.env.sample

@@ -1,6 +1,6 @@
 TYPE=civicrm-wordpress
 
-DOMAIN=civicrm-wordpress.example.com
+DOMAIN=civicrm.example.com
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.civicrm.example.com`'
@@ -37,20 +37,3 @@ SECRET_CIVICRM_SITE_KEY_VERSION=v1 # length=16
 SECRET_CIVICRM_CRED_KEY_VERSION=v1 # length=43
 SECRET_CIVICRM_SIGN_KEY_VERSION=v1 # length=43
 SECRET_WORDPRESS_ADMIN_PASSWORD_VERSION=v1
-
-## -- OpenId Connect --
-
-#COMPOSE_FILE="compose.yml:compose.openidconnect.yml"
-#OPEN_ID_CLIENT_ID=
-#SECRET_OPEN_ID_CLIENT_SECRET_VERSION=v1
-
-# If you are using authentik, just set this
-#AUTHENTIK_DOMAIN=authentik.company
-
-# Otherwise, you must set all of these
-#OPEN_ID_PROVIDER_LOGIN_URL=https://authentik.company/application/o/authorize/
-#OPEN_ID_USERINFO_URL=https://authentik.company/application/o/userinfo/
-#OPEN_ID_TOKEN_ENDPOINT_URL=https://authentik.company/application/o/token/
-#OPEN_ID_END_SESSION_URL=https://authentik.company/application/o/wordpress/end-session/
-
-## -- OpenId Connect --

README.md

@@ -19,19 +19,16 @@
 * `abra app new civicrm-wordpress`
 * `abra app config <app-name>`
 
-Authentik integration:
-* When configuring, uncomment `COMPOSE_FILE`, `OPEN_ID_CLIENT_ID`, `SECRET_OPEN_ID_CLIENT_SECRET_VERSION`, and `AUTHENTIK_DOMAIN`
-* To configure your Authentik deployment, follow the guide at [`docs.goauthentik.io/integrations/services/wordpress`](https://docs.goauthentik.io/integrations/services/wordpress/).
-* NOTE: at the time of writing the Authentik integration guide incorrectly says to set the redirect URI to `https://wp.company/admin-ajax.php?action=openid-connect-authorize` when it should be `https://wp.company/wp-admin/admin-ajax.php?action=openid-connect-authorize`
-* If using a different OpenID provider, leave `AUTHENTIK_DOMAIN` commented and uncomment the other OpenID configuration options
+Generate secrets (be sure to save them):
+* `abra app secret g <app-name> db_root_password v1`
+* `abra app secret g <app-name> db_password v1`
+* `abra app secret g <app-name> civicrm_site_key v1`
+* `abra app secret g <app-name> civicrm_cred_key v1`
+* `abra app secret g <app-name> civicrm_sign_key v1`
 
 Insert secrets:
 * `abra app secret i <app-name> wordpress_admin_password v1 '<temp account password>'`
 * `abra app secret i <app-name> smtp_password v1 '<smtp password>'`
-* (Authentik) `abra app secret i <app-name> openid_client_secret v1 <openid client secret>`
-
-Generate secrets (be sure to save them):
-* `abra app secret g -a <app-name>`
 
 Deploy app:
 * `abra app deploy <app-name>`

abra.sh

@@ -31,7 +31,6 @@ file_env "SMTP_PASSWORD"
 export APACHE_SITES_AVAILABLE_CONF_VERSION=v1
 export CIVICRM_SETTINGS_PHP_VERSION=v1
 export ENTRYPOINT_VERSION=v1
-export OPENID_SETTINGS_VERSION=v1
 
 change_password(){
     echo "Changing password for $1"

compose.openidconnect.yml

@@ -1,14 +0,0 @@
----
-version: "3.8"
-
-services:
-  app:
-    environment:
-      - OPEN_ID_CLIENT_SECRET_FILE=/run/secrets/openid_client_secret
-    secrets:
-      - openid_client_secret
-
-secrets:
-  openid_client_secret:
-    external: true
-    name: ${STACK_NAME}_openid_client_secret_${SECRET_OPEN_ID_CLIENT_SECRET_VERSION}

compose.yml

@@ -45,8 +45,6 @@ services:
         mode: 555
       - source: civicrm-settings-php
         target: /usr/local/etc/civicrm/civicrm.settings.php
-      - source: openid-settings
-        target: /usr/local/etc/civicrm/openid_settings.json
     entrypoint: /usr/local/bin/entrypoint.sh
     deploy:
       restart_policy:
@@ -61,7 +59,7 @@ services:
         #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
         #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.3.0+5.82.0-wordpress-php8.1"
+        - "coop-cloud.${STACK_NAME}.version=0.1.3+5.82.0-wordpress-php8.1"
         - "backupbot.backup=true"
         - "backupbot.backup.path=/var/www/html/wp-content/uploads"
     healthcheck:
@@ -141,10 +139,6 @@ configs:
     name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_VERSION}
     file: entrypoint.sh
     template_driver: golang
-  openid-settings:
-    name: ${STACK_NAME}_openid_settings_${OPENID_SETTINGS_VERSION}
-    file: openid_settings.json
-    template_driver: golang
 
 secrets:
   db_root_password:

entrypoint.sh

@@ -29,7 +29,6 @@ file_env "CIVICRM_SITE_KEY"
 file_env "CIVICRM_CRED_KEYS"
 file_env "SMTP_PASSWORD"
 file_env "WORDPRESS_ADMIN_PASSWORD"
-file_env "OPEN_ID_CLIENT_SECRET"
 
 if  [[  "${1-default}" == "cron" ]]; then
   echo "============ Running cron job ============"
@@ -89,47 +88,6 @@ pushd /var/www/html/wp-content/uploads/civicrm/
   fi
 popd
 
-OPEN_ID_CLIENT_ID="${OPEN_ID_CLIENT_ID:-unused}"
-if  [ "$OPEN_ID_CLIENT_ID" != "unused" ]; then
-  # install OpenID Connect Generic plugin
-  if ! su civicrm -c "wp plugin is-installed daggerhart-openid-connect-generic"; then
-    echo "============ Running OpenId Connect Install ============"
-    su civicrm -c "wp plugin install daggerhart-openid-connect-generic --activate"
-  else
-    echo "OpenID Connect Generic Plugin already installed"
-  fi
-
-  # if openid connect hasn't been configured, insert default settings
-  if ! su civicrm -c "wp option get openid_connect_generic_settings"; then
-    echo "Configuring OpenId Connect Plugin default settings"
-    su civicrm -c "wp option add openid_connect_generic_settings --format=json < /usr/local/etc/civicrm/openid_settings.json"
-  else
-    echo "OpenId Connect Plugin default settings already present"
-  fi
-
-  echo "============ Configuring OpenId Connect ============"
-  su civicrm -c "wp option patch update openid_connect_generic_settings client_id $OPEN_ID_CLIENT_ID"
-  su civicrm -c "wp option patch update openid_connect_generic_settings client_secret $OPEN_ID_CLIENT_SECRET"
-  su civicrm -c "wp option patch update openid_connect_generic_settings link_existing_users 1"
-
-  AUTHENTIK_DOMAIN="${AUTHENTIK_DOMAIN:-unused}"
-  if  [ "$AUTHENTIK_DOMAIN" != "unused" ]; then
-    echo "============ Configuring Authentik ============"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login https://$AUTHENTIK_DOMAIN/application/o/authorize/"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo https://$AUTHENTIK_DOMAIN/application/o/userinfo/"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token https://$AUTHENTIK_DOMAIN/application/o/token/"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session https://$AUTHENTIK_DOMAIN/application/o/wordpress/end-session/"
-  else
-    echo "============ Configuring Generic OpenId Provider ============"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_login $OPEN_ID_PROVIDER_LOGIN_URL"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_userinfo $OPEN_ID_USERINFO_URL"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_token $OPEN_ID_TOKEN_ENDPOINT_URL"
-    su civicrm -c "wp option patch update openid_connect_generic_settings endpoint_end_session $OPEN_ID_END_SESSION_URL"
-  fi
-else
-    echo "not using OpenIdConnect"
-fi
-
 echo "============ Setting up cron ============"
 printenv > /etc/environment
 apt update && apt install -y cron

openid_settings.json

@@ -1,29 +0,0 @@
-
-{
-    "login_type":"button",
-    "client_id":"",
-    "client_secret":"",
-    "scope":"email profile openid offline_access",
-    "endpoint_login":"",
-    "endpoint_userinfo":"",
-    "endpoint_token":"",
-    "endpoint_end_session":"",
-    "acr_values":"",
-    "identity_key":"preferred_username",
-    "no_sslverify":"0",
-    "http_request_timeout":"5",
-    "enforce_privacy":"0",
-    "alternate_redirect_uri":"0",
-    "nickname_key":"preferred_username",
-    "email_format":"{email}",
-    "displayname_format":"",
-    "identify_with_username":"0",
-    "state_time_limit":"180",
-    "token_refresh_enable":"1",
-    "link_existing_users":"0",
-    "create_if_does_not_exist":"1",
-    "redirect_user_back":"0",
-    "redirect_on_logout":"1",
-    "enable_logging":"0",
-    "log_limit":"1000"
-}   

release/0.2.0+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-Authentik Support

release/0.2.1+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-Fix bug when not using openid

release/0.3.0+5.82.0-wordpress-php8.1

@@ -1 +0,0 @@
-openid connect link existing users by default