CommunEu
/
Passbolt
3
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

install task already checks for tables, removing tables check added 

testcase for non env vars usage. Fixes #97
This commit is contained in:
Diego Lendoiro 2019-03-06 13:19:57 +01:00
parent 7508a3e447
commit eea638b1ae
4 changed files with 272 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
bin/docker-entrypoint.sh
View File

@ -70,29 +70,18 @@ gen_ssl_cert() {
}
install() {
tables=$(mysql \
-u "${DATASOURCES_DEFAULT_USERNAME:-passbolt}" \
-h "${DATASOURCES_DEFAULT_HOST:-localhost}" \
-P "${DATASOURCES_DEFAULT_PORT:-3306}" \
-BN -e "SHOW TABLES FROM ${DATASOURCES_DEFAULT_DATABASE:-passbolt}" \
-p"${DATASOURCES_DEFAULT_PASSWORD:-P4ssb0lt}" |wc -l)
app_config="/var/www/passbolt/config/app.php"
local app_config="/var/www/passbolt/config/app.php"
if [ ! -f "$app_config" ]; then
su -c 'cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php' -s /bin/bash www-data
fi
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ]; then
if [ -z "${PASSBOLT_GPG_SERVER_KEY_FINGERPRINT+xxx}" ] && [ ! -f '/var/www/passbolt/config/passbolt.php' ]; then
gpg_auto_fingerprint="$(su -c "gpg --list-keys --with-colons ${PASSBOLT_KEY_EMAIL:-passbolt@yourdomain.com} |grep fpr |head -1| cut -f10 -d:" -ls /bin/bash www-data)"
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
fi
if [ "$tables" -eq 0 ]; then
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data
else
su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data
echo "Enjoy! ☮"
fi
su -c '/var/www/passbolt/bin/cake passbolt install --no-admin' -s /bin/bash www-data || su -c '/var/www/passbolt/bin/cake passbolt migrate' -s /bin/bash www-data && echo "Enjoy! ☮"
}
email_cron_job() {

126
spec/docker_runtime_no_envs/runtime_no_envs_spec.rb Normal file
View File

@ -0,0 +1,126 @@
require 'spec_helper'
describe 'passbolt_api service' do
before(:all) do
@mysql_image = Docker::Image.create('fromImage' => 'mariadb:latest')
@mysql = Docker::Container.create(
'Env' => [
'MYSQL_ROOT_PASSWORD=test',
'MYSQL_DATABASE=passbolt',
'MYSQL_USER=passbolt',
'MYSQL_PASSWORD=±!@#$%^&*()_+=-}{|:;<>?'
],
"Healthcheck" => {
"Test": [
"CMD-SHELL",
"mysqladmin ping --silent"
]
},
'Image' => @mysql_image.id)
@mysql.start
while @mysql.json['State']['Health']['Status'] != 'healthy'
sleep 1
end
@image = Docker::Image.build_from_dir(ROOT_DOCKERFILES)
@container = Docker::Container.create(
'Env' => [
"DATASOURCES_DEFAULT_HOST=#{@mysql.json['NetworkSettings']['IPAddress']}",
],
'Binds' => [ "#{FIXTURES_PATH + '/passbolt.php'}:/var/www/passbolt/config/passbolt.php" ],
'Image' => @image.id)
@container.start
@container.logs(stdout: true)
set :docker_container, @container.id
sleep 17
end
after(:all) do
@mysql.kill
@container.kill
end
let(:passbolt_host) { @container.json['NetworkSettings']['IPAddress'] }
let(:uri) { "/healthcheck/status.json" }
let(:curl) { "curl -sk -o /dev/null -w '%{http_code}' -H 'Host: passbolt.local' https://#{passbolt_host}/#{uri}" }
describe 'php service' do
it 'is running supervised' do
expect(service('php-fpm')).to be_running.under('supervisor')
end
it 'has its port open' do
expect(@container.json['Config']['ExposedPorts']).to have_key('9000/tcp')
end
end
describe 'email cron' do
it 'is running supervised' do
expect(service('cron')).to be_running.under('supervisor')
end
end
describe 'web service' do
it 'is running supervised' do
expect(service('nginx')).to be_running.under('supervisor')
end
it 'is listening on port 80' do
expect(@container.json['Config']['ExposedPorts']).to have_key('80/tcp')
end
it 'is listening on port 443' do
expect(@container.json['Config']['ExposedPorts']).to have_key('443/tcp')
end
end
describe 'passbolt status' do
it 'returns 200' do
expect(command(curl).stdout).to eq '200'
end
end
describe 'passbolt serverkey unaccessible' do
let(:uri) { '/config/gpg/serverkey.asc' }
it "returns 404" do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt serverkey private unaccessible' do
let(:uri) { '/config/gpg/serverkey_private.asc' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt conf unaccessible' do
let(:uri) { '/config/app.php' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'passbolt tmp folder is unaccessible' do
let(:uri) { '/tmp/cache/database/empty' }
it 'returns 404' do
expect(command(curl).stdout).to eq '404'
end
end
describe 'hide information' do
let(:curl) { "curl -Isk -H 'Host: passbolt.local' https://#{passbolt_host}/" }
it 'hides php version' do
expect(command("#{curl} | grep 'X-Powered-By: PHP'").stdout).to be_empty
end
it 'hides nginx version' do
expect(command("#{curl} | grep 'Server:'").stdout.strip).to match(/^Server:\s+nginx$/)
end
end
end

142
spec/fixtures/passbolt.php vendored Normal file
View File

@ -0,0 +1,142 @@
<?php
/**
* Passbolt ~ Open source password manager for teams
* Copyright (c) Passbolt SARL (https://www.passbolt.com)
*
* Licensed under GNU Affero General Public License version 3 of the or any later version.
* For full copyright and license information, please see the LICENSE.txt
* Redistributions of files must retain the above copyright notice.
*
* @copyright Copyright (c) Passbolt SARL (https://www.passbolt.com)
* @license https://opensource.org/licenses/AGPL-3.0 AGPL License
* @link https://www.passbolt.com Passbolt(tm)
* @since 2.0.0
*/
/**
* PASSBOLT CONFIGURATION FILE TEMPLATE
*
* By default passbolt try to use the environment variables or fallback on the default values as
* defined in default.php. You can use passbolt.default.php as a basis to set your own configuration
* without using environment variables.
*
* 1. copy/paste passbolt.default.php to passbolt.php
* 2. set the variables in the App section
* 3. set the variables in the passbolt section
*
* To see all available options, you can refer to the default.php file, and modify passsbolt.php accordingly.
* Do not modify default.php or you may break your upgrade process.
*
* Read more about how to install passbolt: https://www.passbolt.com/help/tech/install
* Any issue, check out our FAQ: https://www.passbolt.com/faq
* An installation issue? Ask for help to the community: https://community.passbolt.com/
*/
return [
/**
* DEFAULT APP CONFIGURATION
*
* All the information in this section must be provided in order for passbolt to work
* This configuration overrides the CakePHP defaults locating in app.php
* Do not edit app.php as it may break your upgrade process
*/
'App' => [
// A base URL to use for absolute links.
// The url where the passbolt instance will be reachable to your end users.
// This information is need to render images in emails for example
'fullBaseUrl' => 'https://passbolt.local',
],
// Database configuration.
'Datasources' => [
'default' => [
//'host' => 'db',
//'port' => 'non_standard_port_number',
'username' => 'passbolt',
'password' => '±!@#$%^&*()_+=-}{|:;<>?',
'database' => 'passbolt',
],
],
// Email configuration.
'EmailTransport' => [
'default' => [
'host' => 'localhost',
'port' => 25,
'username' => 'user',
'password' => 'secret',
// Is this a secure connection? true if yes, null if no.
'tls' => null,
//'timeout' => 30,
//'client' => null,
//'url' => null,
],
],
'Email' => [
'default' => [
// Defines the default name and email of the sender of the emails.
'from' => ['passbolt@your_organization.com' => 'Passbolt'],
//'charset' => 'utf-8',
//'headerCharset' => 'utf-8',
],
],
/**
* DEFAULT PASSBOLT CONFIGURATION
*
* This is the default configuration.
* It enforces the use of ssl, and does not provide a default OpenPGP key.
* If your objective is to try passbolt quickly for evaluation purpose, and security is not important
* you can use the demo config example provided in the next section below.
*/
'passbolt' => [
// GPG Configuration.
// The keyring must to be owned and accessible by the webserver user.
// Example: www-data user on Debian
'gpg' => [
// Tell GPG where to find the keyring.
// If putenv is set to false, gnupg will use the default path ~/.gnupg.
// For example :
// - Apache on Centos it would be in '/usr/share/httpd/.gnupg'
// - Apache on Debian it would be in '/var/www/.gnupg'
// - Nginx on Centos it would be in '/var/lib/nginx/.gnupg'
// - etc.
'keyring' => '/home/www-data/.gnupg',
//
// Replace GNUPGHOME with above value even if it is set.
//'putenv' => false,
// Main server key.
'serverKey' => [
// Server private key fingerprint.
'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67E',
'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key',
'private' => CONFIG . DS . 'gpg' . DS . 'unsecure_private.key',
],
],
],
/**
* DEMO CONFIGURATION EXAMPLE
*
* Uncomment the lines below if you want to try passbolt quickly.
* and if you are not concerned about the security of your installation.
* (Don't forget to comment the default config above).
*/
// 'debug' => true,
// 'passbolt' => [
// 'registration' => [
// 'public' => true
// ],
// 'ssl' => [
// 'force' => false,
// ],
// 'gpg' => [
// 'serverKey' => [
// 'fingerprint' => '2FC8945833C51946E937F9FED47B0811573EE67E',
// 'public' => CONFIG . DS . 'gpg' . DS . 'unsecure.key',
// 'private' => CONFIG . DS . 'gpg' . DS . 'unsecure_private.key',
// ],
// ],
// ]
];

1
spec/spec_helper.rb
View File

@ -2,6 +2,7 @@ require 'serverspec'
require 'docker'
ROOT_DOCKERFILES = File.expand_path('../../', __FILE__)
FIXTURES_PATH = File::expand_path("fixtures", File::dirname(__FILE__))
set :backend, :docker
Docker.options[:read_timeout] = 3600