jenkins-bot has submitted this change and it was merged.
Change subject: Vagrant role for OAuthAuthentication
..
Vagrant role for OAuthAuthentication
For convenience, this relies on a common consumer registration
for all instances, thus making the consumer secret public:
https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/7e5461e6907ad6ed43684793046fd3a9
This is somewhat unsafe, so user identities provided by the
extension should not be trusted. Using it for development is
fine though.
Depends on Ic1d3d9ad20da5b5aeb9d49ff0844d4b7070ce596.
Change-Id: I88a55acdfb8e03ada6dfe27aad7f6ea5282a9e05
---
A
puppet/modules/role/files/oauthauthentication/VagrantRoleOAuthAuthentication.wiki
A puppet/modules/role/manifests/oauthauthentication.pp
2 files changed, 36 insertions(+), 0 deletions(-)
Approvals:
BryanDavis: Looks good to me, approved
jenkins-bot: Verified
diff --git
a/puppet/modules/role/files/oauthauthentication/VagrantRoleOAuthAuthentication.wiki
b/puppet/modules/role/files/oauthauthentication/VagrantRoleOAuthAuthentication.wiki
new file mode 100644
index 000..fe228a2
--- /dev/null
+++
b/puppet/modules/role/files/oauthauthentication/VagrantRoleOAuthAuthentication.wiki
@@ -0,0 +1,11 @@
+Use Wikimedia identities to log in. This uses a predefined consumer
+([https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/7e5461e6907ad6ed43684793046fd3a9
7e5461e6907ad6ed43684793046fd3a9])
+and the secret key of that consumer is part of the MediaWiki-Vagrant
+code and thus public, which makes it somewhat insecure. It should
+be good enough for development, though (the consumer does not have
+permissions to do anything, and the only information it can leak
+is the fact that you have authorized it).
+
+The Vagrant box must be available at the IP address 127.0.0.1 for the
+role to work (the port number can be arbitrary).
+
diff --git a/puppet/modules/role/manifests/oauthauthentication.pp
b/puppet/modules/role/manifests/oauthauthentication.pp
new file mode 100644
index 000..ac7f561
--- /dev/null
+++ b/puppet/modules/role/manifests/oauthauthentication.pp
@@ -0,0 +1,25 @@
+# == Class: role::oauthauthentication
+# Provisions the OAuthAuthentication[1] extension, which allows login
+# via OAuth, using accounts at a remote wiki.
+#
+# [1] https://www.mediawiki.org/wiki/Extension:OAuthAuthentication
+#
+class role::oauthauthentication {
+mediawiki::extension { 'OAuthAuthentication':
+needs_update => true,
+composer => true,
+settings => {
+wgOAuthAuthenticationUrl=>
'https://meta.wikimedia.org/w/index.php?title=Special:OAuth',
+wgOAuthAuthenticationConsumerKey=>
'0fde3e1e451907e9653ea612f7b30a5a',
+wgOAuthAuthenticationConsumerSecret =>
'143a7e53fe1e0fe7f42a2aed77b8e6fc9f38112a',
+wgOAuthAuthenticationCanonicalUrl =>
'https://meta.wikimedia.org',
+wgOAuthAuthenticationRemoteName => 'Wikimedia',
+wgOAuthAuthenticationCallbackUrl=>
"http://dev.wiki.local.wmftest.net${::port_fragment}/wiki/Special:OAuthLogin/finish;,
+}
+}
+
+mediawiki::import::text { 'VagrantRoleOAuthAuthentication':
+source =>
'puppet:///modules/role/oauthauthentication/VagrantRoleOAuthAuthentication.wiki',
+}
+}
+
--
To view, visit https://gerrit.wikimedia.org/r/248664
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I88a55acdfb8e03ada6dfe27aad7f6ea5282a9e05
Gerrit-PatchSet: 4
Gerrit-Project: mediawiki/vagrant
Gerrit-Branch: master
Gerrit-Owner: Gergő Tisza
Gerrit-Reviewer: BryanDavis
Gerrit-Reviewer: CSteipp
Gerrit-Reviewer: Dduvall
Gerrit-Reviewer: Gergő Tisza
Gerrit-Reviewer: jenkins-bot <>
___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
