Friday, February 07, 2025
dev@conference.yunohost.org
February
Mon Tue Wed Thu Fri Sat Sun
          1
 2
3
 4
 5
 6
 7
 8
 9
10
 11
 12
 13
 14
 15
 16
17
 18
 19
 20
 21
 22
 23
24
 25
 26
 27
 28
    
             

[16:15:26] <nicofrand> Hi! I'll try to debug an issue I have with the redirection not working after logging in, since yunohost 12 (the app is on a subdomain, the SSO on the root domain). Should I check ssowat or the yunohost-portal? And are there some things to switch somewhere to enable debug logs or something? Thanks
[16:30:23] <Aleks (he/him/il/lui)> zmerlp i think we did look into it a few weeks ago it was pretty mysterious
[16:30:25] <Aleks (he/him/il/lui)> like a different behavior depending if you arrive on the page via a classic "click" or "open in a new tab"
[19:03:48] <Yunohost Git/Infra notifications> [yunohost] z​amentur [commented](https://github.com/YunoHost/yunohost/pull/2041#discussion_r1947029031) on pull request #2041 [enh] Allow to login with a mail: Dont know how this API should be isolated or not from the other part of the code that was written with hypothesis that ...
[19:25:10] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2041#discussion_r1947065175) on pull request #2041 [enh] Allow to login with a mail: Nah its fine, the portal API runs as non-root and our LDAP ACL are decent _get_ldap_interface() will only open an an...
[20:24:07] <ljf> probably the cookie samesite=strict https://i.sstatic.net/WfQ68.jpg
[20:24:18] <ljf> A pr exists https://github.com/YunoHost/yunohost/pull/2018/files
[20:25:18] <ljf> See the schema, i guess if you open in new tab, it's like you type yourself the address, but if you click, the cookie is not sent if you change of website in the adress bar...
[20:29:19] <ljf> For this reasons, the "display all apps in portal" option could not totally work. The tiles are displayed, but clicking on a protected app on an other domainB than the domainA of the portal, redirect you on the login page of portal of domainB cause cookie is not sent due to strict policy.
[20:30:35] <ljf> And if you tweak your configuration to define domainA as the portal (redirection) for domainB app, you have a kind of loops, in which you won't be able to access domainB apps...
[20:31:37] <ljf> SO this could be a bad advice if the apps on domainB are protected:
```
{
"domain_portal_urls": {
"domainB.tld": "domainA.tld/yunohost/sso",
}}
```
[20:33:11] <ljf> I have helped my customer to understand this, and we decided as a workaround to make redirection like this:
```
{
"domain_portal_urls": {
"domainA.tld": "portal.domainA.tld/yunohost/sso",
"default": "/yunohost/admin",
"portal.domainA.tld": "portal.domainA.tld/yunohost/sso",
"cloud.domainA.tld": "portal.domainA.tld/yunohost/sso",
"app2.domainA.tld": "portal.domainA.tld/yunohost/sso",
"app3.domainA.tld": "portal.domainA.tld/yunohost/sso",
"git.domainA.tld": "git.domainA.tld/yunohost/sso",
"vpn.domainA.tld": "vpn.domainA.tld/yunohost/sso",
}
}
```
[20:34:25] <ljf> git and vpn apps are protected, so we have an intermediate relogin on the specific portal git.domainA.tld and vpn.domainA.tld
[20:34:48] <ljf> i explain this in the pr and related issues.
[20:37:25] <ljf> i hope it's clear
[20:41:04] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed 1 commit to move-perm-data-out-of-ldap: app/permissions: implement ability to custom app tile logo, description, order, hide from public app list view ([40dfb009](https://github.com/YunoHost/yunohost/commit/40dfb0092bfe28ecf9e586f581318fc99917c9c2))
[23:14:18] <Yunohost Git/Infra notifications> [yunohost] z​amentur [commented](https://github.com/YunoHost/yunohost/pull/1917#issuecomment-2644299445) on [issue #1917](https://github.com/YunoHost/yunohost/pull/1917) WIP: app/permissions: Move permissions data out of LDAP: Currently, /etc/ssowat/conf.json and /etc/yunohost/portal/DOMAIN.json contain structure like this: "APP.main": {...