MediaWiki-Docker/Extension/CentralAuth
This page is currently a draft.
|
This page instructs you to install Extension:CentralAuth inside MediaWiki-Docker. Extension:CentralAuth#Installation has more detailed instructions for the general case; this page provides simplified instructions specific to a MediaWiki-Docker environment.
Follow the Quickstart instructions at MediaWiki-Docker page. Once MediaWiki is running and available at http://localhost:8080, then continue with instructions on this page.
All commands should be run in the directory where you installed MediaWiki. All mentioned files are also located there.
Set up wiki farm edit
Having a wiki farm is a prerequisite to installing CentralAuth. You can do that by following the steps MediaWiki-Docker/Configuration recipes/Wiki farm. When the wiki farm is up and running, you can continue with the steps in this page.
Clone the repository and its dependencies edit
git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/AntiSpoof" extensions/AntiSpoof
git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/CentralAuth" extensions/CentralAuth
Create the CentralAuth database edit
The exact command here depends on the DBMS you are using.
- MySQL/MariaDB
echo "CREATE DATABASE centralauth;USE centralauth;GRANT all on centralauth.* to 'root'@'%';" | docker compose exec -T database mysql
- SQLite
sqlite3 cache/sqlite/centralauth.sqlite "VACUUM;"
- Postgres
???
Create CentralAuth tables edit
Run the commands below, replacing DBTYPE with your database type (mysql, sqlite, or postgres).
docker compose exec mediawiki php maintenance/run.php sql --wikidb centralauth extensions/AntiSpoof/sql/DBTYPE/tables-generated.sql
docker compose exec mediawiki php maintenance/run.php sql --wikidb centralauth extensions/CentralAuth/schema/DBTYPE/tables-generated.sql
Install Composer dependencies edit
There are composer dependencies that must be installed for CentralAuth to function. For convenience, you can use composer-merge-plugin to manage those:
cp composer.local.json-sample composer.local.json
This will let composer install dependencies for every extension and skin:
docker compose exec mediawiki composer install
Modify LocalSettings.php edit
Add the following to LocalSettings.php.
// AntiSpoof - CentralAuth dependency
wfLoadExtension( 'AntiSpoof' );
// CentralAuth
wfLoadExtension( 'CentralAuth' );
$wgCentralAuthLoginWiki = 'my_wiki'; // Set this to the database ID of your primary wiki to enable autologin
$wgCentralAuthAutoMigrate = true;
$wgCentralAuthAutoMigrateNonGlobalAccounts = true;
At this point, newly registered accounts should be CentralAuth users, however, migration of existing accounts will not work.
(Optional) Populate AntiSpoof tables edit
Run the updater to create tables for the AntiSpoof extension:
docker compose exec mediawiki php maintenance/run.php update.php --quick
Populate my_wiki AntiSpoof
docker compose exec mediawiki php maintenance/run.php ./extensions/AntiSpoof/maintenance/batchAntiSpoof.php
Insert unique entries into centralauth AntiSpoof
- MySQL/MariaDB
echo "insert into centralauth.spoofuser select * from my_wiki.spoofuser where su_name not in( select su_name from centralauth.spoofuser );" | docker compose exec -T php maintenance/run.php sql
- SQLite
sqlite3 cache/sqlite/centralauth.sqlite "insert into centralauth.spoofuser select * from my_wiki.spoofuser where su_name not in( select su_name from centralauth.spoofuser );"
- Postgres
???
(Optional) Migrate Existing Accounts edit
Finally, you can migrate all the existing accounts, by running the following two scripts for each wiki:
docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass0.php
docker compose exec mediawiki php maintenance/run.php ./extensions/CentralAuth/maintenance/migratePass1.php
It's possible that some accounts, like the Admin account on the second wiki, will not get attached to the central account after you run the migration scripts above. If that happens, go to Special:MergeAccount on the relevant wiki, while logged in as that user, and enter your password to attach the account manually.