Merge pull request #4 from cthit/feature/gamma-2.0

README.md

@@ -1 +1,53 @@
 # mediawiki-gamma
+
+A customized version of MediaWiki to add support for login with Gamma, and includes several extensions for more functionality.
+
+Includes a proxy that helps routing to sub-paths.
+
+# Usage with Gamma
+
+In order to authorize with Gamma, create a client with a redirect URL that matches `https://[URL of wiki]/wiki/index.php/Special:PluggableAuthLogin`.
+Also make sure that the email scope is enabled.
+If you want to make any restrictions on who can access the wiki, you can set those directly on the client.
+The wiki will not do any additional checks other than login status.
+
+# Wiki Setup
+
+After creating a blank software stack (e.g. through Docker compose), you should be able to access the wiki through the proxy at http://localhost:4000/wiki, or directly at http://localhost:4001.
+The wiki can now be initialized by navigating to http://localhost:4000/wiki/mw-config and following the instructions.
+Should you encounter a 404 error when clicking continue, navigate directly to the wiki setup page at http://localhost:4001/mw-config.
+
+If there are any database-related errors after initialization, run the upgrade script: `php maintenance/update.php`.
+More information about this update script can be found in MediaWiki's [documentation](https://www.mediawiki.org/wiki/Manual:Update.php).
+
+> [!WARNING]  
+> Make sure that there exists a backup of the database before running the upgrade script.
+
+## Upgrating from previous versions
+
+If you are upgrading from version < 1.39, you will need to run the upgrade script to create new database tables used by new extensions: `php maintenance/update.php`.
+
+## Configuration
+
+The following environment variables can be set to configure the wiki:
+
+| Variable                       | Description                                             | Default    | Example                    |
+| ------------------------------ | ------------------------------------------------------- | ---------- | -------------------------- |
+| `PROVIDER_URL`                 | The URL of the Gamma provider                           | (Required) | `https://auth.chalmers.it` |
+| `CLIENT_ID`                    | The client ID of the provider                           | (Required) | `123456`                   |
+| `CLIENT_SECRET`                | The client secret of the provider                       | (Required) | `abcdef`                   |
+| `WIKI_NAME`                    | The name of the wiki                                    | (Required) | `My Wiki`                  |
+| `WIKI_PATH`                    | The root path of the wiki                               | (Required) | `/wiki`                    |
+| `ROOT_URL`                     | The root URL of the wiki                                | (Required) | `https://wiki.chalmers.it` |
+| `DB_SERVER`                    | URL to the database                                     | (Required) | `db`                       |
+| `DB_NAME`                      | The database name to use                                | (Required) | `wiki`                     |
+| `DB_USER`                      | Username to access database                             | (Required) | `wiki`                     |
+| `DB_PASSWORD`                  | Password to access database                             | (Required) | `password`                 |
+| `DB_PREFIX`                    | Prefix to be used when addressing database.             | (Required) | `mw_`                      |
+| `SECRET_KEY`                   | The secret key for the wiki                             | (Required) | `secret`                   |
+| `UPGRADE_KEY`                  | The upgrade key for the wiki. Used for installs.        | (Required) | `123456`                   |
+| `ENABLE_LOCAL_LOGIN`           | Enable local login for the wiki.                        | `false`    | `false`                    |
+| `ENABLE_LOCAL_USER_PROPERTIES` | Allow users to edit their own properties.               | `false`    | `false`                    |
+| `USE_WORDMARK`                 | Enable wordmark (text-only logo, used in certain skins) | `false`    | `true`                     |
+| `WORDMARK_WIDTH`               | Width of the wordmark (max 124)                         | `124`      | `64`                       |
+| `WORDMARK_HEIGHT`              | Height of the wordmark (max 32)                         | `32`       | `32`                       |

docker-compose.yaml

@@ -1,20 +1,14 @@
-version: "3"
 services:
   wiki:
     build:
       context: mediawiki
       dockerfile: Dockerfile
-    image: cthit/mediawiki:latest
+    image: ghcr.io/cthit/mediawiki-gamma:latest
     environment:
-      GAMMA_CLIENT_ID: OwjtOwnraqUbJEuvdpQ7YTBbIyII4OA11fB4b1woqvVPKxLiQzZ8dl4Alz1WFbHZGpCcBoDhzdm
-      GAMMA_CLIENT_SECRET: 3bkxqBQk3POPeEYK8Mbsfu1rw6FhQaNARpfLXe4Cio84FVMSeo1va73TLbPkbtNGFxyhgnm7Q3F
-      GAMMA_AUTH: http://localhost:3000/api/oauth/authorize
-      GAMMA_TOKEN: http://gamma-backend:8081/api/oauth/token
-      GAMMA_USER: http://gamma-backend:8081/api/users/me
-      GAMMA_REDIRECT: http://localhost:4000/wiki/index.php/Special:OAuth2Client/callback
-      # GAMMA_AUTHORITY: admin
-      GAMMA_AUTHORIZED_GROUPS: superadmin
       WIKI_NAME: digITpedia
+      CLIENT_ID: PLACEHOLDER_ID
+      CLIENT_SECRET: PLACEHOLDER_SECRET
+      PROVIDER_URL: https://auth.chalmers.it
       WIKI_PATH: /wiki
       DB_SERVER: wiki-db
       DB_NAME: wiki
@@ -24,9 +18,6 @@ services:
       SECRET_KEY: dasdasdasd
       UPGRADE_KEY: dasd
       ROOT_URL: http://localhost:4000
-    networks:
-      - default
-      - gamma
     ports:
       - 4001:80
     volumes:
@@ -41,8 +32,6 @@ services:
       WIKI_PATH: wiki
       WIKI_HOST: wiki
     image: cthit/mediawiki-proxy:latest
-    networks:
-      - default
     ports:
       - 4000:80
 
@@ -53,13 +42,5 @@ services:
       MYSQL_DATABASE: wiki
       MYSQL_PASSWORD: wiki
       MYSQL_RANDOM_ROOT_PASSWORD: "yes"
-    networks:
-      - default
-      - gamma
     volumes:
       - ./dump.sql:/docker-entrypoint-initdb.d/dump.sql
-
-networks:
-  default:
-  gamma:
-    external: true

mediawiki/Dockerfile

@@ -1,4 +1,4 @@
-FROM mediawiki:1.35
+FROM mediawiki:1.39
 
 # Various dependencies for composer
 RUN apt update && apt install zip unzip
@@ -7,31 +7,38 @@ RUN apt update && apt install zip unzip
 RUN php -r "readfile('https://getcomposer.org/installer');" | php
 RUN mv composer.phar /usr/local/bin/composer
 
-COPY ./LocalSettings.php /var/www/html/
+# Install PluggableAuth
+WORKDIR /var/www/html/extensions
+RUN git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth
 
-# Install MW-OAuth2Client-Gamma
+# Install OpenIDConnect
 WORKDIR /var/www/html/extensions
-RUN git clone https://github.com/cthit/MW-OAuth2Client-Gamma
-WORKDIR /var/www/html/extensions/MW-OAuth2Client-Gamma
-RUN git checkout 5f553cc
-RUN git submodule update --init --recursive
-WORKDIR /var/www/html/extensions/MW-OAuth2Client-Gamma/vendors/oauth2-client
+RUN git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect
+WORKDIR /var/www/html/extensions/OpenIDConnect
 RUN composer install
 
 # Install GetUserName
 WORKDIR /var/www/html/extensions
 RUN git clone https://github.com/Wikimedica/mediawiki-extensions-GetUserName GetUserName
 WORKDIR /var/www/html/extensions/GetUserName
-RUN git checkout 4306000
+RUN git checkout 1f08a13
 
 # Install TitleKey
 WORKDIR /var/www/html/extensions
 RUN git clone https://github.com/wikimedia/mediawiki-extensions-TitleKey TitleKey
 WORKDIR /var/www/html/extensions/TitleKey
-RUN git checkout cf26918
+RUN git checkout 4ff9d24
 
 # Install ParserFunctions for MediaWiki 1.39
 WORKDIR /tmp
-RUN curl -L https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_35-47229c6.tar.gz -o ParserFunctions.tar.gz
+RUN curl -L https://extdist.wmflabs.org/dist/extensions/ParserFunctions-REL1_39-027c595.tar.gz -o ParserFunctions.tar.gz
 RUN tar -xzf ParserFunctions.tar.gz -C /var/www/html/extensions
-WORKDIR /var/www/html
+WORKDIR /var/www/html
+
+# Install Citizen skin
+WORKDIR /var/www/html/skins
+RUN git clone https://github.com/StarCitizenTools/mediawiki-skins-Citizen Citizen
+WORKDIR /var/www/html/skins/Citizen
+RUN git checkout 9caf91a
+
+COPY ./LocalSettings.php /var/www/html/

mediawiki/LocalSettings.php

@@ -37,7 +37,18 @@
 
 ## The URL paths to the logo.  Make sure you change this from the default,
 ## or else you'll overwrite your logo when you upgrade!
-$wgLogo = $wgScriptPath . '/images/logo.png';
+$wgLogos = [
+    'icon' => "$wgScriptPath/images/logo.png",
+    '1x' => "$wgScriptPath/images/logo.png",
+];
+
+if ( $_ENV["USE_WORDMARK"] ?? false ) {
+    $wgLogos['wordmark'] = [
+        'src' => "$wgScriptPath/images/wordmark.png",
+        'width' => $_ENV["WORDMARK_WIDTH"] ?? 124,
+        'height' => $_ENV["WORDMARK_HEIGHT"] ?? 32
+    ];
+}
 
 ## UPO means: this is also a user preference option
 
@@ -124,54 +135,58 @@
 
 ## Default skin: you can change the default skin. Use the internal symbolic
 ## names, ie 'vector', 'monobook':
-$wgDefaultSkin = "vector";
+$wgDefaultSkin = "vector-2022";
 
 # Enabled skins.
-# The following skins were automatically enabled:
+wfLoadSkin('MinervaNeue');
 wfLoadSkin('MonoBook');
 wfLoadSkin('Timeless');
 wfLoadSkin('Vector');
+wfLoadSkin('Citizen');
 
 
 # End of automatically generated settings.
 # Add more configuration options below.
 
+// Notifications extensions. Enable when using going to LTS after 1.40
+// wfLoadExtension('Echo');
+// wfLoadExtension('Thanks');
+
+wfLoadExtension('PdfHandler');
+wfLoadExtension('Math');
+wfLoadExtension('MultimediaViewer');
 wfLoadExtension('GetUserName');
 wfLoadExtension('ParserFunctions');
 wfLoadExtension('TitleKey');
 
 #################################################################################################################################
 ######################### OAUTH GAMMA ###########################################################################################
 #################################################################################################################################
-wfLoadExtension('MW-OAuth2Client-Gamma');
-
-$wgOAuth2Client['client']['id']     = $_ENV["GAMMA_CLIENT_ID"]; // The client ID assigned to you by the provider
-$wgOAuth2Client['client']['secret'] = $_ENV["GAMMA_CLIENT_SECRET"]; // The client secret assigned to you by the provider
-
-$wgOAuth2Client['configuration']['authorize_endpoint']     = $_ENV["GAMMA_AUTH"]; // Authorization URL
-$wgOAuth2Client['configuration']['access_token_endpoint']  = $_ENV["GAMMA_TOKEN"]; // Token URL
-$wgOAuth2Client['configuration']['api_endpoint']           = $_ENV["GAMMA_USER"]; // URL to fetch user JSON
-$wgOAuth2Client['configuration']['redirect_uri']           = $_ENV["GAMMA_REDIRECT"]; // URL for OAuth2 server to redirect to
-
-$wgOAuth2Client['configuration']['username'] = 'cid'; // JSON path to username
-$wgOAuth2Client['configuration']['email'] = 'email'; // JSON path to email
-
-$wgOAuth2Client['configuration']['authorized_groups'] = $_ENV["GAMMA_AUTHORIZED_GROUPS"]; // Comma separated list of authorized groups
-// $wgOAuth2Client['configuration']['gamma_authority'] = $_ENV["GAMMA_AUTHORITY"]; // Gamma
-$wgOAuth2Client['configuration']['service_name'] = 'Gamma'; // the name of your service
-$wgOAuth2Client['configuration']['service_login_link_text'] = 'Login with Gamma'; // the text of the login link
-
-$wgOAuth2Client['configuration']['scopes'] = '';
-
-$wgOAuth2Client['configuration']['http_bearer_token'] = 'Bearer'; // Token to use in HTTP Authentication
-$wgOAuth2Client['configuration']['query_parameter_token'] = 'auth_token'; // query parameter to use
+wfLoadExtension('PluggableAuth');
+wfLoadExtension('OpenIDConnect');
+
+$wgOpenIDConnect_MigrateUsersByUserName = true;
+$wgPluggableAuth_EnableAutoLogin = false;
+$wgPluggableAuth_EnableLocalLogin = $_ENV["ENABLE_LOCAL_LOGIN"] ?? false;
+$wgPluggableAuth_EnableLocalProperties = $_ENV["ENABLE_LOCAL_USER_PROPERTIES"] ?? false;
+$wgPluggableAuth_Config = [
+    "Gamma" => [
+        'plugin' => 'OpenIDConnect',
+        'data' => [
+            'providerURL' =>  $_ENV["PROVIDER_URL"],
+            'clientID' =>     $_ENV["CLIENT_ID"],
+            'clientsecret' => $_ENV["CLIENT_SECRET"],
+            'preferred_username' => 'cid'
+        ]
+    ]
+];
 
 #################################################################################################################################
 ######################### digITDefault ##########################################################################################
 #################################################################################################################################
 
-# Whitelist oauth login page
-$wgWhitelistRead = ['Special:OAuth2Client', 'Special:OAuth2Client/redirect'];
+# Whitelist for read access
+$wgWhitelistRead = [];
 
 
 # Allow normal users to move pages etc.
@@ -185,6 +200,7 @@
 $wgGroupPermissions['user']['deletedhistory'] = true;
 $wgGroupPermissions['user']['deletedtext'] = true;
 
+$wgGroupPermissions['*']['autocreateaccount'] = true;
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['*']['edit'] = false;
 $wgGroupPermissions['*']['read'] = false;