YunoHost-Apps/mediawiki_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mediawiki_ynh.git synced 2024-09-03 19:46:05 +02:00
Code Issues Activity Actions 1

Revamp LDAP :

Browse source 
* Move ldap config to json file
* enable all extensions
* rename options
This commit is contained in:
Félix Piédallu 2023-09-04 15:06:13 +02:00
parent 972e7348d7
commit 22f0b46bde
6 changed files with 143 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

97
conf/LocalSettings.php
View file

@ -135,59 +135,54 @@ wfLoadSkin( 'Vector' );
# End of automatically generated settings. # End of automatically generated settings.
# Add more configuration options below. # Add more configuration options below.
# Enabled extensions. Most of the extensions are enabled by adding # LDAP Settings
# wfLoadExtensions('ExtensionName'); # See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
# to LocalSettings.php. Check specific extension documentation for more details.
# LDAPProvider
# https://www.mediawiki.org/wiki/Extension:LDAPProvider
wfLoadExtension( 'LDAPProvider' );
# PluggableAuth
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
wfLoadExtension( 'PluggableAuth' );
$wgPluggableAuth_EnableLocalLogin = true;
$wgPluggableAuth_EnableLocalProperties = true;
# LDAPAuthentication2
# https://www.mediawiki.org/wiki/Extension:LDAPAuthentication2
wfLoadExtension( 'LDAPAuthentication2' );
# Note(decentral1se): leaving here in case we need them one day
# LDAPGroups
# https://www.mediawiki.org/wiki/Extension:LDAPGroups
# wfLoadExtension( 'LDAPGroups' );
# Note(decentral1se): leaving here in case we need them one day
# LDAPUserInfo
# https://www.mediawiki.org/wiki/Extension:LDAPUserInfo
# wfLoadExtension( 'LDAPUserInfo' );
# Note(decentral1se): leaving here in case we need them one day
# LDAPAuthorization
# https://www.mediawiki.org/wiki/Extension:LDAPAuthorization
# wfLoadExtension( 'LDAPAuthorization' ); # wfLoadExtension( 'LDAPAuthorization' );
wfLoadExtension( 'LDAPAuthentication2' );
wfLoadExtension( 'LDAPGroups' );
wfLoadExtension( 'LDAPProvider' );
wfLoadExtension( 'LDAPUserInfo' );
wfLoadExtension( 'PluggableAuth' );
wfLoadExtension( 'Auth_remoteuser' );
# LDAP configuration # Yunohost configuration values for config_panel
$LDAPProviderDomainConfigProvider = function() { $public_wiki = __PUBLIC_WIKI__;
$config = [ $local_accounts = __LOCAL_ACCOUNTS__;
"LDAP" => [ $yunohost_accounts = __YUNOHOST_ACCOUNTS__;
"connection" => [
"server" => "localhost", # Configuration of the generic PluggableAuth extension
"port" => "389", $wgPluggableAuth_EnableLocalLogin = $local_accounts;
"basedn" => "dc=yunohost,dc=org", $wgPluggableAuth_EnableLocalProperties = true;
"groupbasedn" => "ou=users,dc=yunohost,dc=org", $wgPluggableAuth_EnableFastLogout = true;
"userbasedn" => "ou=groups,dc=yunohost,dc=org", # $wgPluggableAuth_ButtonLabel = "Log In";
"searchattribute" => "uid",
"usernameattribute" => "uid", # Configuration of the Yunohost LDAP+SSO
"realnameattribute" => "cn", if ($yunohost_accounts) {
"emailattribute" => "mail" $LDAPProviderDomainConfigs = "$IP/ldapproviders.json";
] $LDAPProviderDefaultDomain = "yunohost.local";
]
$wgPluggableAuth_Config["Log In with Yunohost"] = [
"plugin" => "LDAPAuthentication2",
"data" => [ "domain" => "yunohost.local" ]
]; ];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config ); $wgAuthRemoteuserUserUrls = [
}; 'logout' => 'https://__DOMAIN__/yunohost/sso/?action=logout'
$createaccount = __CREATE_ACCOUNT__; ];
$wgGroupPermissions['*']['createaccount'] = $createaccount; }
# Auth_remoteuser will read the REMOTE_USER http header (for Yunohost SSO)
$wgAuthRemoteuserUserName = [
getenv('REMOTE_USER'),
];
# Allow users to login as other than SSO logged in user
$wgAuthRemoteuserAllowUserSwitch = true;
# $wgEmailConfirmToEdit = false;
$wgGroupPermissions['*']['edit'] = $public_wiki;
$wgGroupPermissions['*']['read'] = $public_wiki;
$wgGroupPermissions['*']['createaccount'] = $local_accounts;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgBlockDisablesLogin = true;

24
conf/ldapproviders.json Normal file
View file

@ -0,0 +1,24 @@
{
"yunohost.local": {
"connection": {
"server": "localhost",
"port": "389",
"use-tls": "false",
"basedn": "dc=yunohost,dc=org",
"userbasedn": "ou=users,dc=yunohost,dc=org",
"groupbasedn": "ou=groups,dc=yunohost,dc=org",
"searchattribute": "uid",
"usernameattribute": "uid",
"realnameattribute": "cn",
"emailattribute": "mail",
"grouprequest": "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"presearchusernamemodifiers": [ "spacestounderscores", "lowercase" ]
},
"userinfo": [],
"authorization": [],
"groupsync": {
"mapping": {
}
}
}
}

34
config_panel.toml
View file

@ -3,14 +3,32 @@ version = "1.0"
[main] [main]
name = "Mediawiki configuration" name = "Mediawiki configuration"
[main.config] [main.config]
name = "Configuration Options" name = "Configuration Options"
[main.config.create_account] [install.public_wiki]
ask = "Create account" ask.en = "Is this Wiki public ?"
type = "boolean" ask.fr = "Ce Wiki est-il public ?"
yes = true help.en = "This visibility is handled by Mediawiki, not Yunohost"
no = false help.fr = "Cette visibilité est gérée par Mediawiki, pas Yunohost"
help = "Set to 'true' to allow account creation." type = "boolean"
bind = "createaccount:__INSTALL_DIR__/LocalSettings.php" default = true
bind = ":__INSTALL_DIR__/LocalSettings.php"
[install.local_accounts]
ask.en = "Allow local accounts (non-Yunohost login) ?"
ask.fr = "Autoriser les comptes locaux (non connectés à Yunohost) ?"
help.en = "If this is enabled, people without a Yunohost account can create an account, local to the wiki."
help.fr = "Si activé, les personnes sans compte Yunohost pourront créer un compte local au wiki."
type = "boolean"
default = false
bind = ":__INSTALL_DIR__/LocalSettings.php"
[install.yunohost_accounts]
ask.en = "Link with Yunohost accounts"
ask.fr = "Lier aux comptes Yunohost"
help.en = "If this is enabled, Yunohost users will be able to login."
help.fr = "Si activé, les utilisateurs Yunohost pourront s'authentifier."
type = "boolean"
default = true
bind = ":__INSTALL_DIR__/LocalSettings.php"

34
manifest.toml
View file

@ -38,8 +38,8 @@ ram.runtime = "50M"
default = "/wiki" default = "/wiki"
[install.init_main_permission] [install.init_main_permission]
help.en = "Visibility of the wiki pages" help.en = "Visibility of the wiki (handled by Yunohost)"
help.fr = "La visibilité des pages du wiki" help.fr = "La visibilité du wiki (gérée par Yunohost)"
type = "group" type = "group"
default = "visitors" default = "visitors"
@ -64,12 +64,42 @@ ram.runtime = "50M"
type = "string" type = "string"
default = "YunoWiki" default = "YunoWiki"
[install.public_wiki]
ask.en = "Is this Wiki public ?"
ask.fr = "Ce Wiki est-il public ?"
help.en = "This visibility is handled by Mediawiki, not Yunohost"
help.fr = "Cette visibilité est gérée par Mediawiki, pas Yunohost"
type = "boolean"
default = true
[install.local_accounts]
ask.en = "Allow local accounts (non-Yunohost login) ?"
ask.fr = "Autoriser les comptes locaux (non connectés à Yunohost) ?"
help.en = "If this is enabled, people without a Yunohost account can create an account, local to the wiki."
help.fr = "Si activé, les personnes sans compte Yunohost pourront créer un compte local au wiki."
type = "boolean"
default = false
[install.yunohost_accounts]
ask.en = "Link with Yunohost accounts"
ask.fr = "Lier aux comptes Yunohost"
help.en = "If this is enabled, Yunohost users will be able to login."
help.fr = "Si activé, les utilisateurs Yunohost pourront s'authentifier."
type = "boolean"
default = true
[resources] [resources]
[resources.sources] [resources.sources]
[resources.sources.main] [resources.sources.main]
url = "https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.1.tar.gz" url = "https://releases.wikimedia.org/mediawiki/1.40/mediawiki-1.40.1.tar.gz"
sha256 = "e05d419de40c6ad03145aca07e08cf995d1ca1667d97793bb73970e2c11b0a04" sha256 = "e05d419de40c6ad03145aca07e08cf995d1ca1667d97793bb73970e2c11b0a04"
[resources.sources.auth_remoteuser]
url = "https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser/archive/1a72290f4b3f35694a9a0a71d7c17258badca429.tar.gz"
sha256 = "4864edde068209a8a72a97238041220d47b3d4cd4c353637dd0857f488b67904"
in_subdir = true
[resources.sources.ldap_groups] [resources.sources.ldap_groups]
url = "https://github.com/wikimedia/mediawiki-extensions-LDAPGroups/archive/6babc982f16ea9b6a6a64d45e55413c663bc6b6f.tar.gz" url = "https://github.com/wikimedia/mediawiki-extensions-LDAPGroups/archive/6babc982f16ea9b6a6a64d45e55413c663bc6b6f.tar.gz"
sha256 = "88ce087760726ea61c002c8d4b169b1d3a5421d76d8e4afa916ba55051a9130a" sha256 = "88ce087760726ea61c002c8d4b169b1d3a5421d76d8e4afa916ba55051a9130a"

10
scripts/install Normal file → Executable file
View file

@ -26,13 +26,16 @@ ynh_script_progression --message="Setting up source files..." --weight=4
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" ynh_setup_source --dest_dir="$install_dir"
# See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
ynh_setup_source --dest_dir="$install_dir/extensions/Auth_remoteuser" --source_id="auth_remoteuser"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2" ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider" ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth" ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir" chown -R $app:www-data "$install_dir"
@ -94,6 +97,7 @@ mv "$install_dir/LocalSettings.php" "$install_dir/LocalSettings.php.orig"
wiki_name_underscorified="${wiki_name//[^a-zA-Z0-9]/_}" wiki_name_underscorified="${wiki_name//[^a-zA-Z0-9]/_}"
ynh_add_config --template="../conf/LocalSettings.php" --destination="$install_dir/LocalSettings.php" ynh_add_config --template="../conf/LocalSettings.php" --destination="$install_dir/LocalSettings.php"
ynh_add_config --template="../conf/ldapproviders.json" --destination="$install_dir/ldapproviders.json"
# This is required to update database schemas # This is required to update database schemas
"php$phpversion" "$install_dir/maintenance/update.php" "php$phpversion" "$install_dir/maintenance/update.php"

13
scripts/upgrade Normal file → Executable file
View file

@ -58,14 +58,15 @@ then
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" ynh_setup_source --dest_dir="$install_dir"
# See https://www.mediawiki.org/wiki/Manual:Active_Directory_Integration
ynh_setup_source --dest_dir="$install_dir/extensions/Auth_remoteuser" --source_id="auth_remoteuser"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2" ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthentication2" --source_id="ldap_authentication2"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider" ynh_setup_source --dest_dir="$install_dir/extensions/LDAPProvider" --source_id="ldap_provider"
ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth" ynh_setup_source --dest_dir="$install_dir/extensions/PluggableAuth" --source_id="pluggable_auth"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPGroups" --source_id="ldap_groups"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPUserInfo" --source_id="ldap_userinfo"
# ynh_setup_source --dest_dir="$install_dir/extensions/LDAPAuthorization" --source_id="ldap_authorization"
fi fi
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
@ -115,6 +116,8 @@ if (( password_length < 10 )); then
echo "\$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;" >> "$install_dir/LocalSettings.php" echo "\$wgPasswordPolicy['policies']['default']['MinimalPasswordLength'] = 10;" >> "$install_dir/LocalSettings.php"
fi fi
ynh_add_config --template="../conf/ldapproviders.json" --destination="$install_dir/ldapproviders.json"
# This is required to update database schemas # This is required to update database schemas
"php$phpversion" "$install_dir/maintenance/update.php" "php$phpversion" "$install_dir/maintenance/update.php"