Upgrade to 1.39, switch from LDAP to OpenID Connect, update extensions

This commit is contained in:
Adam Goldsmith 2023-02-20 21:54:20 -05:00
parent 26bca5acf8
commit e2519a7279
3 changed files with 52 additions and 72 deletions

View File

@ -1,21 +1,30 @@
FROM mediawiki:1.37 FROM mediawiki:1.39
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y libldap2-dev libpng-dev git zip \ && apt-get install -y libpng-dev git zip \
&& rm -rf /var/lib/apt/lists/* \ && rm -rf /var/lib/apt/lists/* \
&& docker-php-ext-install -j$(nproc) ldap gd && docker-php-ext-install -j$(nproc) gd calendar
COPY composer.local.json /var/www/html/
COPY --from=composer:2.1 /usr/bin/composer /usr/bin/composer
RUN cd /var/www/html/ && composer update --no-dev
# Needed for making branch name from MEDIAWIKI_MAJOR_VERSION # Needed for making branch name from MEDIAWIKI_MAJOR_VERSION
SHELL ["/bin/bash", "-c"] SHELL ["/bin/bash", "-c"]
# needs to be downloaded before composer is run
# https://www.mediawiki.org/wiki/Extension:OpenIDConnect
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
/var/www/html/extensions/OpenIDConnect
COPY composer.local.json /var/www/html/
COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
RUN cd /var/www/html/ && composer update --no-dev
# from composer.local.json: # from composer.local.json:
# https://www.mediawiki.org/wiki/Extension:PluggableAuth # https://www.mediawiki.org/wiki/Extension:PluggableAuth
# https://www.mediawiki.org/wiki/Extension:LDAPProvider # https://www.mediawiki.org/wiki/Extension:LDAPProvider
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2 # https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
# https://www.mediawiki.org/wiki/Extension:Semantic_Approved_Revs
# https://www.mediawiki.org/wiki/Extension:QRLite
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo # https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
@ -52,12 +61,8 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
# https://www.mediawiki.org/wiki/Extension:External_Data # https://www.mediawiki.org/wiki/Extension:External_Data
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \ https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \
/var/www/html/extensions/ExternalData /var/www/html/extensions/ExternalData \
&& cd /var/www/html/extensions/ExternalData && composer install --no-dev
# https://www.mediawiki.org/wiki/Extension:QRLite
RUN git clone --depth 1 \
https://github.com/gesinn-it/QRLite \
/var/www/html/extensions/QRLite
# https://www.mediawiki.org/wiki/Extension:CSS # https://www.mediawiki.org/wiki/Extension:CSS
RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \

View File

@ -76,6 +76,7 @@ $wgDBmysql5 = false;
## Shared memory settings ## Shared memory settings
$wgMainCacheType = CACHE_NONE; $wgMainCacheType = CACHE_NONE;
$wgSessionCacheType = CACHE_DB;
$wgMemCachedServers = []; $wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory ## To enable image uploads, make sure the 'images' directory
@ -112,6 +113,10 @@ $wgSecretKey = $secrets['wgSecretKey'];
# Changing this will log out all existing sessions. # Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1"; $wgAuthenticationTokenVersion = "1";
$wgCookieSameSite = "None";
$wgForceHTTPS = true;
$wgCookieSecure = true;
# Site upgrade key. Must be set to a string (default provided) to turn on the # Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place # web installer while LocalSettings.php is in place
$wgUpgradeKey = $secrets['wgUpgradeKey']; $wgUpgradeKey = $secrets['wgUpgradeKey'];
@ -147,6 +152,7 @@ wfLoadSkin( 'Timeless' );
# Semantic MediaWiki Extension # Semantic MediaWiki Extension
wfLoadExtension( 'SemanticMediaWiki' ); wfLoadExtension( 'SemanticMediaWiki' );
wfLoadExtension( 'SemanticResultFormats' );
enableSemantics( 'claremontmakerspace.org' ); enableSemantics( 'claremontmakerspace.org' );
$smwgPDefaultType = '_txt'; $smwgPDefaultType = '_txt';
$smwgEnabledQueryDependencyLinksStore = true; $smwgEnabledQueryDependencyLinksStore = true;
@ -172,67 +178,30 @@ wfLoadExtension( 'Scribunto' );
$wgScribuntoDefaultEngine = 'luastandalone'; $wgScribuntoDefaultEngine = 'luastandalone';
$wgScribuntoUseCodeEditor = "true"; $wgScribuntoUseCodeEditor = "true";
# LDAP
putenv('LDAPTLS_REQCERT=never');
wfLoadExtension( 'PluggableAuth' ); wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'LDAPProvider' ); wfLoadExtension( 'OpenIDConnect' );
wfLoadExtension( 'LDAPUserInfo' ); $wgOpenIDConnect_MigrateUsersByUserName = true;
wfLoadExtension( 'LDAPAuthentication2' ); $wgPluggableAuth_Config["Log in with CMS Network Resources Account"] = [
$wgPluggableAuth_ButtonLabel = "Log in with CMS Network Resources Account"; 'plugin' => 'OpenIDConnect',
$LDAPProviderDomainConfigProvider = function() use ($secrets) { 'data' => [
$config = [ 'providerURL' => 'https://ucs-sso-ng.claremontmakerspace.org/realms/ucs',
'CMS' => [ 'clientID' => 'mediawiki',
"connection" => [ 'clientsecret' => $secrets['OpenIDSecret'],
"server" => "innerweb.claremontmakerspace.org", ]
"port" => 7636, ];
"enctype" => "ssl",
"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"pass" => $secrets['LDAPPass'],
"options" => [
"LDAP_OPT_DEREF" => 1,
],
"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
"searchattribute" => "uid",
"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"authentication" => [
"usernameattribute" => "uid",
"realnameattribute" => "cn",
"emailattribute" => "mail"
],
"userinfo" => [
"email" => "mail",
"realname" => "cn",
"properties.gender" => "gender"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
wfLoadExtension( 'VisualEditor' );
wfloadextension( 'VisualEditor' );
wfLoadExtension( 'TemplateData' ); wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'Variables' ); wfLoadExtension( 'Variables' );
wfLoadExtension( 'CSS' ); wfLoadExtension( 'CSS' );
wfLoadExtension( 'Widgets' ); wfLoadExtension( 'Widgets' );
wfLoadExtension( 'ApprovedRevs' ); wfLoadExtension( 'ApprovedRevs' );
wfLoadExtension( 'SemanticApprovedRevs' ); wfLoadExtension( 'SemanticApprovedRevs' );
wfLoadExtension( 'QRLite' );
wfLoadExtension( 'Diagrams' ); wfloadextension( 'Diagrams' );
$wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams'; $wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams';
require_once "$IP/extensions/QRLite/QRLite.php";
wfLoadExtension( 'ExternalData' ); wfLoadExtension( 'ExternalData' );
$edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org'; $edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org';
$edgAllowExternalDataFrom = 'SNIPEIT_URL'; $edgAllowExternalDataFrom = 'SNIPEIT_URL';

View File

@ -1,14 +1,20 @@
{ {
"require": { "require": {
"mediawiki/pluggable-auth": "^5.7", "mediawiki/pluggable-auth": "^6.2",
"mediawiki/ldap-provider": "^1.0", "mediawiki/semantic-media-wiki": "^4.1",
"mediawiki/ldap-authentication-2": "^1.0", "mediawiki/semantic-scribunto": "^2.2",
"mediawiki/semantic-media-wiki": "^4.0",
"mediawiki/semantic-scribunto": "^2.0",
"mediawiki/semantic-result-formats": "^4.0", "mediawiki/semantic-result-formats": "^4.0",
"mediawiki/approved-revs": "^1.7", "mediawiki/approved-revs": "^1.8",
"mediawiki/semantic-approved-revs": "^0.9", "mediawiki/semantic-approved-revs": "^0.9",
"mediawiki/data-transfer": "^1.0", "mediawiki/data-transfer": "^1.4",
"samwilson/diagrams": "^0.9" "gesinn-it/qrlite": "^1.0.0-alpha",
"samwilson/diagrams": "^0.11"
},
"extra": {
"merge-plugin": {
"include": [
"extensions/OpenIDConnect/composer.json"
]
}
} }
} }