mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-21 07:55:00 +00:00
cf7cacb575
When private mode is turned on and off, a setting to allow anonymous editing is being written. This turns on anonymous editing on the wiki. To fix, drop the code that adds anonymous editing line and implement migration from older settings to newer settings. Closes: #1783. Tests performed: - Install mediawiki with current master. Private mode is disabled by default. Anonymous users can't edit. There is a line for editing set to false in FreedomBoxSettings.php configuration file. Switch to latest code. The line should be removed. private mode is still disabled. Anonymous users should not be able to edit the wiki. - Install mediawiki with current master. Enable private mode. Anonymous users can't edit, login is required to view wiki. There is a line for editing set to false in FreedomBoxSettings.php configuration file. Switch to latest code. The line should be removed. private mode is still enabled. Anonymous users should not be able to edit the wiki. Login is required to view the wiki. - Install mediawiki with current master. Enable private mode and disable it. Anonymous users can edit the wiki. There is a line for editing set to true in FreedomBoxSettings.php configuration file. Switch to latest code. The line should be removed. private mode is still disabled. Anonymous users should not be able to edit the wiki but they can read the wiki. - Install mediawiki with the changes in the branch. Line for editing the wiki is not present in FreedomBoxSettings.php configuration file. Enabling/disabling the private mode does not introduce the line either. When private mode is enabled, login is required to read/edit the wiki. When it is disabled, anonymous users can read the wiki but not edit it. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org> Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
231 lines
7.8 KiB
Python
Executable File
231 lines
7.8 KiB
Python
Executable File
#!/usr/bin/python3
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
"""
|
|
Configuration helper for MediaWiki.
|
|
"""
|
|
|
|
import argparse
|
|
import os
|
|
import subprocess
|
|
import sys
|
|
import tempfile
|
|
|
|
from plinth.utils import generate_password
|
|
|
|
MAINTENANCE_SCRIPTS_DIR = "/usr/share/mediawiki/maintenance"
|
|
CONF_FILE = '/etc/mediawiki/FreedomBoxSettings.php'
|
|
LOCAL_SETTINGS_CONF = '/etc/mediawiki/LocalSettings.php'
|
|
|
|
|
|
def parse_arguments():
|
|
"""Return parsed command line arguments as dictionary."""
|
|
parser = argparse.ArgumentParser()
|
|
subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
|
|
|
|
subparsers.add_parser('setup', help='Setup MediaWiki')
|
|
subparsers.add_parser('update', help='Run MediaWiki update script')
|
|
|
|
help_pub_reg = 'Enable/Disable/Status public user registration.'
|
|
pub_reg = subparsers.add_parser('public-registrations', help=help_pub_reg)
|
|
pub_reg.add_argument('command', choices=('enable', 'disable', 'status'),
|
|
help=help_pub_reg)
|
|
|
|
help_private_mode = 'Enable/Disable/Status private mode.'
|
|
private_mode = subparsers.add_parser('private-mode',
|
|
help=help_private_mode)
|
|
private_mode.add_argument('command',
|
|
choices=('enable', 'disable', 'status'),
|
|
help=help_private_mode)
|
|
|
|
change_password = subparsers.add_parser('change-password',
|
|
help='Change user password')
|
|
change_password.add_argument('--username', default='admin',
|
|
help='name of the MediaWiki user')
|
|
change_password.add_argument('--password',
|
|
help='new password for the MediaWiki user')
|
|
|
|
default_skin = subparsers.add_parser('set-default-skin',
|
|
help='Set the default skin')
|
|
default_skin.add_argument('skin', help='name of the skin')
|
|
|
|
subparsers.required = True
|
|
return parser.parse_args()
|
|
|
|
|
|
def subcommand_setup(_):
|
|
"""Run the installer script to create database and configuration file."""
|
|
data_dir = '/var/lib/mediawiki-db/'
|
|
if not os.path.exists(data_dir):
|
|
os.mkdir(data_dir)
|
|
|
|
if not os.path.exists(os.path.join(data_dir, 'my_wiki.sqlite')) or \
|
|
not os.path.exists(LOCAL_SETTINGS_CONF):
|
|
install_script = os.path.join(MAINTENANCE_SCRIPTS_DIR, 'install.php')
|
|
password = generate_password()
|
|
with tempfile.NamedTemporaryFile() as password_file_handle:
|
|
password_file_handle.write(password.encode())
|
|
subprocess.check_call([
|
|
'php', install_script, '--confpath=/etc/mediawiki',
|
|
'--dbtype=sqlite', '--dbpath=' + data_dir,
|
|
'--scriptpath=/mediawiki', '--passfile',
|
|
password_file_handle.name, 'Wiki', 'admin'
|
|
])
|
|
subprocess.run(['chmod', '-R', 'o-rwx', data_dir], check=True)
|
|
subprocess.run(['chown', '-R', 'www-data:www-data', data_dir], check=True)
|
|
include_custom_config()
|
|
_fix_non_private_mode()
|
|
|
|
|
|
def include_custom_config():
|
|
"""Include FreedomBox specific configuration in LocalSettings.php."""
|
|
with open(LOCAL_SETTINGS_CONF, 'r') as conf_file:
|
|
lines = conf_file.readlines()
|
|
|
|
static_settings_index = None
|
|
settings_index = None
|
|
for line_number, line in enumerate(lines):
|
|
if 'FreedomBoxSettings.php' in line:
|
|
settings_index = line_number
|
|
|
|
if 'FreedomBoxStaticSettings.php' in line:
|
|
static_settings_index = line_number
|
|
|
|
if settings_index is None:
|
|
settings_index = len(lines)
|
|
lines.append('include dirname(__FILE__)."/FreedomBoxSettings.php";\n')
|
|
|
|
if static_settings_index is None:
|
|
lines.insert(
|
|
settings_index,
|
|
'include dirname(__FILE__)."/FreedomBoxStaticSettings.php";\n')
|
|
|
|
with open(LOCAL_SETTINGS_CONF, 'w') as conf_file:
|
|
conf_file.writelines(lines)
|
|
|
|
|
|
def _fix_non_private_mode():
|
|
"""Drop the line that allows editing by anonymous users.
|
|
|
|
Remove this fix after the release of Debian 11.
|
|
|
|
"""
|
|
with open(CONF_FILE, 'r') as conf_file:
|
|
lines = conf_file.readlines()
|
|
|
|
with open(CONF_FILE, 'w') as conf_file:
|
|
for line in lines:
|
|
if not line.startswith("$wgGroupPermissions['*']['edit']"):
|
|
conf_file.write(line)
|
|
|
|
|
|
def subcommand_change_password(arguments):
|
|
"""Change the password for a given user"""
|
|
new_password = ''.join(sys.stdin)
|
|
change_password_script = os.path.join(MAINTENANCE_SCRIPTS_DIR,
|
|
'changePassword.php')
|
|
|
|
subprocess.check_call([
|
|
'php', change_password_script, '--user', arguments.username,
|
|
'--password', new_password
|
|
])
|
|
|
|
|
|
def subcommand_update(_):
|
|
"""Run update.php maintenance script when version upgrades happen."""
|
|
update_script = os.path.join(MAINTENANCE_SCRIPTS_DIR, 'update.php')
|
|
subprocess.check_call(['php', update_script, '--quick'])
|
|
|
|
|
|
def subcommand_public_registrations(arguments):
|
|
"""Enable or Disable public registrations for MediaWiki."""
|
|
|
|
with open(CONF_FILE, 'r') as conf_file:
|
|
lines = conf_file.readlines()
|
|
|
|
def is_pub_reg_line(line):
|
|
return line.startswith("$wgGroupPermissions['*']['createaccount']")
|
|
|
|
if arguments.command == 'status':
|
|
conf_lines = list(filter(is_pub_reg_line, lines))
|
|
if conf_lines:
|
|
print('enabled' if 'true' in conf_lines[0] else 'disabled')
|
|
else:
|
|
print('disabled')
|
|
else:
|
|
with open(CONF_FILE, 'w') as conf_file:
|
|
for line in lines:
|
|
if is_pub_reg_line(line):
|
|
words = line.split()
|
|
if arguments.command == 'enable':
|
|
words[-1] = 'true;'
|
|
else:
|
|
words[-1] = 'false;'
|
|
conf_file.write(" ".join(words) + '\n')
|
|
else:
|
|
conf_file.write(line)
|
|
|
|
|
|
def subcommand_private_mode(arguments):
|
|
"""Enable or Disable Private mode for wiki"""
|
|
with open(CONF_FILE, 'r') as conf_file:
|
|
lines = conf_file.readlines()
|
|
|
|
def is_read_line(line):
|
|
return line.startswith("$wgGroupPermissions['*']['read']")
|
|
|
|
read_conf_lines = list(filter(is_read_line, lines))
|
|
if arguments.command == 'status':
|
|
if read_conf_lines and 'false' in read_conf_lines[0]:
|
|
print('enabled')
|
|
else:
|
|
print('disabled')
|
|
else:
|
|
with open(CONF_FILE, 'w') as conf_file:
|
|
conf_value = 'false;' if arguments.command == 'enable' else 'true;'
|
|
for line in lines:
|
|
if is_read_line(line):
|
|
words = line.split()
|
|
words[-1] = conf_value
|
|
conf_file.write(" ".join(words) + '\n')
|
|
else:
|
|
conf_file.write(line)
|
|
|
|
if not read_conf_lines:
|
|
conf_file.write("$wgGroupPermissions['*']['read'] = " +
|
|
conf_value + '\n')
|
|
|
|
|
|
def subcommand_set_default_skin(arguments):
|
|
"""Set a default skin"""
|
|
skin = arguments.skin
|
|
skin_setting = f'$wgDefaultSkin = "{skin}";\n'
|
|
|
|
with open(CONF_FILE, 'r') as conf_file:
|
|
lines = conf_file.readlines()
|
|
|
|
inserted = False
|
|
for i, line in enumerate(lines):
|
|
if line.strip().startswith('$wgDefaultSkin'):
|
|
lines[i] = skin_setting
|
|
inserted = True
|
|
break
|
|
|
|
if not inserted:
|
|
lines.append(skin_setting)
|
|
|
|
with open(CONF_FILE, 'w') as conf_file:
|
|
conf_file.writelines(lines)
|
|
|
|
|
|
def main():
|
|
"""Parse arguments and perform all duties."""
|
|
arguments = parse_arguments()
|
|
|
|
subcommand = arguments.subcommand.replace('-', '_')
|
|
subcommand_method = globals()['subcommand_' + subcommand]
|
|
subcommand_method(arguments)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|