From 983287a84ac707b6ac7fd44d05968852b19d37cf Mon Sep 17 00:00:00 2001
From: Kevin Veen-Birkenbach <kevin@veen.world>
Date: Fri, 29 Aug 2025 04:24:50 +0200
Subject: [PATCH] Finished mediawiki oidc implementation

---
 roles/web-app-mediawiki/tasks/02_debug.yml    | 30 ++-----------------
 .../tasks/_debug_disable.yml                  | 27 +++++++++++++++++
 .../{_enable_debug.yml => _debug_enable.yml}  |  0
 roles/web-app-mediawiki/templates/oidc.php.j2 |  6 ++--
 4 files changed, 32 insertions(+), 31 deletions(-)
 create mode 100644 roles/web-app-mediawiki/tasks/_debug_disable.yml
 rename roles/web-app-mediawiki/tasks/{_enable_debug.yml => _debug_enable.yml} (100%)

diff --git a/roles/web-app-mediawiki/tasks/02_debug.yml b/roles/web-app-mediawiki/tasks/02_debug.yml
index 4ba96627..3e172721 100644
--- a/roles/web-app-mediawiki/tasks/02_debug.yml
+++ b/roles/web-app-mediawiki/tasks/02_debug.yml
@@ -3,35 +3,9 @@
 
 - name: "DEBUG | Enable block when MODE_DEBUG=true"
   when: MODE_DEBUG | bool
-  include_tasks: _enable_debug.yml
+  include_tasks: _debug_enable.yml
 
 - name: "DEBUG | Disable block when MODE_DEBUG=false"
   when: not (MODE_DEBUG | bool)
-  block:
-    - name: "Remove require_once line from LocalSettings.php (if present)"
-      shell: |
-        docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
-          LSP={{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php
-          if [ -f "$LSP" ]; then
-            if grep -Fqx -- "require_once __DIR__ . '\''/debug.php'\'';" "$LSP"; then
-              sed -i "\#require_once __DIR__ . '/debug.php';#d" "$LSP"
-              echo REMOVED_REQUIRE
-            fi
-          fi
-        '
-      args: { executable: /bin/bash }
-      register: _dbg_rm_req
-      changed_when: "'REMOVED_REQUIRE' in (_dbg_rm_req.stdout | default(''))"
+  include_tasks: _debug_disable.yml
 
-    - name: "Remove debug.php from container (if present)"
-      shell: >
-        docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
-        "if [ -f {{ MEDIAWIKI_HTML_DIR }}/debug.php ]; then rm -f {{ MEDIAWIKI_HTML_DIR }}/debug.php; echo REMOVED_FILE; fi"
-      args: { executable: /bin/bash }
-      register: _dbg_rm_file
-      changed_when: "'REMOVED_FILE' in (_dbg_rm_file.stdout | default(''))"
-
-    - name: "Remove local debug.php (if present)"
-      file:
-        path: "{{ MEDIAWIKI_CONFIG_DIR }}/debug.php"
-        state: absent
diff --git a/roles/web-app-mediawiki/tasks/_debug_disable.yml b/roles/web-app-mediawiki/tasks/_debug_disable.yml
new file mode 100644
index 00000000..bc1318c2
--- /dev/null
+++ b/roles/web-app-mediawiki/tasks/_debug_disable.yml
@@ -0,0 +1,27 @@
+- name: "Remove require_once line from LocalSettings.php (if present)"
+  shell: |
+    docker exec -u {{ MEDIAWIKI_USER }} {{ MEDIAWIKI_CONTAINER }} bash -lc '
+      LSP={{ MEDIAWIKI_HTML_DIR }}/LocalSettings.php
+      if [ -f "$LSP" ]; then
+        if grep -Fqx -- "require_once __DIR__ . '\''/debug.php'\'';" "$LSP"; then
+          sed -i "\#require_once __DIR__ . '/debug.php';#d" "$LSP"
+          echo REMOVED_REQUIRE
+        fi
+      fi
+    '
+  args: { executable: /bin/bash }
+  register: _dbg_rm_req
+  changed_when: "'REMOVED_REQUIRE' in (_dbg_rm_req.stdout | default(''))"
+
+- name: "Remove debug.php from container (if present)"
+  shell: >
+    docker exec {{ MEDIAWIKI_CONTAINER }} bash -lc
+    "if [ -f {{ MEDIAWIKI_HTML_DIR }}/debug.php ]; then rm -f {{ MEDIAWIKI_HTML_DIR }}/debug.php; echo REMOVED_FILE; fi"
+  args: { executable: /bin/bash }
+  register: _dbg_rm_file
+  changed_when: "'REMOVED_FILE' in (_dbg_rm_file.stdout | default(''))"
+
+- name: "Remove local debug.php (if present)"
+  file:
+    path: "{{ MEDIAWIKI_CONFIG_DIR }}/debug.php"
+    state: absent
\ No newline at end of file
diff --git a/roles/web-app-mediawiki/tasks/_enable_debug.yml b/roles/web-app-mediawiki/tasks/_debug_enable.yml
similarity index 100%
rename from roles/web-app-mediawiki/tasks/_enable_debug.yml
rename to roles/web-app-mediawiki/tasks/_debug_enable.yml
diff --git a/roles/web-app-mediawiki/templates/oidc.php.j2 b/roles/web-app-mediawiki/templates/oidc.php.j2
index fa4e923c..2d474918 100644
--- a/roles/web-app-mediawiki/templates/oidc.php.j2
+++ b/roles/web-app-mediawiki/templates/oidc.php.j2
@@ -3,9 +3,9 @@
 wfLoadExtension( 'PluggableAuth' );
 wfLoadExtension( 'OpenIDConnect' );
 
-$wgPluggableAuth_EnableAutoLogin = false;   // don’t auto-redirect to IdP
-$wgPluggableAuth_EnableLocalLogin = true;   // keep local user/pass login
-$wgPluggableAuth_ButtonLabelMessage = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
+$wgPluggableAuth_EnableAutoLogin = true;   // don’t auto-redirect to IdP
+$wgPluggableAuth_EnableLocalLogin = false;   // keep local user/pass login
+$wgPluggableAuth_ButtonLabel = '{{ MEDIAWIKI_OIDC_BUTTON_TEXT }}';
 
 // PluggableAuth expects a list of providers (numeric array) on REL1_44
 $wgPluggableAuth_Config = [