Dockerfile

@@ -1,36 +1,37 @@
-FROM mediawiki:1.39
+FROM mediawiki:1.35
 
 RUN apt-get update \
-    && apt-get install -y libpng-dev git zip \
+    && apt-get install -y libldap2-dev libpng-dev git zip \
     && rm -rf /var/lib/apt/lists/* \
-    && docker-php-ext-install -j$(nproc) gd calendar
+    && docker-php-ext-install -j$(nproc) ldap gd
+
+COPY composer.local.json /var/www/html/
+COPY --from=composer:1 /usr/bin/composer /usr/bin/composer
+RUN cd /var/www/html/ && composer update --no-dev
 
 # Needed for making branch name from MEDIAWIKI_MAJOR_VERSION
 SHELL ["/bin/bash", "-c"]
 
-# needs to be downloaded before composer is run
-# https://www.mediawiki.org/wiki/Extension:OpenIDConnect
-RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
-    https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
-    /var/www/html/extensions/OpenIDConnect
-
-COPY composer.local.json /var/www/html/
-COPY --from=composer:2 /usr/bin/composer /usr/bin/composer
-RUN cd /var/www/html/ && composer update --no-dev
-
-
-# from composer.local.json:
 # https://www.mediawiki.org/wiki/Extension:PluggableAuth
+RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth \
+    /var/www/html/extensions/PluggableAuth
+
 # https://www.mediawiki.org/wiki/Extension:LDAPProvider
-# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
+RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
-# https://www.mediawiki.org/wiki/Extension:Semantic_Approved_Revs
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPProvider \
-# https://www.mediawiki.org/wiki/Extension:QRLite
+    /var/www/html/extensions/LDAPProvider
 
 # https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
 RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
-    https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPUserInfo \
     /var/www/html/extensions/LDAPUserInfo
 
+# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
+RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
+    https://gerrit.wikimedia.org/r/mediawiki/extensions/LDAPAuthentication2 \
+    /var/www/html/extensions/LDAPAuthentication2
+
 # https://www.mediawiki.org/wiki/Extension:MobileFrontend
 RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
     https://gerrit.wikimedia.org/r/mediawiki/extensions/MobileFrontend \
@@ -61,8 +62,12 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
 # https://www.mediawiki.org/wiki/Extension:External_Data
 RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
     https://gerrit.wikimedia.org/r/mediawiki/extensions/ExternalData \
-    /var/www/html/extensions/ExternalData \
+    /var/www/html/extensions/ExternalData
-    && cd /var/www/html/extensions/ExternalData && composer install --no-dev
+
+# https://www.mediawiki.org/wiki/Extension:QRLite
+RUN git clone --depth 1 \
+    https://github.com/gesinn-it/QRLite \
+    /var/www/html/extensions/QRLite
 
 # https://www.mediawiki.org/wiki/Extension:CSS
 RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
@@ -74,9 +79,6 @@ RUN git clone --depth 1 -b REL${MEDIAWIKI_MAJOR_VERSION/./_} \
     https://gerrit.wikimedia.org/r/mediawiki/extensions/Variables \
     /var/www/html/extensions/Variables
 
-RUN a2enmod proxy_http proxy_html
-COPY apache-mediawiki.conf /etc/apache2/sites-available/000-default.conf
-
 # reset back to default shell
 SHELL ["/bin/sh", "-c"]
 

LocalSettings.php

@@ -15,8 +15,6 @@ if ( !defined( 'MEDIAWIKI' ) ) {
 	exit;
 }
 
-error_reporting( 0 );
-
 # store passwords/sensitive data here
 $secrets = require('secrets.php');
 
@@ -97,7 +95,7 @@ $wgPingback = false;
 ## If you use ImageMagick (or any other shell command) on a
 ## Linux server, this will need to be set to the name of an
 ## available UTF-8 locale
-$wgShellLocale = "C.UTF-8";
+$wgShellLocale = "en_US.utf8";
 
 ## Set $wgCacheDirectory to a writable directory on the web server
 ## to make your wiki go slightly faster. The directory should not
@@ -146,8 +144,6 @@ wfLoadSkin( 'Timeless' );
 # Add more configuration options below.
 
 # Semantic MediaWiki Extension
-wfLoadExtension( 'SemanticMediaWiki' );
-wfLoadExtension( 'SemanticResultFormats' );
 enableSemantics( 'claremontmakerspace.org' );
 $smwgPDefaultType = '_txt';
 $smwgEnabledQueryDependencyLinksStore = true;
@@ -173,19 +169,50 @@ wfLoadExtension( 'Scribunto' );
 $wgScribuntoDefaultEngine = 'luastandalone';
 $wgScribuntoUseCodeEditor = "true";
 
+# LDAP
 wfLoadExtension( 'PluggableAuth' );
-wfLoadExtension( 'OpenIDConnect' );
+wfLoadExtension( 'LDAPProvider' );
-$wgOpenIDConnect_MigrateUsersByUserName = true;
+wfLoadExtension( 'LDAPUserInfo' );
-$wgPluggableAuth_Config["Log in with CMS Network Resources Account"] = [
+wfLoadExtension( 'LDAPAuthentication2' );
-    'plugin' => 'OpenIDConnect',
+$LDAPProviderDomainConfigProvider = function() use ($secrets) {
-    'data' => [
+	$config = [
-        'providerURL' => 'https://ucs-sso-ng.claremontmakerspace.org/realms/ucs',
+		'CMS' => [
-        'clientID' => 'mediawiki',
+			"connection" => [
-        'clientsecret' => $secrets['OpenIDSecret'],
+				"server" => "self-service.claremontmakerspace.org",
-    ]
+				"port" => 7389,
-];
+				"enctype" => "clear",
+				"user" => "uid=LDAPSearch,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"pass" => $secrets['LDAPPass'],
+				"options" => [
+					"LDAP_OPT_DEREF" => 1,
+				],
+				"basedn" => "cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"groupbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"userbasedn" => "dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"searchattribute" => "uid",
+				"searchstring" => "uid=USER-NAME,cn=users,dc=sawtooth,dc=claremontmakerspace,dc=org",
+				"usernameattribute" => "uid",
+				"realnameattribute" => "cn",
+				"emailattribute" => "mail"
+			],
+			"authentication" => [
+				"usernameattribute" => "uid",
+				"realnameattribute" => "cn",
+				"emailattribute" => "mail"
+			],
+			"userinfo" => [
+				"email" => "mail",
+				"realname" => "cn",
+				"properties.gender" => "gender"
+			]
+		]
+	];
+
+	return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
+};
+
+wfLoadExtension( 'VisualEditor' );
 
-wfloadextension( 'VisualEditor' );
 wfLoadExtension( 'TemplateData' );
 
 wfLoadExtension( 'Variables' );
@@ -193,12 +220,8 @@ wfLoadExtension( 'Variables' );
 wfLoadExtension( 'CSS' );
 
 wfLoadExtension( 'Widgets' );
-wfLoadExtension( 'ApprovedRevs' );
-wfLoadExtension( 'SemanticApprovedRevs' );
-wfLoadExtension( 'QRLite' );
 
-wfloadextension( 'Diagrams' );
+require_once "$IP/extensions/QRLite/QRLite.php";
-$wgDiagramsServiceUrl ='https://wiki.claremontmakerspace.org/diagrams';
 
 wfLoadExtension( 'ExternalData' );
 $edgStringReplacements['SNIPEIT_URL'] = 'https://inventory.claremontmakerspace.org';

apache-mediawiki.conf

@@ -1,21 +0,0 @@
-<VirtualHost *:80>
-    ServerAdmin webmaster@claremontmakerspace.org
-    DocumentRoot /var/www/html
-
-    ErrorLog ${APACHE_LOG_DIR}/error.log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-    AllowEncodedSlashes NoDecode
-
-    ProxyPass /diagrams/ http://diagrams:5003/diagrams/
-    # ProxyPassReverse /diagrams/ http://diagrams:5003/
-    ProxyPreserveHost On
-
-    # <Location /diagrams/>
-    #     ProxyPassReverse /
-    #     SetOutputFilter  proxy-html
-    #     ProxyHTMLURLMap http://diagrams:5003/ /diagrams/
-    #     ProxyHTMLURLMap / /diagrams/
-    # </Location>
-</VirtualHost>
-
-# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

composer.local.json

@@ -1,20 +1,8 @@
 {
     "require": {
-        "mediawiki/pluggable-auth": "^6.2",
+        "mediawiki/semantic-media-wiki": "^3.0",
-        "mediawiki/semantic-media-wiki": "^4.1",
+        "mediawiki/semantic-scribunto": "^2.0",
-        "mediawiki/semantic-scribunto": "^2.2",
+        "mediawiki/semantic-result-formats": "^3.0",
-        "mediawiki/semantic-result-formats": "^4.0",
+        "mediawiki/data-transfer": "^1.0"
-        "mediawiki/approved-revs": "^1.8",
-        "mediawiki/semantic-approved-revs": "^0.9",
-        "mediawiki/data-transfer": "^1.4",
-        "gesinn-it/qrlite": "^1.0.0-alpha",
-        "samwilson/diagrams": "^0.11"
-    },
-    "extra": {
-        "merge-plugin": {
-            "include": [
-                "extensions/OpenIDConnect/composer.json"
-            ]
-        }
     }
 }

diagrams/Dockerfile

@@ -1,19 +0,0 @@
-FROM alpine as source
-
-RUN apk add git curl
-RUN git clone https://github.com/ad1217/diagrams -b fix-stuff
-RUN curl -L http://sourceforge.net/projects/plantuml/files/plantuml.jar/download -o diagrams/plantuml.jar
-
-FROM python:3-alpine
-
-COPY --from=source diagrams diagrams
-WORKDIR diagrams
-
-# TODO: missing mscgen
-RUN apk add graphviz openjdk8-jre
-RUN pip3 install -r dgs/requirements.txt gunicorn
-
-VOLUME /root/.diagrams
-
-env SCRIPT_NAME=/diagrams
-CMD ["gunicorn", "dgs.webserver:app", "--bind", "0.0.0.0:5003", "--forwarded-allow-ips=*"]

docker-compose.yml

@@ -12,25 +12,11 @@ services:
       - ./LocalSettings.php:/var/www/html/LocalSettings.php:ro
       - ./secrets.php:/var/www/html/secrets.php:ro
       - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro
-
-  diagrams:
-    build: ./diagrams
-    restart: always
-    volumes:
-      - diagrams-vol:/root/.diagrams
-
   database:
     image: mariadb
-    volumes:
-      - mysql-vol:/var/lib/mysql
     restart: always
     env_file: .env
     environment:
       MYSQL_DATABASE: mediawiki
       #MYSQL_USER and MYSQL_PASSWORD in .env
       MYSQL_RANDOM_ROOT_PASSWORD: 'yes'
-      MARIADB_AUTO_UPGRADE: 'yes'
-
-volumes:
-  mysql-vol:
-  diagrams-vol: