This script will create a new Oauth role and an associated database for Mattermost-LDAP\nTo edit configuration please edit this script before running !\n" -warn "SuperUser right must be ask to create the new role and database in postgres\n" -info "Press ctrl+c to stop the script" - +# Welcome +info "This script will create a new OAuth role and database for Mattermost-LDAP" +warn "SuperUser rights are required to create role and database in Postgres" +info "Press ctrl+c to stop the script if you are not ready" sleep 5 -#Creating Oauth role and associated database (need admin account on postgres) -info "Creation of role $db_user and database $db_name ..." +# Create role and DB +info "Creating role [$db_user] and database [$db_name] ..." psql -U postgres -c "CREATE DATABASE $db_name;" psql -U postgres -c "CREATE USER $db_user WITH ENCRYPTED PASSWORD '$db_pass';" psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE $db_name TO $db_user;" psql -U postgres -c "ALTER DATABASE $db_name OWNER TO $db_user;" -#Creating tables for ouath database (use oauth role) -info "Creation of tables for database $db_name (using $db_user)" +# Create tables +info "Creating tables in database $db_name (using $db_user)" psql -U $db_user -d $db_name -c "$create_table_oauth_client" psql -U $db_user -d $db_name -c "$create_table_oauth_access_tokens" psql -U $db_user -d $db_name -c "$create_table_oauth_authorization_codes" @@ -48,18 +48,16 @@ psql -U $db_user -d $db_name -c "$create_table_oauth_refresh_tokens" psql -U $db_user -d $db_name -c "$create_table_users" psql -U $db_user -d $db_name -c "$create_table_oauth_scopes" -#Insert new client in the database -info "Insert new client in the database" +# Insert client +info "Inserting new client into database" psql -U $db_user -d $db_name -c "$create_client" -#Verification -psql -U $db_user -d $db_name -c "SELECT * from oauth_clients WHERE client_id='$client_id';" | grep '(1' - -if [ $? ] -then ok "Client has been created ! Oauth Database is configured.\n" -info "Client ID : $client_id" -warn "Client Secret : $client_secret\n" -info "Keep id and secret, you will need them to configure Mattermost" -warn "Beware Client Secret IS PRIVATE and MUST BE KEPT SECRET" -else error "Client has not been created ! Check log below" +# Verification +if psql -U $db_user -d $db_name -c "SELECT * FROM oauth_clients WHERE client_id='$client_id';" | grep -q "$client_id"; then + ok "Client has been created! OAuth Database is configured." + info "Client ID : $client_id" + warn "Client Secret : $client_secret" + info "Keep ID and Secret safe, you will need them to configure Mattermost" +else + error "Client was not created! Please check logs." fi diff --git a/两行sql.txt b/两行sql.txt new file mode 100644 index 0000000..c9cb077 --- /dev/null +++ b/两行sql.txt @@ -0,0 +1,4 @@ +docker exec -it demo-database-1 psql -U postgres -d oauth_db -c "SELECT client_id, client_secret, redirect_uri FROM oauth_clients;" + + +docker exec -it demo-database-1 psql -U oauth -d oauth_db -c "UPDATE oauth_clients SET redirect_uri='http://localhost/signup/gitlab/complete' WHERE client_id='123456789';" \ No newline at end of file