Update package version to 1.16.0

| datasource      | package         | from | to  |
| --------------- | --------------- | ---- | --- |
| github-releases | traccar/traccar | 6.5  | 6.6 |

CHANGELOG.md

@@ -69,3 +69,95 @@
 [1.6.0]
 * Update base image to 4.2.0
 
+[1.7.0]
+* Update traccar to 5.10
+* [Full changelog](https://github.com/traccar/traccar/releases/tag/v5.10)
+* [Release Announcement](https://www.traccar.org/blog/traccar-5-10/)
+* Two-factor authentication using TOTP
+* Event to notify about sent queued commands
+* Option to access last position in computed attributes
+* Unification of OBD speed units
+* Event buffer limit in the web app (should improve performance)
+* Automatic update check for the web app
+
+[1.7.1]
+* Update traccar to 5.11
+* [Full changelog](https://github.com/traccar/traccar/releases/tag/v5.11)
+* Update web submodule
+
+[1.7.2]
+* Update traccar to 5.12
+* [Full changelog](https://www.traccar.org/blog/traccar-5-12/)
+
+[1.7.3]
+* Only create admin account on fresh installation
+
+[1.8.0]
+* Update traccar to 6.0
+* [Full changelog](https://www.traccar.org/blog/traccar-6-0/)
+
+[1.9.0]
+* Update traccar to 6.1
+* [Full changelog](https://www.traccar.org/blog/traccar-6-1/)
+
+[1.10.0]
+* Update traccar to 6.2
+* [Full changelog](https://www.traccar.org/blog/traccar-6-2/)
+* Computed attributes can now be ordered using priority
+* Support token authentication for WebSocket
+* Allow regular users to edit hours and total distance
+* Support for right-to-left languages on map
+* Terms and privacy policy option
+* Engine hours are now calculated after computed attributes
+* Default configuration file is now removed to avoid confusion and misconfiguration
+
+[1.11.0]
+* Migrate to OIDC login
+
+[1.11.1]
+* Fix bug where OIDC configuration was cleared in non-sso mode
+
+[1.12.0]
+* Update traccar to 6.3
+* [Full changelog](https://www.traccar.org/blog/traccar-6-3/)
+* Health check on the volume of stored messages
+* Fix push notifications for read-only users
+* Use official Google Map tiles with an API key
+* Add Google traffic overlay
+* New reverse geocoding options
+* Faster device removal without removing history
+* Avoid duplicated tasks with horizontal scaling
+* Add a users column to the device list
+* Clear attribute on null computation result
+
+[1.13.0]
+* Update traccar to 6.4
+* [Full changelog](https://www.traccar.org/blog/traccar-6-4/)
+* critical fix for device freezing issue
+
+[1.14.0]
+* Update traccar to 6.5
+* [Full changelog](https://www.traccar.org/blog/traccar-6-5/)
+* Handling processing errors to fix freezing devices
+* Option to use linked driver as the current driver
+* Support multiple alarms in a single position
+* Improve web app loading experience
+* Google Maps fallback option with no API key
+* Wialon position forwarding option
+* Fix map attribution control
+
+[1.15.0]
+* Update traccar to 6.6
+* [Full Changelog](https://www.traccar.org/blog/traccar-6-6/)
+* Managers can now send announcements
+* Fixes for multiline SMS notifications
+* Early and late computed attributes
+* Improvements to user session security
+* Support for custom navigation links
+* Enhanced speed color scheme
+* Collapsible settings and reports drawer
+* Improved device card UI
+
+[1.16.0]
+* Update base image to 5.0.0
+

CloudronManifest.json

@@ -5,9 +5,9 @@
   "description": "file://DESCRIPTION.md",
   "changelog": "file://CHANGELOG.md",
   "tagline": "Modern GPS Tracking Platform",
-  "version": "1.6.0",
-  "upstreamVersion": "5.9",
-  "minBoxVersion": "7.1.0",
+  "version": "1.16.0",
+  "upstreamVersion": "6.6",
+  "minBoxVersion": "8.1.0",
   "memoryLimit": 1073741824,
   "healthCheckPath": "/",
   "httpPort": 8082,
@@ -20,12 +20,21 @@
     }
   },
   "addons": {
-    "ldap": {},
-    "sendmail": { "supportsDisplayName": false },
+    "sendmail": {
+      "supportsDisplayName": false
+    },
     "localstorage": {},
-    "mysql": {}
+    "mysql": {},
+    "oidc": {
+      "loginRedirectUri": "/api/session/openid/callback"
+    }
   },
   "optionalSso": true,
+  "checklist": {
+    "change-default-password": {
+      "message": "Change the admin email and password credentials"
+    }
+  },
   "manifestVersion": 2,
   "tcpPorts": {
     "OSMAND_PORT": {
@@ -70,7 +79,10 @@
   "contactEmail": "support@cloudron.io",
   "icon": "file://logo.png",
   "tags": [
-    "gps", "tracking", "seek", "fleet"
+    "gps",
+    "tracking",
+    "seek",
+    "fleet"
   ],
   "mediaLinks": [
     "https://screenshots.cloudron.io/org.traccar.cloudronapp/web.png",
@@ -80,4 +92,3 @@
   "forumUrl": "https://forum.cloudron.io/category/146/traccar",
   "documentationUrl": "https://docs.cloudron.io/apps/traccar"
 }
-

Dockerfile

@@ -1,11 +1,12 @@
-FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
+FROM cloudron/base:5.0.0@sha256:04fd70dbd8ad6149c19de39e35718e024417c3e01dc9c6637eaf4a41ec4e596c
 
 RUN mkdir -p /app/code
 WORKDIR /app/code
 
-ARG VERSION=5.9
+# renovate: datasource=github-releases depName=traccar/traccar versioning=regex:^(?<major>\d+)\.(?<minor>\d+)\.?(?<patch>\d+)?$ extractVersion=^v(?<version>.+)$
+ARG TRACCAR_VERSION=6.6
 
-RUN wget https://github.com/traccar/traccar/releases/download/v${VERSION}/traccar-linux-64-${VERSION}.zip -O traccar.zip && \
+RUN wget https://github.com/traccar/traccar/releases/download/v${TRACCAR_VERSION}/traccar-linux-64-${TRACCAR_VERSION}.zip -O traccar.zip && \
     unzip traccar.zip && \
     ./traccar.run --target /app/code/ --noexec && \
     rm README.txt traccar.zip traccar.run

POSTINSTALL.md

@@ -3,4 +3,6 @@ This app is pre-setup with an admin account. The initial credentials are:
 **Username**: admin@cloudron.local<br/>
 **Password**: admin<br/>
 
-Please change the admin email and password credentials immediately.
+<sso>
+By default, Cloudron users have regular users permissions. Permissions can be updated on the user profile page in the admin back-end.
+</sso>

renovate.json5

@@ -0,0 +1,4 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>devops/renovator//default.renovate.json5"]
+}

start.sh

@@ -28,7 +28,7 @@ ensure_admin_account() {
     wait_for_table tc_users;
 
     echo "==> Ensure admin account"
-    count=`$mysql --skip-column-names -s -e "SELECT COUNT(*) FROM tc_users WHERE name='admin';"`
+    count=`$mysql --skip-column-names -s -e "SELECT COUNT(*) FROM tc_users;"`
     if [[ "$count" = "0" ]]; then
         echo "==> Create initial admin account"
         # Values are from https://github.com/traccar/traccar/blob/master/schema/changelog-3.3.xml#L179 which is not used anymore, but we still want the admin account
@@ -39,6 +39,7 @@ ensure_admin_account() {
 echo "=> Ensure traccar.xml config"
 if [[ ! -f /app/data/traccar.xml ]]; then
     cp /app/pkg/traccar.xml.template /app/data/traccar.xml
+    [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]] && sed -e 's/^.*openid\..*$//g' -i /app/data/traccar.xml # do this only first run
 fi
 
 echo "=> Ensure database settings"
@@ -52,20 +53,18 @@ xmlstarlet ed --inplace \
 # origin
 xmlstarlet ed --inplace --update '//properties/entry[@key="web.url"]' -v "${CLOUDRON_APP_ORIGIN}" /app/data/traccar.xml
 
-# ldap
-if [[ -n "${CLOUDRON_LDAP_URL:-}" ]]; then
-    echo "=> Ensure LDAP settings"
+# OIDC
+if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+    echo "=> Ensure OIDC settings"
+    # CLOUDRON_OIDC_PROVIDER_NAME is not supported
     xmlstarlet ed --inplace \
-        --update '//properties/entry[@key="ldap.enable"]' -v "true" \
-        --update '//properties/entry[@key="ldap.url"]' -v "${CLOUDRON_LDAP_URL}" \
-        --update '//properties/entry[@key="ldap.base"]' -v "${CLOUDRON_LDAP_USERS_BASE_DN}" \
-        --update '//properties/entry[@key="ldap.idAttribute"]' -v "username" \
-        --update '//properties/entry[@key="ldap.searchFilter"]' -v '(|(username=:login)(mail=:login))' \
-        --update '//properties/entry[@key="ldap.user"]' -v "${CLOUDRON_LDAP_BIND_DN}" \
-        --update '//properties/entry[@key="ldap.password"]' -v "${CLOUDRON_LDAP_BIND_PASSWORD}" \
+        --update '//properties/entry[@key="openid.clientId"]' -v "${CLOUDRON_OIDC_CLIENT_ID}" \
+        --update '//properties/entry[@key="openid.clientSecret"]' -v "${CLOUDRON_OIDC_CLIENT_SECRET}" \
+        --update '//properties/entry[@key="openid.issuerUrl"]' -v "${CLOUDRON_OIDC_ISSUER}" \
+        --update '//properties/entry[@key="openid.authUrl"]' -v "${CLOUDRON_OIDC_AUTH_ENDPOINT}" \
+        --update '//properties/entry[@key="openid.tokenUrl"]' -v "${CLOUDRON_OIDC_TOKEN_ENDPOINT}" \
+        --update '//properties/entry[@key="openid.userInfoUrl"]' -v "${CLOUDRON_OIDC_PROFILE_ENDPOINT}" \
         /app/data/traccar.xml
-else
-    xmlstarlet ed --inplace --update '//properties/entry[@key="ldap.enable"]' -v "false" /app/data/traccar.xml
 fi
 
 # email
@@ -80,8 +79,7 @@ xmlstarlet ed --inplace \
     --update '//properties/entry[@key="mail.smtp.password"]' -v "${CLOUDRON_MAIL_SMTP_PASSWORD}" \
     /app/data/traccar.xml
 
-disable_registration &
-ensure_admin_account &
+(disable_registration; ensure_admin_account) &
 
 chown -R cloudron /run/traccar /app/data
 

test/package.json

@@ -10,10 +10,10 @@
   "license": "ISC",
   "devDependencies": {
     "expect.js": "^0.3.1",
-    "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.14.0"
+    "mocha": "^11.0.1",
+    "selenium-webdriver": "^4.27.0"
   },
   "dependencies": {
-    "chromedriver": "^118.0.1"
+    "chromedriver": "^131.0.5"
   }
 }

test/test.js

@@ -1,52 +1,62 @@
 #!/usr/bin/env node
 
-/* jshint esversion: 8 */
-/* global describe */
-/* global before */
-/* global after */
-/* global it */
+/* global it, xit, describe, before, after, afterEach */
 
 'use strict';
 
 require('chromedriver');
 
-var execSync = require('child_process').execSync,
+const execSync = require('child_process').execSync,
     expect = require('expect.js'),
+    fs = require('fs'),
     path = require('path'),
     { Builder, By, Key, until } = require('selenium-webdriver'),
     { Options } = require('selenium-webdriver/chrome');
 
-if (!process.env.EMAIL || !process.env.PASSWORD) {
-    console.log('EMAIL and PASSWORD env vars need to be set');
+if (!process.env.USERNAME || !process.env.EMAIL || !process.env.PASSWORD) {
+    console.log('USERNAME, EMAIL and PASSWORD env vars need to be set');
     process.exit(1);
 }
 
 describe('Application life cycle test', function () {
     this.timeout(0);
 
-    const LOCATION = 'test';
-    const TEST_TIMEOUT = 10000;
+    const LOCATION = process.env.LOCATION || 'test';
+    const TEST_TIMEOUT = 20000;
     const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
     const DEVICE_NAME = 'FancyDevice';
     const DEVICE_IDENTIFIER = 'device1';
     const ADMIN_USERNAME = 'admin@cloudron.local';
     const ADMIN_PASSWORD = 'admin';
+    const USERNAME = process.env.USERNAME;
     const EMAIL = process.env.EMAIL;
     const PASSWORD = process.env.PASSWORD;
 
-    var browser, app;
+    let browser, app;
+    let athenticated_by_oidc = false;
 
     before(function () {
-        const options = new Options().windowSize({ width: 1280, height: 1024 });
-        if (process.env.HEADLESS) options.addArguments('headless');
-
-        browser = new Builder().forBrowser('chrome').setChromeOptions(options).build();
+        const chromeOptions = new Options().windowSize({ width: 1280, height: 1024 });
+        if (process.env.CI) chromeOptions.addArguments('no-sandbox', 'disable-dev-shm-usage', 'headless');
+        browser = new Builder().forBrowser('chrome').setChromeOptions(chromeOptions).build();
+        if (!fs.existsSync('./screenshots')) fs.mkdirSync('./screenshots');
     });
 
     after(function () {
         browser.quit();
     });
 
+    afterEach(async function () {
+        if (!process.env.CI || !app) return;
+
+        const currentUrl = await browser.getCurrentUrl();
+        if (!currentUrl.includes(app.domain)) return;
+        expect(this.currentTest.title).to.be.a('string');
+
+        const screenshotData = await browser.takeScreenshot();
+        fs.writeFileSync(`./screenshots/${new Date().getTime()}-${this.currentTest.title.replaceAll(' ', '_')}.png`, screenshotData, 'base64');
+    });
+
     async function waitForElement(elem) {
         await browser.wait(until.elementLocated(elem), TEST_TIMEOUT);
         await browser.wait(until.elementIsVisible(browser.findElement(elem)), TEST_TIMEOUT);
@@ -61,10 +71,31 @@ describe('Application life cycle test', function () {
     async function login(emailOrUsername, password) {
         await browser.get(`https://${app.fqdn}/login`);
         await waitForElement(By.xpath('//input[@name="email"]'));
-        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(Key.CONTROL + 'a');
+        await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(Key.CONTROL + 'a' + Key.BACK_SPACE + Key.COMMAND + 'a' + Key.BACK_SPACE);
         await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys(emailOrUsername);
         await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
         await browser.findElement(By.xpath('//button[text()="Login"]')).click();
+        await browser.sleep(3000);
+        await waitForElement(By.xpath('//span[text()="Account"]'));
+    }
+
+    async function loginOIDC(username, password, alreadyAuthenticated = true) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/login`);
+        await browser.sleep(2000);
+
+        await waitForElement(By.xpath('//button[contains(., "Login with OpenID")]'));
+        await browser.findElement(By.xpath('//button[contains(., "Login with OpenID")]')).click();
+        await browser.sleep(2000);
+
+        if (!alreadyAuthenticated) {
+            await waitForElement(By.id('inputUsername'));
+            await browser.findElement(By.id('inputUsername')).sendKeys(username);
+            await browser.findElement(By.id('inputPassword')).sendKeys(password);
+            await browser.findElement(By.id('loginSubmitButton')).click();
+        }
+
+        await browser.sleep(3000);
         await waitForElement(By.xpath('//span[text()="Account"]'));
     }
 
@@ -93,7 +124,8 @@ describe('Application life cycle test', function () {
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
-    it('install app', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
+    // no sso
+    it('install app (no sso)', function () { execSync(`cloudron install --no-sso --location ${LOCATION}`, EXEC_ARGS); });
 
     it('can get app information', getAppInfo);
     it('can login as admin', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
@@ -101,10 +133,22 @@ describe('Application life cycle test', function () {
     it('device exists', deviceExists);
     it('can logout', logout);
 
-    it('can login as normal user with email', login.bind(null, process.env.EMAIL, process.env.PASSWORD));
+    it('uninstall app', async function () {
+        // ensure we don't hit NXDOMAIN in the mean time
+        await browser.get('about:blank');
+        execSync(`cloudron uninstall --app ${app.id}`, EXEC_ARGS);
+    });
+
+    // sso
+    it('install app (sso)', function () { execSync(`cloudron install --location ${LOCATION}`, EXEC_ARGS); });
+
+    it('can get app information', getAppInfo);
+    it('can login as admin', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
+    it('can add device', addDevice);
+    it('device exists', deviceExists);
     it('can logout', logout);
 
-    it('can login as normal user with username', login.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD, false));
     it('can logout', logout);
 
     it('can restart app', function () { execSync(`cloudron restart --app ${app.id}`); });
@@ -126,6 +170,9 @@ describe('Application life cycle test', function () {
     it('device exists', deviceExists);
     it('can logout', logout);
 
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    it('can logout', logout);
+
     it('move to different location', async function () {
         // ensure we don't hit NXDOMAIN in the mean time
         await browser.get('about:blank');
@@ -137,6 +184,9 @@ describe('Application life cycle test', function () {
     it('device exists', deviceExists);
     it('can logout', logout);
 
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    it('can logout', logout);
+
     it('uninstall app', async function () {
         // ensure we don't hit NXDOMAIN in the mean time
         await browser.get('about:blank');
@@ -144,20 +194,25 @@ describe('Application life cycle test', function () {
     });
 
     // test update
-    it('can install app', function () { execSync(`cloudron install --appstore-id org.traccar.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
+    it('can install app for update', function () { execSync(`cloudron install --appstore-id org.traccar.cloudronapp --location ${LOCATION}`, EXEC_ARGS); });
+
     it('can get app information', getAppInfo);
     it('can login', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
     it('can add device', addDevice);
     it('device exists', deviceExists);
     it('can logout', logout);
 
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    it('can logout', logout);
+
     it('can update', function () { execSync(`cloudron update --app ${app.id}`, EXEC_ARGS); });
 
     it('can login', login.bind(null, ADMIN_USERNAME, ADMIN_PASSWORD));
     it('device exists', deviceExists);
     it('can logout', logout);
 
-    it('can login as normal user with username', login.bind(null, process.env.USERNAME, process.env.PASSWORD));
+    // OIDC login
+    it('can login as normal user via OIDC', loginOIDC.bind(null, process.env.USERNAME, process.env.PASSWORD));
     it('can logout', logout);
 
     it('uninstall app', async function () {

traccar.xml.template

@@ -25,13 +25,12 @@
 
     <entry key='web.url'>##CLOUDRON_APP_ORIGIN##</entry>
 
-    <entry key='ldap.enable'>true</entry>
-    <entry key='ldap.url'>##CLOUDRON_LDAP_URL##</entry>
-    <entry key='ldap.base'>##CLOUDRON_LDAP_USERS_BASE_DN##</entry>
-    <entry key='ldap.idAttribute'>username</entry>
-    <entry key='ldap.searchFilter'>username=:login</entry>
-    <entry key='ldap.user'>##CLOUDRON_LDAP_BIND_DN##</entry>
-    <entry key='ldap.password'>##CLOUDRON_LDAP_BIND_PASSWORD##</entry>
+    <entry key='openid.clientId'>##CLOUDRON_OIDC_CLIENT_ID##</entry>
+    <entry key='openid.clientSecret'>##CLOUDRON_OIDC_CLIENT_SECRET##</entry>
+    <entry key='openid.issuerUrl'>##CLOUDRON_OIDC_ISSUER##</entry>
+    <entry key='openid.authUrl'>##CLOUDRON_OIDC_AUTH_ENDPOINT##</entry>
+    <entry key='openid.tokenUrl'>##CLOUDRON_OIDC_TOKEN_ENDPOINT##</entry>
+    <entry key='openid.userInfoUrl'>##CLOUDRON_OIDC_PROFILE_ENDPOINT##</entry>
 
     <entry key='mail.smtp.host'>smtp.gmail.com</entry>
     <entry key='mail.smtp.port'>587</entry>