From f9a1fd07e8678d6d7fbf758ae658fb38009527a2 Mon Sep 17 00:00:00 2001 From: Ryan Lerch Date: Mon, 13 Jun 2022 19:54:49 +1000 Subject: [PATCH] Update OIDC settings for newer versions of plugins mediawiki-OpenIDConnect and mediawiki-PluggableAuth are updated to newer versions, and the config setup has changed. this tweaks it for the wiki stage. Signed-off-by: Ryan Lerch --- .../templates/LocalSettings.php.fp.j2 | 23 +++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/roles/mediawiki/templates/LocalSettings.php.fp.j2 b/roles/mediawiki/templates/LocalSettings.php.fp.j2 index 0208dccb62..57cec204ba 100644 --- a/roles/mediawiki/templates/LocalSettings.php.fp.j2 +++ b/roles/mediawiki/templates/LocalSettings.php.fp.j2 @@ -595,22 +595,37 @@ require_once('/usr/share/php/Fedora/Autoloader/autoload.php'); $wgPluggableAuth_EnableAutoLogin = false; $wgPluggableAuth_EnableLocalLogin = false; $wgPluggableAuth_EnableLocalProperties = false; + +{% if env == "production" %} $wgPluggableAuth_Class = 'OpenIDConnect'; +{% endif %} $wgGroupPermissions['*']['autocreateaccount'] = true; +{% if env == "production" %} $wgOpenIDConnect_Config['https://id{{ env_suffix }}.fedoraproject.org/openidc/'] = [ 'clientID' => 'fpwiki', -{% if env == "staging" %} - 'clientsecret' => '{{ fpwiki_stg_client_secret }}', -{% else %} 'clientsecret' => '{{ fpwiki_prod_client_secret }}', -{% endif %} + 'name' => "Fedora Authentication", 'scope' => [ 'openid', 'profile', 'email', 'https://id.fedoraproject.org/scope/groups', 'https://id.fedoraproject.org/scope/agreements' ] ]; +{% else %} +$wgPluggableAuth_Config[] = [ + 'plugin' => 'OpenIDConnect', + 'data' => [ + 'providerURL' => 'https://id{{ env_suffix }}.fedoraproject.org/openidc/', + 'clientID' => 'fpwiki', + 'clientsecret' => '{{ fpwiki_stg_client_secret }}', + 'scope' => [ 'openid', 'profile', 'email', + 'https://id.fedoraproject.org/scope/groups', + 'https://id.fedoraproject.org/scope/agreements' ] + ] + ]; +{% endif %} + $wgOpenIDConnect_UseRealNameAsUserName = false; $wgOpenIDConnect_UseEmailNameAsUserName = false; $wgOpenIDConnect_MigrateUsersByUserName = false;