[00:29:34]
<Yunohost Git/Infra notifications> App cusdis stays at level 1 in job [#31519](https://ci-apps.yunohost.org/ci/job/31519)
[06:26:41]
<Yunohost Git/Infra notifications> App silverbullet rises from level 6 to 7 in job [#31587](https://ci-apps.yunohost.org/ci/job/31587) !
[07:22:36]
<Yunohost Git/Infra notifications> App lionwiki-t2t stays at level 2 in job [#31590](https://ci-apps.yunohost.org/ci/job/31590)
[08:05:43]
<Yunohost Git/Infra notifications> App pmwiki failed all tests in job [#31595](https://ci-apps.yunohost.org/ci/job/31595) :(
[10:27:55]
<thatoo> How can I get the bcrypt hash of a user to add it to zabbix mysql database?
The admin user chosen thanks to
```
[install.admin]
type = "user"
```
in manifest.toml
[10:41:34]
<thatoo> would do?
[10:41:53]
<thatoo> `` hash_password=$(echo -n $password | php -r 'echo(password_hash(file_get_contents("php://stdin"), PASSWORD_BCRYPT)."n");') ``
[10:42:20]
<orhtej2> > <@thatoo:defis.info> `` password=$(ynh_user_get_info --username="toto" --key=password) ``
> is possible? Then is there a common practice to get bcrypt hash in ynh?
https://github.com/search?q=org%3AYunoHost-Apps%20bcrypt&type=code common way seems to be python, [teh internetz recommend htpasswd](https://unix.stackexchange.com/questions/307994/compute-bcrypt-hash-from-command-line)
[10:42:53]
<orhtej2> > <@thatoo:defis.info> `` hash_password=$(echo -n $password | php -r 'echo(password_hash(file_get_contents("php://stdin"), PASSWORD_BCRYPT)."n");') ``
assuming it does what you think - yes ;)
[10:43:09]
<orhtej2> just double check it doesn't take any garbage separators into hash
[10:47:53]
<thatoo> There is something I don't get in current zabbix package. Why it injected "zabbix" hash password into database instead of the real user password...?
In here, https://github.com/Thatoo/zabbix_ynh/blob/2791ab29129baca48685277ce82ef763058b10cf/scripts/install#L37
`` 5fce1b3e34b520afeffb37ce08c7cd66 `` is the MD5 hash of the word zabbix.
Now zabbix use bcrypt instead of MD5 that's ok so I can replace to `` $2y$10$92nDno4n0Zm7Ej7Jfsz8WukBfgSS/U0QkIuu8WkJPihXBb2A1UrEK `` which is the bcrypt hash for the word zabbix but why would we want the user to login with the password "zabbix" instead of its own password.
I guess there is something I didnt understand in this zabbix package which is very complex.
[10:50:03]
<orhtej2> > <@thatoo:defis.info> There is something I don't get in current zabbix package. Why it injected "zabbix" hash password into database instead of the real user password...?
> In here, https://github.com/Thatoo/zabbix_ynh/blob/2791ab29129baca48685277ce82ef763058b10cf/scripts/install#L37
> `` 5fce1b3e34b520afeffb37ce08c7cd66 `` is the MD5 hash of the word zabbix.
> Now zabbix use bcrypt instead of MD5 that's ok so I can replace to `` $2y$10$92nDno4n0Zm7Ej7Jfsz8WukBfgSS/U0QkIuu8WkJPihXBb2A1UrEK `` which is the bcrypt hash for the word zabbix but why would we want the user to login with the password "zabbix" instead of its own password.
> I guess there is something I didnt understand in this zabbix package which is very complex.
see thing is now you have to set up hooks so that if the user changes the password hash is updated
[10:51:41]
<orhtej2> Zabbix seems to support LDAP: https://www.zabbix.com/documentation/current/en/manual/web_interface/frontend_sections/users/authentication/ldap so perhaps that's a better way to go?
[10:54:27]
<thatoo> most probably but I don't know how to setup ldap using curl POST
[10:58:10]
<thatoo> so I would just set the admin user chosen at install for now. This user would then setup ldap filling the fieds in the appropriate url "/zabbix/zabbix.php?action=authentication.edit"
[11:41:07]
<Yunohost Git/Infra notifications> Job [#31606](https://ci-apps.yunohost.org/ci/job/31606) for paheko failed miserably :(
[12:00:39]
<orhtej2> > <@yunohostinfra:matrix.org> Job [#31606](https://ci-apps.yunohost.org/ci/job/31606) for paheko failed miserably :(
restarted
[12:42:40]
<miro5001> In
[resources.system_user]
allow_email = true
Can I define the email address or it must be app@domain?
[12:51:39]
<tituspijean> Yes it's customizable: https://yunohost.org/en/packaging_apps_resources#properties-4
[12:52:13]
<tituspijean> though I see no app actually using it. Here be dragons, feel free to report any issue you may encounter.
[12:52:19]
<tituspijean> I see Ghost, but it's conveniently commented out: https://github.com/search?q=org%3AYunoHost-Apps+mail_user+path%3Amanifest.toml&type=code 😶🌫️
[12:52:51]
<miro5001> > <@titus:pijean.ovh> Yes it's customizable: https://yunohost.org/en/packaging_apps_resources#properties-4
If I understand correctly
You can also tweak the user-part of the domain-part of the email used by manually defining a custom setting mail_user or mail_domain
I can add a mail_user in the manifest so the user can define what the email would be
[12:55:24]
<miro5001> [install.email]
ask.en = "Choose an email @yourdomain"
type = "email"
[12:56:37]
<miro5001> [install.email]
ask.en = "Choose an email @yourdomain"
type = "email"
default = "noreply"
[14:41:03]
<thatoo> `` password=$(ynh_user_get_info --username="$admin" --key=password) ``
is possible? Then is there a common practice to get bcrypt hash in ynh?
[14:49:11]
<thatoo> I guess it doesn't retrieve any password. There isn't any --key=password available.
[18:11:22]
<tituspijean> > <@miro5001:matrix.org> If I understand correctly
> You can also tweak the user-part of the domain-part of the email used by manually defining a custom setting mail_user or mail_domain
> I can add a mail_user in the manifest so the user can define what the email would be
I don't think that's possible, you can tweak it as a packager (though don't put unregistered domain names), but not let the users choose it.
[18:12:03]
<tituspijean> Not possible indeed, the passwords a hashed and salted, they are not stored in plain text
[18:12:32]
<tituspijean> Not possible indeed, the passwords a hashed and salted, they are not stored in plain text so you cannot retrieve them through the scripts (not a bug, but a feature 😅 )
[19:08:24]
<Yunohost Git/Infra notifications> Job [#31609](https://ci-apps.yunohost.org/ci/job/31609) for docsify failed miserably :(
[19:09:05]
<Yunohost Git/Infra notifications> Job [#31611](https://ci-apps.yunohost.org/ci/job/31611) for peer-calls failed miserably :(
[19:15:27]
<Yunohost Git/Infra notifications> Job [#31612](https://ci-apps.yunohost.org/ci/job/31612) for docsify failed miserably :(
[20:10:58]
<Yunohost Git/Infra notifications> App immich goes down from level 6 to 1 in job [#31610](https://ci-apps.yunohost.org/ci/job/31610)
[20:34:45]
<thatoo> So, until someone manage to make LDAP working, we could have
```
```
```
```
```
[install.admin]
type = "user"
[install.password]
type = "password"
```
in manifest.toml
```
```
and
```
```
```
hash_password=$(echo -n $YNH_APP_ARG_PASSWORD | php -r 'echo(password_hash(file_get_contents("php://stdin"), PASSWORD_BCRYPT)."n");')
$mysqlconn -e "INSERT INTO `users` (`userid`,`username`, `name`, `surname`, `passwd`, `url`, `autologin`, `autologout`, `lang`, `refresh`, `theme`, `attempt_failed`, `attempt_ip`, `attempt_clock`, `rows_per_page`, `timezone`, `roleid`) VALUES (3,'$admin', '$admin', '$admin', '$hash_password', '', 0, '0', '$language', '30s', 'default', 0, '', 0, 50, 'default', 3);"
$mysqlconn -e "INSERT INTO `users_groups` (`id`, `usrgrpid`, `userid`) VALUES (7, 7, 3);"
```
in install script
[20:40:52]
<Salamandar> > <@thatoo:defis.info> How can I get the bcrypt hash of a user to add it to zabbix mysql database?
> The admin user chosen thanks to
> ```
> [install.admin]
> type = "user"
> ```
>
> in manifest.toml
Not sure there even IS a password for the users of the apps
[20:45:00]
<thatoo> but maybe it is possible to improve the HTTP auth setting in the install script., then yes, in this case no password would be required.
[20:47:19]
<thatoo> well I don't know how it was in version 5 but with the version 7, the HTTP auth works only if zabbix is installed on the same domain name than yunohost :
```
yunohost on mydomain.tld
zabbix on mydomain.tld/zabbix
```
if I install zabbix 7.0 on a subdomain like `` zabbix.domain.tld `` then HTTP auth doesn't work and thus I need a password.
[21:21:50]
<thatoo> well I don't know how it was in version 5 but when I tried the version 7 the HTTP auth works only if zabbix is installed on the same domain name than yunohost :
```
yunohost on mydomain.tld
zabbix on mydomain.tld/zabbix
```
if I install zabbix 7.0 on a subdomain like `` zabbix.domain.tld `` then HTTP auth doesn't work and thus I need a password.
[21:22:31]
<thatoo> Too be sure, I'll try a second time to install [zabbix 7](<https://github.com/Thatoo/zabbix_ynh/tree/testing>) on a subdomain