adding authentik support

README.md

@@ -1,6 +1,6 @@
 # civicrm
 
-> CiviCRM Wordpress
+> One line description of the recipe
 
 <!-- metadata -->
 
@@ -16,27 +16,9 @@
 <!-- endmetadata -->
 
 ## Quick start
-* `abra app new civicrm-wordpress`
+
+* `abra app new civicrm --secrets`
 * `abra app config <app-name>`
-
-SMTP:
-* Make sure to configure Traefik to support SMTP
-
-Authentik integration:
-* When configuring, uncomment `COMPOSE_FILE`, `OPEN_ID_CLIENT_ID`, `SECRET_OPEN_ID_CLIENT_SECRET_VERSION`, and `AUTHENTIK_DOMAIN`
-* To configure your Authentik deployment, follow the guide at [`docs.goauthentik.io/integrations/services/wordpress`](https://docs.goauthentik.io/integrations/services/wordpress/).
-* NOTE: at the time of writing the Authentik integration guide incorrectly says to set the redirect URI to `https://wp.company/admin-ajax.php?action=openid-connect-authorize` when it should be `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`
-* If using a different OpenID provider, leave `AUTHENTIK_DOMAIN` commented and uncomment the other OpenID configuration options
-
-Insert secrets:
-* `abra app secret i <app-name> wordpress_admin_password v1 '<temp account password>'`
-* `abra app secret i <app-name> smtp_password v1 '<smtp password>'`
-* (Authentik) `abra app secret i <app-name> openid_client_secret v1 <openid client secret>`
-
-Generate secrets (be sure to save them):
-* `abra app secret g -a <app-name>`
-
-Deploy app:
 * `abra app deploy <app-name>`
 
 For more, see [`docs.coopcloud.tech`](https://docs.coopcloud.tech).

compose.yml

@@ -61,7 +61,7 @@ services:
         #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.2.1+5.82.0-wordpress-php8.1"
+        - "coop-cloud.${STACK_NAME}.version=0.1.3+5.82.0-wordpress-php8.1"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html/wp-content/uploads"
     healthcheck:

entrypoint.sh

@@ -89,44 +89,37 @@ pushd /var/www/html/wp-content/uploads/civicrm/
   fi
 popd
 
-OPEN_ID_CLIENT_ID="${OPEN_ID_CLIENT_ID:-unused}"
-if  [ "$OPEN_ID_CLIENT_ID" != "unused" ]; then
+if  [[ -n "${OPEN_ID_CLIENT_ID}" ]]; then
   # install OpenID Connect Generic plugin
   if ! su civicrm -c "wp plugin is-installed daggerhart-openid-connect-generic"; then
+    # su civicrm -c "wp option list"
     echo "============ Running OpenId Connect Install ============"
     su civicrm -c "wp plugin install daggerhart-openid-connect-generic --activate"
-  else
-    echo "OpenID Connect Generic Plugin already installed"
+    # su civicrm -c "wp option list"
   fi
 
-  # if openid connect hasn't been configured, insert default settings
   if ! su civicrm -c "wp option get openid_connect_generic_settings"; then
-    echo "Configuring OpenId Connect Plugin default settings"
+    echo "Couldn't find openid connect settings option!"
+    # cat /usr/local/etc/civicrm/openid_settings.json
     su civicrm -c "wp option add openid_connect_generic_settings --format=json < /usr/local/etc/civicrm/openid_settings.json"
-  else
-    echo "OpenId Connect Plugin default settings already present"
   fi
 
-  echo "============ Configuring OpenId Connect ============"
+  su civicrm -c "wp option list"
   su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
   su civicrm -c "wp option patch update openid_connect_generic_settings client_secret $OPEN_ID_CLIENT_SECRET"
 
-  AUTHENTIK_DOMAIN="${AUTHENTIK_DOMAIN:-unused}"
-  if  [ "$AUTHENTIK_DOMAIN" != "unused" ]; then
-    echo "============ Configuring Authentik ============"
+  if  [[ -n "${AUTHENTIK_DOMAIN}" ]]; then
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login https://$AUTHENTIK_DOMAIN/application/o/authorize/"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo https://$AUTHENTIK_DOMAIN/application/o/userinfo/"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token https://$AUTHENTIK_DOMAIN/application/o/token/"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/"
   else
-    echo "============ Configuring Generic OpenId Provider ============"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login $OPEN_ID_PROVIDER_LOGIN_URL"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo $OPEN_ID_USERINFO_URL"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token $OPEN_ID_TOKEN_ENDPOINT_URL"
     su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session $OPEN_ID_END_SESSION_URL"
   fi
-else
-    echo "not using OpenIdConnect"
+  su civicrm -c "wp option list"
 fi
 
 echo "============ Setting up cron ============"
@@ -135,5 +128,19 @@ apt update && apt install -y cron
 crontab -l | { cat; echo "*/5 * * * * /usr/local/bin/entrypoint.sh cron > /tmp/cronlog 2>&1"; } | crontab -
 cron
 
+
+# if  [[  "${OPEN_ID_CONNECT_ENABLED}" == "1" ]]; then
+#   sleep 30s
+#   echo "============ Configuring OpenID Connect ============"
+#   if su civicrm -c "wp option get openid_connect_generic_settings"; then
+#     echo "found openid connect settings option!"
+#     su civicrm -c "wp option get openid_connect_generic_settings"
+#     # su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
+#   else
+#     echo "Couldn't find openid connect settings option!"
+#   fi
+# fi
+
+
 echo "============ Running Webserver ============"
-exec apache2-foreground
+exec apache2-foreground

release/0.1.3+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-Updated CiviCRM and set language to english

release/0.2.0+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-Authentik Support

release/0.2.1+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-Fix bug when not using openid