From 846930b52d945313c0775e78125fb738d8293ce3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?= <frass@greenscale.de>
Date: Tue, 19 Dec 2023 23:09:23 +0100
Subject: [PATCH] [fix] role:dokuwiki

---
 ansible/roles/dokuwiki/defaults/main.json     |  3 +
 ansible/roles/dokuwiki/info.md                |  5 ++
 ansible/roles/dokuwiki/tasks/main.json        | 69 ++++++++++++-------
 .../dokuwiki/templates/conf-acl.auth.php.j2   |  8 ++-
 .../dokuwiki/templates/conf-local.php.j2      | 21 +++---
 .../dokuwiki/templates/conf-users.auth.php.j2 |  2 +-
 6 files changed, 74 insertions(+), 34 deletions(-)

diff --git a/ansible/roles/dokuwiki/defaults/main.json b/ansible/roles/dokuwiki/defaults/main.json
index 691ea9e..d37a59c 100644
--- a/ansible/roles/dokuwiki/defaults/main.json
+++ b/ansible/roles/dokuwiki/defaults/main.json
@@ -1,6 +1,8 @@
 {
 	"var_dokuwiki_directory": "/opt/dokuwiki",
 	"var_dokuwiki_title": "DokuWiki",
+	"var_dokuwiki_language": "en",
+	"var_dokuwiki_licence": "cc-by-sa",
 	"var_dokuwiki_oauth2_enable": false,
 	"var_dokuwiki_oauth2_title": "external auth",
 	"var_dokuwiki_oauth2_client_id": "dokuwiki",
@@ -11,5 +13,6 @@
 	"var_dokuwiki_admin_user_define": true,
 	"var_dokuwiki_admin_user_name": "admin",
 	"var_dokuwiki_admin_user_password": "REPLACE_ME",
+	"var_dokuwiki_admin_user_label": "Admin",
 	"var_dokuwiki_admin_user_email_address": "dokuwiki-admin@example.org"
 }
diff --git a/ansible/roles/dokuwiki/info.md b/ansible/roles/dokuwiki/info.md
index 25eac97..33c0bd2 100644
--- a/ansible/roles/dokuwiki/info.md
+++ b/ansible/roles/dokuwiki/info.md
@@ -9,3 +9,8 @@ Für das leicht-gewichtige Wiki-System [DokuWiki](https://www.dokuwiki.org/dokuw
 - [Dokumentation | Ansible](https://www.dokuwiki.org/install:ansible)
 - [Plugin: oAuth](https://www.dokuwiki.org/plugin:oauth)
 - [Plugin: oAuthGeneric](https://www.dokuwiki.org/plugin:oauthgeneric)
+
+
+## ToDo
+
+- Admin-Passwort richten
diff --git a/ansible/roles/dokuwiki/tasks/main.json b/ansible/roles/dokuwiki/tasks/main.json
index d3ec7ee..ab9339b 100644
--- a/ansible/roles/dokuwiki/tasks/main.json
+++ b/ansible/roles/dokuwiki/tasks/main.json
@@ -10,6 +10,13 @@
 			]
 		}
 	},
+	{
+		"name": "core | preparation",
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "/tmp/dokuwiki-core"
+		}
+	},
 	{
 		"name": "core | acquisition",
 		"ansible.builtin.get_url": {
@@ -22,13 +29,13 @@
 		"ansible.builtin.unarchive": {
 			"remote_src": true,
 			"src": "/tmp/dokuwiki.tgz",
-			"dest": "/tmp"
+			"dest": "/tmp/dokuwiki-core"
 		}
 	},
 	{
 		"name": "core | version retrieval",
-		"ansible.builtin.shell": {
-			"cmd": "ls -1 /tmp/ | grep dokuwiki- | grep -v plugin"
+		"ansible.builtin.command": {
+			"cmd": "ls /tmp/dokuwiki-core"
 		},
 		"register": "temp_core_version_output"
 	},
@@ -46,13 +53,20 @@
 		"become": true,
 		"ansible.builtin.copy": {
 			"remote_src": true,
-			"src": "/tmp/{{temp_core_version_output.stdout}}/",
+			"src": "/tmp/dokuwiki-core/{{temp_core_version_output.stdout}}/",
 			"dest": "{{var_dokuwiki_directory}}",
 			"owner": "www-data"
 		}
 	},
 	{
-		"name": "plugin oauth2 base | acquisition",
+		"name": "plugin 'oauth' | preparation",
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "/tmp/dokuwiki-plugin-oauth"
+		}
+	},
+	{
+		"name": "plugin 'oauth' | acquisition",
 		"when": "var_dokuwiki_oauth2_enable",
 		"ansible.builtin.get_url": {
 			"url": "https://github.com/cosmocode/dokuwiki-plugin-oauth/zipball/master",
@@ -60,24 +74,24 @@
 		}
 	},
 	{
-		"name": "plugin oauth2 base | extraction",
+		"name": "plugin 'oauth' | extraction",
 		"when": "var_dokuwiki_oauth2_enable",
 		"ansible.builtin.unarchive": {
 			"remote_src": true,
 			"src": "/tmp/dokuwiki-plugin-oauth-base.zip",
-			"dest": "/tmp"
+			"dest": "/tmp/dokuwiki-plugin-oauth"
 		}
 	},
 	{
-		"name": "plugin oauth2 base | version retrieval",
+		"name": "plugin 'oauth' | version retrieval",
 		"when": "var_dokuwiki_oauth2_enable",
-		"ansible.builtin.shell": {
-			"cmd": "ls -1 /tmp/ | grep cosmocode-dokuwiki-plugin-oauth-"
+		"ansible.builtin.command": {
+			"cmd": "ls -1 /tmp/dokuwiki-plugin-oauth"
 		},
 		"register": "temp_plugin_oauth_base_version_output"
 	},
 	{
-		"name": "plugin oauth2 base | directory",
+		"name": "plugin 'oauth' | directory",
 		"when": "var_dokuwiki_oauth2_enable",
 		"become": true,
 		"ansible.builtin.file": {
@@ -87,18 +101,25 @@
 		}
 	},
 	{
-		"name": "plugin oauth2 base | emplacement",
+		"name": "plugin 'oauth' | emplacement",
 		"when": "var_dokuwiki_oauth2_enable",
 		"become": true,
 		"ansible.builtin.copy": {
 			"remote_src": true,
-			"src": "/tmp/{{temp_plugin_oauth_base_version_output.stdout}}/",
+			"src": "/tmp/dokuwiki-plugin-oauth/{{temp_plugin_oauth_base_version_output.stdout}}/",
 			"dest": "{{var_dokuwiki_directory}}/lib/plugins/oauth",
 			"owner": "www-data"
 		}
 	},
 	{
-		"name": "plugin oauth2 generic | acquisition",
+		"name": "plugin 'oauthgeneric' | preparation",
+		"ansible.builtin.file": {
+			"state": "directory",
+			"path": "/tmp/dokuwiki-plugin-oauthgeneric"
+		}
+	},
+	{
+		"name": "plugin 'oauthgeneric' | acquisition",
 		"when": "var_dokuwiki_oauth2_enable",
 		"ansible.builtin.get_url": {
 			"url": "https://github.com/cosmocode/dokuwiki-plugin-oauthgeneric/zipball/master",
@@ -106,24 +127,24 @@
 		}
 	},
 	{
-		"name": "plugin oauth2 generic | extraction",
+		"name": "plugin 'oauthgeneric' | extraction",
 		"when": "var_dokuwiki_oauth2_enable",
 		"ansible.builtin.unarchive": {
 			"remote_src": true,
 			"src": "/tmp/dokuwiki-plugin-oauth-generic.zip",
-			"dest": "/tmp"
+			"dest": "/tmp/dokuwiki-plugin-oauthgeneric"
 		}
 	},
 	{
-		"name": "plugin oauth2 generic | version retrieval",
+		"name": "plugin 'oauthgeneric' | version retrieval",
 		"when": "var_dokuwiki_oauth2_enable",
-		"ansible.builtin.shell": {
-			"cmd": "ls -1 /tmp/ | grep cosmocode-dokuwiki-plugin-oauthgeneric-"
+		"ansible.builtin.command": {
+			"cmd": "ls -1 /tmp/dokuwiki-plugin-oauthgeneric"
 		},
 		"register": "temp_plugin_oauth_generic_version_output"
 	},
 	{
-		"name": "plugin oauth2 generic | directory",
+		"name": "plugin 'oauthgeneric' | directory",
 		"when": "var_dokuwiki_oauth2_enable",
 		"become": true,
 		"ansible.builtin.file": {
@@ -133,21 +154,21 @@
 		}
 	},
 	{
-		"name": "plugin oauth2 generic | emplacement",
+		"name": "plugin 'oauthgeneric' | emplacement",
 		"when": "var_dokuwiki_oauth2_enable",
 		"become": true,
 		"ansible.builtin.copy": {
 			"remote_src": true,
-			"src": "/tmp/{{temp_plugin_oauth_generic_version_output.stdout}}/",
+			"src": "/tmp/dokuwiki-plugin-oauthgeneric/{{temp_plugin_oauth_generic_version_output.stdout}}/",
 			"dest": "{{var_dokuwiki_directory}}/lib/plugins/oauthgeneric",
 			"owner": "www-data"
 		}
 	},
 	{
-		"name": "admin user | password hash",
+		"name": "admin user password",
 		"when": "var_dokuwiki_admin_user_define",
 		"ansible.builtin.set_fact": {
-			"temp_password_hash": "{{var_dokuwiki_admin_user_password | ansible.builtin.password_hash(hashtype='blowfish',rounds=10)}}"
+			"temp_password_hash": "{{var_dokuwiki_admin_user_password | ansible.builtin.password_hash(hashtype='bcrypt',rounds=12)}}"
 		}
 	},
 	{
diff --git a/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2 b/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2
index cacd42c..63d73db 100644
--- a/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2
+++ b/ansible/roles/dokuwiki/templates/conf-acl.auth.php.j2
@@ -1 +1,7 @@
-*               @ALL          8
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+*               @ALL          0
+*               @user         8
diff --git a/ansible/roles/dokuwiki/templates/conf-local.php.j2 b/ansible/roles/dokuwiki/templates/conf-local.php.j2
index 7878a7d..50b87bd 100644
--- a/ansible/roles/dokuwiki/templates/conf-local.php.j2
+++ b/ansible/roles/dokuwiki/templates/conf-local.php.j2
@@ -1,23 +1,28 @@
 <?php
 $conf['title'] = '{{var_dokuwiki_title}}';
-$conf['lang'] = 'en';
-$conf['license'] = 'cc-by-sa';
+$conf['lang'] = '{{var_dokuwiki_language}}';
+$conf['license'] = '{{var_dokuwiki_licence}}';
 $conf['useacl'] = 1;
 $conf['superuser'] = '@admin';
-$conf['disableactions'] = 'register';
-
+$conf['passcrypt'] = 'bcrypt';
 {% if var_dokuwiki_oauth2_enable %}
 $conf['authtype'] = 'oauth';
+$conf['disableactions'] = 'resendpwd,profile,profile_delete';
+$conf['plugin']['oauth']['singleService'] = 1;
 $conf['plugin']['oauthgeneric']['key'] = '{{var_dokuwiki_oauth2_client_id}}';
 $conf['plugin']['oauthgeneric']['secret'] = '{{var_dokuwiki_oauth2_client_secret}}';
 $conf['plugin']['oauthgeneric']['authurl'] = '{{var_dokuwiki_oauth2_auth_url}}';
 $conf['plugin']['oauthgeneric']['tokenurl'] = '{{var_dokuwiki_oauth2_token_url}}';
 $conf['plugin']['oauthgeneric']['userurl'] = '{{var_dokuwiki_oauth2_user_url}}';
-$conf['plugin']['oauthgeneric']['scopes'] = array('openid email profile');
-$conf['plugin']['oauthgeneric']['json-user'] = '.sub';
-$conf['plugin']['oauthgeneric']['json-name'] = '.name';
-$conf['plugin']['oauthgeneric']['json-mail'] = '.email';
+$conf['plugin']['oauthgeneric']['authmethod'] = 0;
+$conf['plugin']['oauthgeneric']['scopes'] = ['openid','email','profile','groups'];
+$conf['plugin']['oauthgeneric']['needs-state'] = 1;
+$conf['plugin']['oauthgeneric']['json-user'] = 'sub';
+$conf['plugin']['oauthgeneric']['json-name'] = 'name';
+$conf['plugin']['oauthgeneric']['json-mail'] = 'email';
+$conf['plugin']['oauthgeneric']['json-grps'] = 'groups';
 $conf['plugin']['oauthgeneric']['label'] = '{{var_dokuwiki_oauth2_title}}';
+$conf['plugin']['oauthgeneric']['color'] = '#333333';
 {% else %}
 $conf['authtype'] = 'authplain';
 {% endif %}
diff --git a/ansible/roles/dokuwiki/templates/conf-users.auth.php.j2 b/ansible/roles/dokuwiki/templates/conf-users.auth.php.j2
index 972be0b..60a5314 100644
--- a/ansible/roles/dokuwiki/templates/conf-users.auth.php.j2
+++ b/ansible/roles/dokuwiki/templates/conf-users.auth.php.j2
@@ -5,5 +5,5 @@
 # Userfile
 
 {% if var_dokuwiki_admin_user_define %}
-{{var_dokuwiki_admin_user_name}}:{{temp_password_hash}}:{{var_dokuwiki_admin_user_email_address}}:admin,user
+{{var_dokuwiki_admin_user_name}}:{{temp_password_hash}}:{{var_dokuwiki_admin_user_label}}:{{var_dokuwiki_admin_user_email_address}}:admin,user
 {% endif %}