Implement optional sso

CloudronManifest.json

@@ -26,5 +26,6 @@
     "https://wordpress.org/about/shots/1.5/front-3.png"
   ],
   "changelog": "file://CHANGELOG",
-  "postInstallMessage": "file://POSTINSTALL.md"
+  "postInstallMessage": "file://POSTINSTALL.md",
+  "optionalSso": true
 }

POSTINSTALL.md

@@ -1,7 +1,9 @@
-This app integrates with Cloudron SSO. It allows any logged in Cloudron user 
-to access the WordPress dashboard. Cloudron administrators are automatically 
-made WordPress administrators. Non-administrators get the `editor` role by
-default.
+This app integrates optionally with Cloudron SSO.
+
+When using Cloudron SSO, Cloudron adminstrators are automatically made WordPress
+administrators. Non-administrators get the `editor` role by default.
+
+When _not_ using Cloudron SSO, the `admin` password is `changeme`.
 
 You can access the dashboard directly at `/wp-admin/` (trailing slash is
 important!).

start.sh

@@ -28,8 +28,14 @@ if [[ ! -f "/app/data/.dbsetup" ]]; then
     mkdir -p /app/data/wp-content/mu-plugins
     cp -r /app/code/wp-content-vanilla/* /app/data/wp-content/
 
-    readonly admin_password=$(pwgen -1y 16)
-    readonly admin_email=${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
+    if [[ -n "${LDAP_SERVER:-}" ]]; then
+        admin_password=$(pwgen -1y 16)
+        admin_email=${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
+    else
+        admin_password="changeme"
+        admin_email=${MAIL_SMTP_USERNAME}@${MAIL_DOMAIN}
+    fi
+
     echo "Admin password is ${admin_password} and email is ${admin_email}"
 
     # --skip-email is part of 0.23.0 https://github.com/wp-cli/wp-cli/pull/2345 and https://github.com/wp-cli/wp-cli/issues/1164
@@ -89,33 +95,36 @@ $WP option update smtp_auth true
 $WP option update smtp_user ${MAIL_SMTP_USERNAME}
 $WP option update smtp_pass "${MAIL_SMTP_PASSWORD}"
 
-# configure LDAP
-# https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644
-echo "Configuring LDAP"
-ldapConfig=$(cat <<EOF
-{
-    "Enabled"       : true,
-    "CachePW"       : false,
-    "URI"           : "ldap://${LDAP_SERVER}:${LDAP_PORT}/${LDAP_USERS_BASE_DN}",
-    "Filter"        : "(|(mail=%1\$s)(username=%1\$s))",
-    "NameAttr"      : "givenName",
-    "SecName"       : "sn",
-    "UidAttr"       : "username",
-    "MailAttr"      : "mail",
-    "WebAttr"       : "",
-    "Groups"        : { "administrator" : "cn=admins,${LDAP_GROUPS_BASE_DN}" },
-    "GroupSeparator": ";",
-    "Debug"         : false,
-    "GroupAttr"     : "memberof",
-    "GroupFilter"   : "(|(mail=%1\$s)(username=%1\$s))",
-    "DefaultRole"   : "editor",
-    "GroupEnable"   : true,
-    "GroupOverUser" : true,
-    "Version"       : 1
-}
+if [[ -n "${LDAP_SERVER:-}" ]]; then
+    # configure LDAP
+    # https://github.com/heiglandreas/authLdap/blob/master/authLdap.php#L644
+
+    echo "Configuring LDAP"
+    ldapConfig=$(cat <<EOF
+    {
+        "Enabled"       : true,
+        "CachePW"       : false,
+        "URI"           : "ldap://${LDAP_SERVER}:${LDAP_PORT}/${LDAP_USERS_BASE_DN}",
+        "Filter"        : "(|(mail=%1\$s)(username=%1\$s))",
+        "NameAttr"      : "givenName",
+        "SecName"       : "sn",
+        "UidAttr"       : "username",
+        "MailAttr"      : "mail",
+        "WebAttr"       : "",
+        "Groups"        : { "administrator" : "cn=admins,${LDAP_GROUPS_BASE_DN}" },
+        "GroupSeparator": ";",
+        "Debug"         : false,
+        "GroupAttr"     : "memberof",
+        "GroupFilter"   : "(|(mail=%1\$s)(username=%1\$s))",
+        "DefaultRole"   : "editor",
+        "GroupEnable"   : true,
+        "GroupOverUser" : true,
+        "Version"       : 1
+    }
 EOF
 )
-$WP --format=json option update authLDAPOptions "${ldapConfig}"
+    $WP --format=json option update authLDAPOptions "${ldapConfig}"
+fi
 
 chown -R www-data:www-data /app/data /run/wordpress