Finished mediawiki oidc implementation

2025-10-31 18:29:21 +00:00 · 2025-08-29 04:24:50 +02:00
parent dd9a9b6d84
commit 983287a84a
4 changed files with 32 additions and 31 deletions
--- a/roles/web-app-mediawiki/tasks/02_debug.yml
+++ b/roles/web-app-mediawiki/tasks/02_debug.yml
@@ -3,35 +3,9 @@

 - name: "DEBUG | Enable block when MODE_DEBUG=true"
  when: MODE_DEBUG | bool
-  include_tasks: _enable_debug.yml
+  include_tasks: _debug_enable.yml

 - name: "DEBUG | Disable block when MODE_DEBUG=false"
  when: not (MODE_DEBUG | bool)
-  block:
-    - name: "Remove require_once line from LocalSettings.php (if present)"
-      shell: |
-        docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
-          LSP={{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php
-          if [ -f "$LSP" ]; then
-            if grep -Fqx -- "require_once __DIR__ . '\''/debug.php'\'';" "$LSP"; then
-              sed -i "\#require_once __DIR__ . '/debug.php';#d" "$LSP"
-              echo REMOVED_REQUIRE
-            fi
-          fi
-        '
-      args: { executable: /bin/bash }
-      register: _dbg_rm_req
-      changed_when: "'REMOVED_REQUIRE' in (_dbg_rm_req.stdout | default(''))"
+  include_tasks: _debug_disable.yml

-    - name: "Remove debug.php from container (if present)"
-      shell: >
-        docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
-        "if [ -f {{ MEDIAWIKI_HTML_DIR }}/debug.php ]; then rm -f {{ MEDIAWIKI_HTML_DIR }}/debug.php; echo REMOVED_FILE; fi"
-      args: { executable: /bin/bash }
-      register: _dbg_rm_file
-      changed_when: "'REMOVED_FILE' in (_dbg_rm_file.stdout | default(''))"
-
-    - name: "Remove local debug.php (if present)"
-      file:
-        path: "{{ MEDIAWIKI_CONFIG_DIR }}/debug.php"
-        state: absent
--- a/roles/web-app-mediawiki/tasks/_debug_disable.yml
+++ b/roles/web-app-mediawiki/tasks/_debug_disable.yml
@@ -0,0 +1,27 @@
+- name: "Remove require_once line from LocalSettings.php (if present)"
+  shell: |
+    docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
+      LSP={{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php
+      if [ -f "$LSP" ]; then
+        if grep -Fqx -- "require_once __DIR__ . '\''/debug.php'\'';" "$LSP"; then
+          sed -i "\#require_once __DIR__ . '/debug.php';#d" "$LSP"
+          echo REMOVED_REQUIRE
+        fi
+      fi
+    '
+  args: { executable: /bin/bash }
+  register: _dbg_rm_req
+  changed_when: "'REMOVED_REQUIRE' in (_dbg_rm_req.stdout | default(''))"
+
+- name: "Remove debug.php from container (if present)"
+  shell: >
+    docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
+    "if [ -f {{ MEDIAWIKI_HTML_DIR }}/debug.php ]; then rm -f {{ MEDIAWIKI_HTML_DIR }}/debug.php; echo REMOVED_FILE; fi"
+  args: { executable: /bin/bash }
+  register: _dbg_rm_file
+  changed_when: "'REMOVED_FILE' in (_dbg_rm_file.stdout | default(''))"
+
+- name: "Remove local debug.php (if present)"
+  file:
+    path: "{{ MEDIAWIKI_CONFIG_DIR }}/debug.php"
+    state: absent
--- a/roles/web-app-mediawiki/tasks/_debug_enable.yml
+++ b/roles/web-app-mediawiki/tasks/_debug_enable.yml
--- a/roles/web-app-mediawiki/templates/oidc.php.j2
+++ b/roles/web-app-mediawiki/templates/oidc.php.j2
@@ -3,9 +3,9 @@
 wfLoadExtension( 'PluggableAuth' );
 wfLoadExtension( 'OpenIDConnect' );

-$wgPluggableAuth_EnableAutoLogin = false;   // don’t auto-redirect to IdP
-$wgPluggableAuth_EnableLocalLogin = true;   // keep local user/pass login
-$wgPluggableAuth_ButtonLabelMessage = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
+$wgPluggableAuth_EnableAutoLogin = true;   // don’t auto-redirect to IdP
+$wgPluggableAuth_EnableLocalLogin = false;   // keep local user/pass login
+$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';

 // PluggableAuth expects a list of providers (numeric array) on REL1_44
 $wgPluggableAuth_Config = [