Extension:CentralAuth/Walkthrough

From Linux Web Expert


This is a walkthrough for CentralAuth, The aim is to make it as simple as possible. If you edit this guide, try and keep it simple.

Step 1, Download and Install web-end

First, how many wikis you want. I will be running through an example with 3 wikis, "metawiki", "testwiki", and "codwiki"

Download MediaWiki. This guide makes the assumption you are running on a Linux system. CentralAuth can be set up on a Windows server but this guide will not explicitly tell you how it's done.

sudo -s && cd /

then

git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CentralAuth.git

That will download the latest development centralauth to a folder called CentralAuth into the root (top) directory of your system.. While snapshots can be used, subversion is preferred.

Next, we will install MediaWiki as usual, with some considerations taken into account. Create your directories. In my case, i'm calling them metawiki, codwiki and testwiki. I'm using databases named named cod_wiki, test_wiki and meta_wiki. Note how the databases have a similar suffix. Make the account details the same across all installs, as they will be merged together later.

Finish the install (using the exact same database username and password for each wiki). download LocalSettings.php, etc. Repeat for each wiki.

if you don't use the same un/pw for each wiki, you must grant all privileges on each wiki's database and the centralauth database, to each of the wiki's dbUser identified by each dbPass. (noted in each LocalSettings.php). Tl;dr use the same username and password.

Copy CentralAuth (the folder we downloaded) to every wikis 'extensions folder'.

Step 2. Configure CentralAuth Settings

Now, we need to install the extension to the wiki, and set it up. The setup script needs to be the same in ALL localsettings, or conflicts will ensue. I'm keeping this simple - so here the example code. Copy and paste this code into your LocalSettings.php, and modify to your needs. I've commented to the side. The important things are to replace the database names with the databases you created, and to change sitename and directory locations. Remember, copy this script to the bottom of every wikis LocalSettings.php.

Notice that your $wgConf configuration is included in this.

Code

wfLoadExtension('CentralAuth'); //require the extension, pretty self-explanatory

# General CentralAuth configuration
$wgCentralAuthAutoNew = true;
$wgCentralAuthDatabase = 'database name'; // default is 'centralauth'
$wgCentralAuthAutoMigrate = true;
#$wgCentralAuthCookieDomain = '';
 
# Create the local account on pageview, set false to require a local login to create it.
$wgCentralAuthCreateOnView = true;
 
# Skips the "login success" page
$wgCentralAuthSilentLogin = true;
 
# Deprecated, will be removed soon.
$wgCentralAuthUseOldAutoLogin = false;

$wgCentralAuthDryRun = false;
# unset( $wgGroupPermissions['*']['centralauth-merge'] );
# $wgGroupPermissions['sysop']['centralauth-merge'] = true;
 
// You can't just set wgConf values to the globals defined in Setup.php for your
// local wiki, because it hasn't run yet.  You could hard-code $wgConf settings
// here, but instead we set the wgConf values in a hook that runs later.

$wgConf = new SiteConfiguration;
 
# Read wiki lists
 
$wgLocalDatabases = array( 'meta_wiki', 'test_wiki', 'cod_wiki' ); //all wiki databases, as an array. Important to change.

$wgConf->wikis = $wgLocalDatabases;
$wgConf->suffixes = array(
        'wiki'
); //We have the same suffix of wiki
//all databases have suffix wiki
$wgConf->suffixes = $wgLocalDatabases;
 
$wgConf->localVHosts = array( 'localhost' ); //your database server. could be example.com or IP address. no http://
 
$wgConf->siteParamsCallback = 'efGetSiteParams';
$wgConf->extractAllGlobals( $wgDBname );

 
$wgConf->settings = array(
 
'wgServer' => array(
    'default' => 'http://localhost', //default means applied to all wikis. We want our location to be http://localhost/(wiki). If your wikis are hosted on different domains, then you would override this, but let's keep it simple
),
 
'wgCanonicalServer' => array(
    'default' => 'http://localhost',
),

'wgScriptPath' => array(
    'meta_wiki' => '/metawiki', //script path, where index.php is located for meta
'test_wiki' => '/testwiki', //test
'cod_wiki' => '/codwiki', //cod
),
 
'wgArticlePath' => array(
    'meta_wiki' => '/meta/$1', //for short urls
'test_wiki' => '/test/$1',
'cod_wiki' => '/cod/$1',
),

//IF IT'S NOT WORKING
//keep articlepath the same as scriptpath, with /$1 at the end. So for test_wiki it would be /testwiki and /testwiki/$1
 
'wgLanguageCode' => array( //dont change, if all wikis are english *BE careful not to alter this line if you use RegEx to replace COD with your wiki name!
    'default' => '$lang',
),
 
'wgLocalInterwiki' => array(
    'default' => '$lang',
),
);
 
function efGetSiteParams( $conf, $wiki ) {
    $site = null;
    $lang = null;
    foreach( $conf->suffixes as $suffix ) {
        if ( substr( $wiki, -strlen( $suffix ) ) == $suffix ) {
            $site = $suffix;
            $lang = substr( $wiki, 0, -strlen( $suffix ) );
            break;
        }
    }
    return array(
        'suffix' => $site,
        'lang' => $lang,
        'params' => array(
            'lang' => $lang,
            'site' => $site,
            'wiki' => $wiki,
        ),
        'tags' => array(),
    );
}


Begin by copying into one localsettings, modify, save and copy to the rest.

Step 3. Create database centralauth (and configure)

Your wikis won't work yet. We need to set up other stuff. Create a new sql database and call it 'CentralAuth'. Run centralauth.sql -- if you don't know how to do this the easiest way is to use a tool called phpMyAdmin. schema/mysql/tables-generated.sql is located in the CA folder in your root directory if you used the svn command line above. This writes tables, and sets up the database

Now we have centralauth set up, but nobody is configured to manage it. We need to create our global account, by migrating everyone. Choose a wiki, I shall choose meta, and use terminal to chdir into it.

cd /path/to/mediawiki/extensions/CentralAuth/maintenance

Now type

php migratePass0.php

then

php migratePass1.php

You can run this process from each of your wiki's CentralAuth/Migration directories, but it may be easier to use Special:MergeAccount. So go to your other wikis (COD and TEST in my case) and go to Special:MergeAccount

Now, back to meta. go to Special:UserRights, and make yourself a 'steward'. The problem now is: steward is a local group, we need to migrate it to global. Back to terminal, hopefully you're still where we were before

php migrateStewards.php

You're now a global steward, good for you! What can you do - nothing, yet. You may want to remove your local steward group via Special:UserRights, it's no longer needed.

Since Special:GlobalGroupPermissions is only usable by users with the globalgrouppermissions user right from a global group, we have to insert the first user right manually via SQL management (e.g. phpMyAdmin or via shell). Using the centralauth database, run:

INSERT INTO global_group_permissions (ggp_group,ggp_permission) VALUES ('steward','globalgrouppermissions'),('steward','globalgroupmembership');

Now you have the authority to manage global groups through Special:GlobalGroupPermissions. Edit steward, which you are conveniently already member of, and tick everything you want (for me, everything except "bot" and "mark rollback as bot".) You can create new global groups through Special:GlobalGroupPermissions, and add people to it at Special:GlobalUserRights.

Special:CentralAuth lets you lock accounts globally, hide them, and unmerge them. I suggest installing global IP blocking, which is self explanatory.

Step 4. Configure global login settings

Finally, we need to do one more thing. You're obviously going to want accounts to be merged at creation. You need to add this to your LocalSettings.php:

$wgCentralAuthAutoNew = true;

There are a few other wgSettings there you may want to configure, such as auto-login for all wikis. These are explained in the comments in extensions/CentralAuth/CentralAuth.php and elsewhere on the net.

Do not edit CentralAuth.php itself or your changes may be lost if you upgrade the extension.

Extra Credit

Also, if you want, you can get rid of the now useless local stewards group, by deleting the following. Wikipedia doesn't - but there is no real reason to keep it.

$wgGroupPermissions['steward']['centralauth-unmerge'] = true;
$wgGroupPermissions['steward']['centralauth-lock'] = true;
$wgGroupPermissions['steward']['centralauth-suppress'] = true;

If you keep them, its recommended you don't allow 'crats to add people to local steward, refer Manual:$wgAddGroups.

But individual configuration takes so long, how did the WMF do this for each of their wikis?

The WMF didn't take this approach. They use a commonsettings.php file that sets up all the wikis, but that's complicated to explain. For 3 wikis, copy and paste is the easier approach. In fact if you were thinking of taking the commonsettings approach, you probably wouldn't have come here.

I can't do it!

Try and ask for help at the CentralAuth extension talk page or on this guides talk page. Don't get too down, this is one of the hardest extensions to get running. Have you considered $wgSharedDB ?