fix(oidc): Update patch to work with recent changes in upstream (#208)

radiorabe · Apr 8, 2024 · ae84894 · ae84894
1 parent a66d36c
commit ae84894
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/wiki/Dockerfile b/wiki/Dockerfile
@@ -61,9 +61,7 @@ RUN git clone --depth=1 -b $MEDIAWIKI_EXT_BRANCH https://gerrit.wikimedia.org/r/
 RUN git clone --depth=1 -b $MEDIAWIKI_EXT_BRANCH https://gerrit.wikimedia.org/r/mediawiki/extensions/PluggableAuth.git /var/www/html/extensions/PluggableAuth
 
 RUN git clone --depth=1 -b $MEDIAWIKI_EXT_BRANCH https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect.git /var/www/html/extensions/OpenIDConnect \
- && sed -i "s/\$oidc->requestUserInfo( 'sub' );/\$oidc->requestUserInfo( \$GLOBALS['wgOpenIDConnect_SubjectUserInfoClaim'] );/" /var/www/html/extensions/OpenIDConnect/includes/OpenIDConnect.php \
- && sed -i "s/\$this->subject = \$this->getClaim( \$oidc, 'sub' );/\$this->subject = \$this->getClaim( \$oidc, \$GLOBALS['wgOpenIDConnect_SubjectUserInfoClaim'] );/" extensions/OpenIDConnect/includes/OpenIDConnect.php \
- && sed -i "s/\$oidc->addScope( \$scope );/\$oidc->addScope( [\$scope] );/" extensions/OpenIDConnect/includes/OpenIDConnect.php
+ && sed -i "s/\$this->subject = \$this->getClaim( 'sub' );/\$this->subject = \$this->getClaim( \$GLOBALS['wgOpenIDConnect_SubjectUserInfoClaim'] );/" extensions/OpenIDConnect/includes/OpenIDConnect.php
 
 RUN git clone --depth=1 -b $MEDIAWIKI_EXT_BRANCH https://gerrit.wikimedia.org/r/mediawiki/extensions/UserMerge.git /var/www/html/extensions/UserMerge
 

diff --git a/wiki/LocalSettings.php b/wiki/LocalSettings.php
@@ -308,7 +308,7 @@
     $wgOpenIDConnect_MigrateUsersByUserName = getenv('MW_AUTH_OIDC_MIGRATE_USERS_BY_USERNAME') ? (bool) getenv('MW_AUTH_OIDC_MIGRATE_USERS_BY_USERNAME') : false;
     $wgOpenIDConnect_MigrateUsersByEmail = getenv('MW_AUTH_OIDC_MIGRATE_USERS_BY_EMAIL') ? (bool) getenv('MW_AUTH_OIDC_MIGRATE_USERS_BY_EMAIL') : false;
     $wgOpenIDConnect_ForceLogout = getenv('MW_AUTH_OIDC_FORCE_LOGOUT') ? (bool) getenv('MW_AUTH_OIDC_FORCE_LOGOUT') : false;
-    // override this when you can't change the 'sub' claim because you want to update keycloak
+    // override this when you can't simply change the 'sub' claim (eg. because you are using keycloak and don't want to deploy a script to override the sub claim)
     $wgOpenIDConnect_SubjectUserInfoClaim = getenv('MW_AUTH_OIDC_SUBJECT_USERINFO_CLAIM') ? getenv('MW_AUTH_OIDC_SUBJECT_USERINFO_CLAIM') : 'sub';
 }