Upgrade to 1.39, switch from LDAP to OpenID Connect, update extensions
This commit is contained in:
parent
26bca5acf8
commit
e2519a7279
31
Dockerfile
31
Dockerfile
@ -1,21 +1,30 @@
|
|||||||
FROM mediawiki:1.37
|
FROM mediawiki:1.39
|
||||||
|
|
||||||
RUN apt-get update \
|
RUN apt-get update \
|
||||||
&& apt-get install -y libldap2-dev libpng-dev git zip \
|
&& apt-get install -y libpng-dev git zip \
|
||||||
&& rm -rf /var/lib/apt/lists/* \
|
&& rm -rf /var/lib/apt/lists/* \
|
||||||
&& docker-php-ext-install -j$(nproc) ldap gd
|
&& docker-php-ext-install -j$(nproc) gd calendar
|
||||||
|
|
||||||
COPY composer.local.json /var/www/html/
|
|
||||||
COPY --from=composer:2.1 /usr/bin/composer /usr/bin/composer
|
|
||||||
RUN cd /var/www/html/ && composer update --no-dev
|
|
||||||
|
|
||||||
# Needed for making branch name from MEDIAWIKI_MAJOR_VERSION
|
# Needed for making branch name from MEDIAWIKI_MAJOR_VERSION
|
||||||
SHELL ["/bin/bash", "-c"]
|
SHELL ["/bin/bash", "-c"]
|
||||||
|
|
||||||
|
# needs to be downloaded before composer is run
|
||||||
|
# https://www.mediawiki.org/wiki/Extension:OpenIDConnect
|
||||||
|
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
||||||
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
|
||||||
|
/var/www/html/extensions/OpenIDConnect
|
||||||
|
|
||||||
|
COPY composer.local.json /var/www/html/
|
||||||
|
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
|
||||||
|
RUN cd /var/www/html/ && composer update --no-dev
|
||||||
|
|
||||||
|
|
||||||
# from composer.local.json:
|
# from composer.local.json:
|
||||||
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
|
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPProvider
|
# https://www.mediawiki.org/wiki/Extension:LDAPProvider
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
|
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
|
||||||
|
# https://www.mediawiki.org/wiki/Extension:Semantic_Approved_Revs
|
||||||
|
# https://www.mediawiki.org/wiki/Extension:QRLite
|
||||||
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
|
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
|
||||||
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
||||||
@ -52,12 +61,8 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
|||||||
# https://www.mediawiki.org/wiki/Extension:External_Data
|
# https://www.mediawiki.org/wiki/Extension:External_Data
|
||||||
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
||||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \
|
https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \
|
||||||
/var/www/html/extensions/ExternalData
|
/var/www/html/extensions/ExternalData \
|
||||||
|
&& cd /var/www/html/extensions/ExternalData && composer install --no-dev
|
||||||
# https://www.mediawiki.org/wiki/Extension:QRLite
|
|
||||||
RUN git clone --depth 1 \
|
|
||||||
https://github.com/gesinn-it/QRLite \
|
|
||||||
/var/www/html/extensions/QRLite
|
|
||||||
|
|
||||||
# https://www.mediawiki.org/wiki/Extension:CSS
|
# https://www.mediawiki.org/wiki/Extension:CSS
|
||||||
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
|
||||||
|
@ -76,6 +76,7 @@ $wgDBmysql5 = false;
|
|||||||
|
|
||||||
## Shared memory settings
|
## Shared memory settings
|
||||||
$wgMainCacheType = CACHE_NONE;
|
$wgMainCacheType = CACHE_NONE;
|
||||||
|
$wgSessionCacheType = CACHE_DB;
|
||||||
$wgMemCachedServers = [];
|
$wgMemCachedServers = [];
|
||||||
|
|
||||||
## To enable image uploads, make sure the 'images' directory
|
## To enable image uploads, make sure the 'images' directory
|
||||||
@ -112,6 +113,10 @@ $wgSecretKey = $secrets['wgSecretKey'];
|
|||||||
# Changing this will log out all existing sessions.
|
# Changing this will log out all existing sessions.
|
||||||
$wgAuthenticationTokenVersion = "1";
|
$wgAuthenticationTokenVersion = "1";
|
||||||
|
|
||||||
|
$wgCookieSameSite = "None";
|
||||||
|
$wgForceHTTPS = true;
|
||||||
|
$wgCookieSecure = true;
|
||||||
|
|
||||||
# Site upgrade key. Must be set to a string (default provided) to turn on the
|
# Site upgrade key. Must be set to a string (default provided) to turn on the
|
||||||
# web installer while LocalSettings.php is in place
|
# web installer while LocalSettings.php is in place
|
||||||
$wgUpgradeKey = $secrets['wgUpgradeKey'];
|
$wgUpgradeKey = $secrets['wgUpgradeKey'];
|
||||||
@ -147,6 +152,7 @@ wfLoadSkin( 'Timeless' );
|
|||||||
|
|
||||||
# Semantic MediaWiki Extension
|
# Semantic MediaWiki Extension
|
||||||
wfLoadExtension( 'SemanticMediaWiki' );
|
wfLoadExtension( 'SemanticMediaWiki' );
|
||||||
|
wfLoadExtension( 'SemanticResultFormats' );
|
||||||
enableSemantics( 'claremontmakerspace.org' );
|
enableSemantics( 'claremontmakerspace.org' );
|
||||||
$smwgPDefaultType = '_txt';
|
$smwgPDefaultType = '_txt';
|
||||||
$smwgEnabledQueryDependencyLinksStore = true;
|
$smwgEnabledQueryDependencyLinksStore = true;
|
||||||
@ -172,67 +178,30 @@ wfLoadExtension( 'Scribunto' );
|
|||||||
$wgScribuntoDefaultEngine = 'luastandalone';
|
$wgScribuntoDefaultEngine = 'luastandalone';
|
||||||
$wgScribuntoUseCodeEditor = "true";
|
$wgScribuntoUseCodeEditor = "true";
|
||||||
|
|
||||||
# LDAP
|
|
||||||
putenv('LDAPTLS_REQCERT=never');
|
|
||||||
wfLoadExtension( 'PluggableAuth' );
|
wfLoadExtension( 'PluggableAuth' );
|
||||||
wfLoadExtension( 'LDAPProvider' );
|
wfLoadExtension( 'OpenIDConnect' );
|
||||||
wfLoadExtension( 'LDAPUserInfo' );
|
$wgOpenIDConnect_MigrateUsersByUserName = true;
|
||||||
wfLoadExtension( 'LDAPAuthentication2' );
|
$wgPluggableAuth_Config["Log in with CMS Network Resources Account"] = [
|
||||||
$wgPluggableAuth_ButtonLabel = "Log in with CMS Network Resources Account";
|
'plugin' => 'OpenIDConnect',
|
||||||
$LDAPProviderDomainConfigProvider = function() use ($secrets) {
|
'data' => [
|
||||||
$config = [
|
'providerURL' => 'https://ucs-sso-ng.claremontmakerspace.org/realms/ucs',
|
||||||
'CMS' => [
|
'clientID' => 'mediawiki',
|
||||||
"connection" => [
|
'clientsecret' => $secrets['OpenIDSecret'],
|
||||||
"server" => "innerweb.claremontmakerspace.org",
|
|
||||||
"port" => 7636,
|
|
||||||
"enctype" => "ssl",
|
|
||||||
"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
|
||||||
"pass" => $secrets['LDAPPass'],
|
|
||||||
"options" => [
|
|
||||||
"LDAP_OPT_DEREF" => 1,
|
|
||||||
],
|
|
||||||
"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
|
||||||
"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
|
|
||||||
"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
|
|
||||||
"searchattribute" => "uid",
|
|
||||||
"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
|
|
||||||
"usernameattribute" => "uid",
|
|
||||||
"realnameattribute" => "cn",
|
|
||||||
"emailattribute" => "mail"
|
|
||||||
],
|
|
||||||
"authentication" => [
|
|
||||||
"usernameattribute" => "uid",
|
|
||||||
"realnameattribute" => "cn",
|
|
||||||
"emailattribute" => "mail"
|
|
||||||
],
|
|
||||||
"userinfo" => [
|
|
||||||
"email" => "mail",
|
|
||||||
"realname" => "cn",
|
|
||||||
"properties.gender" => "gender"
|
|
||||||
]
|
|
||||||
]
|
]
|
||||||
];
|
];
|
||||||
|
|
||||||
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
|
wfloadextension( 'VisualEditor' );
|
||||||
};
|
|
||||||
|
|
||||||
wfLoadExtension( 'VisualEditor' );
|
|
||||||
|
|
||||||
wfLoadExtension( 'TemplateData' );
|
wfLoadExtension( 'TemplateData' );
|
||||||
|
|
||||||
wfLoadExtension( 'Variables' );
|
wfLoadExtension( 'Variables' );
|
||||||
|
|
||||||
wfLoadExtension( 'CSS' );
|
wfLoadExtension( 'CSS' );
|
||||||
|
|
||||||
wfLoadExtension( 'Widgets' );
|
wfLoadExtension( 'Widgets' );
|
||||||
wfLoadExtension( 'ApprovedRevs' );
|
wfLoadExtension( 'ApprovedRevs' );
|
||||||
wfLoadExtension( 'SemanticApprovedRevs' );
|
wfLoadExtension( 'SemanticApprovedRevs' );
|
||||||
|
wfLoadExtension( 'QRLite' );
|
||||||
|
|
||||||
wfLoadExtension( 'Diagrams' );
|
wfloadextension( 'Diagrams' );
|
||||||
$wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams';
|
$wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams';
|
||||||
|
|
||||||
require_once "$IP/extensions/QRLite/QRLite.php";
|
|
||||||
|
|
||||||
wfLoadExtension( 'ExternalData' );
|
wfLoadExtension( 'ExternalData' );
|
||||||
$edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org';
|
$edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org';
|
||||||
$edgAllowExternalDataFrom = 'SNIPEIT_URL';
|
$edgAllowExternalDataFrom = 'SNIPEIT_URL';
|
||||||
|
@ -1,14 +1,20 @@
|
|||||||
{
|
{
|
||||||
"require": {
|
"require": {
|
||||||
"mediawiki/pluggable-auth": "^5.7",
|
"mediawiki/pluggable-auth": "^6.2",
|
||||||
"mediawiki/ldap-provider": "^1.0",
|
"mediawiki/semantic-media-wiki": "^4.1",
|
||||||
"mediawiki/ldap-authentication-2": "^1.0",
|
"mediawiki/semantic-scribunto": "^2.2",
|
||||||
"mediawiki/semantic-media-wiki": "^4.0",
|
|
||||||
"mediawiki/semantic-scribunto": "^2.0",
|
|
||||||
"mediawiki/semantic-result-formats": "^4.0",
|
"mediawiki/semantic-result-formats": "^4.0",
|
||||||
"mediawiki/approved-revs": "^1.7",
|
"mediawiki/approved-revs": "^1.8",
|
||||||
"mediawiki/semantic-approved-revs": "^0.9",
|
"mediawiki/semantic-approved-revs": "^0.9",
|
||||||
"mediawiki/data-transfer": "^1.0",
|
"mediawiki/data-transfer": "^1.4",
|
||||||
"samwilson/diagrams": "^0.9"
|
"gesinn-it/qrlite": "^1.0.0-alpha",
|
||||||
|
"samwilson/diagrams": "^0.11"
|
||||||
|
},
|
||||||
|
"extra": {
|
||||||
|
"merge-plugin": {
|
||||||
|
"include": [
|
||||||
|
"extensions/OpenIDConnect/composer.json"
|
||||||
|
]
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user