MediaWiki-Docker/Extension/CentralAuth

This page instructs you to install Extension:CentralAuth inside MediaWiki-Docker. Extension:CentralAuth#Installation has more detailed instructions for the general case; this page provides simplified instructions specific to a MediaWiki-Docker environment.

Follow the Quickstart instructions at MediaWiki-Docker page. Once MediaWiki is running and available at http://localhost:8080, then continue with instructions on this page.

All commands should be run in the directory where you installed MediaWiki. All mentioned files are also located there.

Set up wiki farm

edit

Having a wiki farm is a prerequisite to installing CentralAuth. You can do that by following the steps MediaWiki-Docker/Configuration recipes/Wiki farm. When the wiki farm is up and running, you can continue with the steps in this page.

Clone the repository and its dependencies

edit
git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/AntiSpoof" extensions/AntiSpoof
git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/CentralAuth" extensions/CentralAuth

Create the CentralAuth database

edit

The exact command here depends on the DBMS you are using.

MySQL/MariaDB
echo "CREATE DATABASE centralauth;USE centralauth;GRANT all on centralauth.* to 'root'@'%';" | docker compose exec -T database mysql
SQLite
sqlite3 cache/sqlite/centralauth.sqlite "VACUUM;"
Postgres

???

Create CentralAuth tables

edit

Run the commands below, replacing DBTYPE with your database type (mysql, sqlite, or postgres).

docker compose exec mediawiki php maintenance/run.php sql --wikidb centralauth extensions/AntiSpoof/sql/DBTYPE/tables-generated.sql
docker compose exec mediawiki php maintenance/run.php sql --wikidb centralauth extensions/CentralAuth/schema/DBTYPE/tables-generated.sql

docker compose exec mediawiki php maintenance/run.php sql --wikidb secondwiki extensions/AntiSpoof/sql/sqlite/tables-generated.sql

Install Composer dependencies

edit

There are composer dependencies that must be installed for CentralAuth to function. For convenience, you can use composer-merge-plugin to manage those:

cp composer.local.json-sample composer.local.json

This will let composer install dependencies for every extension and skin:

docker compose exec mediawiki composer install

Modify LocalSettings.php

edit

Add the following to LocalSettings.php.

// AntiSpoof - CentralAuth dependency
wfLoadExtension( 'AntiSpoof' );

// CentralAuth
wfLoadExtension( 'CentralAuth' );
$wgVirtualDomainsMapping['virtual-centralauth'] = [ 'db' => 'centralauth' ];
$wgCentralAuthLoginWiki = 'my_wiki'; // Set this to the database ID of your primary wiki to enable autologin
$wgCentralAuthAutoMigrate = true;
$wgCentralAuthAutoMigrateNonGlobalAccounts = true;

At this point, newly registered accounts should be CentralAuth users, however, migration of existing accounts will not work.

(Optional) Populate AntiSpoof tables

edit

Run the updater to create tables for the AntiSpoof extension:

docker compose exec mediawiki php maintenance/run.php update.php --quick

Populate my_wiki AntiSpoof

docker compose exec mediawiki php maintenance/run.php ./extensions/AntiSpoof/maintenance/batchAntiSpoof.php

Insert unique entries into centralauth AntiSpoof

MySQL/MariaDB
echo "insert into centralauth.spoofuser select * from my_wiki.spoofuser where su_name not in( select su_name from centralauth.spoofuser );" | docker compose exec -T php maintenance/run.php sql
SQLite
sqlite3 cache/sqlite/centralauth.sqlite "insert into centralauth.spoofuser select * from my_wiki.spoofuser where su_name not in( select su_name from centralauth.spoofuser );"
Postgres

???

(Optional) Migrate Existing Accounts

edit

Finally, you can migrate all the existing accounts, by running the following two scripts for each wiki:

docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass0.php
docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass1.php

It's possible that some accounts, like the Admin account on the second wiki, will not get attached to the central account after you run the migration scripts above. If that happens, go to Special:MergeAccount on the relevant wiki, while logged in as that user, and enter your password to attach the account manually.