[00:21:55]
<Yunohost Git/Infra notifications> App openproject failed all tests in job [#14013](https://ci-apps.yunohost.org/ci/job/14013) :(
[01:47:39]
<Yunohost Git/Infra notifications> App samba failed all tests in job [#14015](https://ci-apps.yunohost.org/ci/job/14015) :(
[03:46:21]
<Yunohost Git/Infra notifications> App whitebophir failed all tests in job [#14019](https://ci-apps.yunohost.org/ci/job/14019) :(
[05:25:44]
<Yunohost Git/Infra notifications> App grafana failed all tests in job [#14022](https://ci-apps.yunohost.org/ci/job/14022) :(
[05:41:31]
<Yunohost Git/Infra notifications> App cowyo failed all tests in job [#14023](https://ci-apps.yunohost.org/ci/job/14023) :(
[10:55:30]
<Yunohost Git/Infra notifications> Job [#14026](https://ci-apps.yunohost.org/ci/job/14026) for discourse failed miserably :(
[11:18:04]
<Yunohost Git/Infra notifications> App encryptor-decryptor failed all tests in job [#14027](https://ci-apps.yunohost.org/ci/job/14027) :(
[11:44:18]
<Aleks (he/him/il/lui)> 🤔
[11:46:23]
<Aleks (he/him/il/lui)> https://aria.im/_matrix/media/v1/download/matrix.org/ozmcyNLlQStzTEQcttldBHdM
[12:25:16]
<Yunohost Git/Infra notifications> App galette failed all tests in job [#14028](https://ci-apps.yunohost.org/ci/job/14028) :(
[12:50:04]
<Yunohost Git/Infra notifications> App grr failed all tests in job [#14029](https://ci-apps.yunohost.org/ci/job/14029) :(
[13:08:12]
<Yunohost Git/Infra notifications> App hat failed all tests in job [#14030](https://ci-apps.yunohost.org/ci/job/14030) :(
[13:46:37]
<Yunohost Git/Infra notifications> App noalyss failed all tests in job [#14031](https://ci-apps.yunohost.org/ci/job/14031) :(
[14:00:18]
<Yunohost Git/Infra notifications> App phpinfo failed all tests in job [#14032](https://ci-apps.yunohost.org/ci/job/14032) :(
[14:19:54]
<Yunohost Git/Infra notifications> App rspamdui stays at level 1 in job [#14033](https://ci-apps.yunohost.org/ci/job/14033)
[15:34:59]
<john> afternoon, i'm thinking of writing an "invite a friend" app that'll use yunohost's API to add a new user with an admin-configured group (xmpp in my case), is there a plan for this already so i can align what i do with what's already been discussed? the idea is to use a magic link
[16:16:08]
<Yunohost Git/Infra notifications> Job [#14038](https://ci-apps.yunohost.org/ci/job/14038) for wireguard failed miserably :(
[16:57:30]
<Aleks (he/him/il/lui)> john: hmmmm yeah there's already a plan but that involves major refactoring of SSO and moulinette etc soooo x_x
[16:57:46]
<Aleks (he/him/il/lui)> and yunohost's API authentication layer
[18:46:56]
<Yunohost Git/Infra notifications> App grav goes down from level 8 to 3 in job [#14043](https://ci-apps.yunohost.org/ci/job/14043)
[19:01:06]
<john> Aleks: hmm, what's stopping me from using the API at the backend and providing the functionality for magic links outside core?
[19:03:25]
<Yunohost Git/Infra notifications> Job [#14044](https://ci-apps.yunohost.org/ci/job/14044) for abantecart failed miserably :(
[19:05:13]
<john> likewise signups in general, actually. I guess the discussion that went into the plan probably covers api integration vs extending core?
[19:28:19]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @tituspijean created new branch patch-1
[19:28:19]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @tituspijean pushed 4 commits to patch-1 ([8a31572c298d^...e0675cb26fdb](https://github.com/YunoHost-Apps/my_webapp_ynh/compare/8a31572c298d^...e0675cb26fdb))
[19:28:20]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @yunohost-bot pushed 1 commit to patch-1: Auto-update README ([2b8041c6](https://github.com/YunoHost-Apps/my_webapp_ynh/commit/2b8041c61f55056704411b2f1be1b983756308f8))
[19:28:23]
<Yunohost Git/Infra notifications> [my_webapp_ynh/patch-1] Update DESCRIPTION_fr.md - narF
[19:28:24]
<Yunohost Git/Infra notifications> [my_webapp_ynh/patch-1] Merge branch master - narF
[19:28:30]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @tituspijean deleted branch patch-1
[19:28:30]
<Yunohost Git/Infra notifications> [my_webapp_ynh/patch-1] Use ADMIN.md to provide admin information - tituspijean
[19:28:32]
<tituspijean> oops
[19:31:10]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @tituspijean [commented](https://github.com/YunoHost-Apps/my_webapp_ynh/pull/113#issuecomment-1455181950) on [issue #113](https://github.com/YunoHost-Apps/my_webapp_ynh/pull/113) Update DESCRIPTION.md with info on how to use SFTP: Lets use the new (v11.1) feature to display information in the webadmin.
[19:32:51]
<Aleks (he/him/il/lui)> > <john> likewise signups in general, actually. I guess the discussion that went into the plan probably covers api integration vs extending core?
In on my phone right now but it kind of depends on the specific ... Eg allowing any random person on the internet to create an account on your server is a recipe for disaster and anybody with basic scripting ability can severely damage your server
[19:34:06]
<Aleks (he/him/il/lui)> And also the current "admin" API runs as root and was not designed to cover injections etc because it was always assumed that it was the admin interacting with it, so not a malicious user by definition
[19:34:37]
<john> I was thinking more a trusted application with finite user-driven invites - just a flask thing with a table of invites, originating user/receiving user, status etc
[19:35:11]
<john> so the admin api wouldn't be exposed to any input from anything else at all
[19:35:27]
<john> eg, nothing from users, just being consumed by another service
[19:35:45]
<Aleks (he/him/il/lui)> In that case yes, but then you'll need some way for your app to effectively allow the user creation without running as root
[19:36:32]
<john> are we talking root as in a concept within moulinette or root as in a root process on the server? wouldn't hitting the http API be enough or is that 'root' for the purposes you're talking about?
[19:37:22]
<john> I was just thinking of using this call: https://yunohost.org/en/admin_api#/user/user_create
[19:38:20]
<Aleks (he/him/il/lui)> Im talking about the fact that the yunohost-api runs as root, and the fact that if you dont interact with the web API, you gotta be root to call yunohost commands
[19:38:45]
<john> ah - I was intending on interacting with the web api, I wouldn't want to shell out or anything of that nature
[19:38:57]
<Aleks (he/him/il/lui)> And to interact with the web API, you need admin credentials anyway
[19:39:25]
<Aleks (he/him/il/lui)> which, if they get stolen by a malicious user, effectively provide root access
[19:39:35]
<john> yeah
[19:39:58]
<john> I suppose it is a risk thing
[19:40:10]
<john> is there anything in the works around fine grained permissions?
[19:40:48]
<Aleks (he/him/il/lui)> To me the "right" thing to address this whole thing is running as non-root user, and then alllowing this user to run ONLY the specific yunohost user create command as sudo using a sudoer config file
[19:41:07]
<Aleks (he/him/il/lui)> That way this limits the attack surface
[19:41:13]
<john> ahh, that is a good idea
[19:41:49]
<john> OK, that changes my approach somewhat but it still seems doable
[19:42:35]
<Aleks (he/him/il/lui)> (But then you end up with a raw bash call, so be sure to be careful about injections etc, even when not running as root)
[19:43:31]
<john> aye, I'll be sanitising inputs pretty vigorously - I may look at the existing codebase and borrow what's already there for username and password validation etc
[19:45:15]
<john> thank you for this, I'll make a note of what you've said
[19:47:46]
<Aleks (he/him/il/lui)> 👍
[20:43:02]
<gredin67> > <john> afternoon, i'm thinking of writing an "invite a friend" app that'll use yunohost's API to add a new user with an admin-configured group (xmpp in my case), is there a plan for this already so i can align what i do with what's already been discussed? the idea is to use a magic link
That's a cool idea, could you do it for synapse too? :D
[21:04:41]
<Yunohost Git/Infra notifications> [my_webapp_ynh] @ericgaspar edited [pull request #113](https://github.com/YunoHost-Apps/my_webapp_ynh/pull/113): Update DESCRIPTION.md with info on how to use SFTP
[23:18:29]
<Yunohost Git/Infra notifications> App prowlarr goes down from level 8 to 6 in job [#14048](https://ci-apps.yunohost.org/ci/job/14048)