Merge remote-tracking branch 'origin/master' into dev-no-longer-requi…

…red-accounts
openstreetmap · Aug 2, 2022 · 4dd0ada · 4dd0ada
2 parents c865841 + 8a45308
commit 4dd0ada
Show file tree

Hide file tree

Showing 12 changed files with 94 additions and 80 deletions.
diff --git a/cookbooks/apt/recipes/default.rb b/cookbooks/apt/recipes/default.rb
@@ -107,9 +107,9 @@
   key "ABF5BD827BD9BF62"
 end
 
-apt_repository "elasticsearch5.x" do
-  action repository_actions["elasticsearch5.x"]
-  uri "https://artifacts.elastic.co/packages/5.x/apt"
+apt_repository "elasticsearch6.x" do
+  action repository_actions["elasticsearch6.x"]
+  uri "https://artifacts.elastic.co/packages/6.x/apt"
   distribution "stable"
   components ["main"]
   key "D27D666CD88E42B4"

diff --git a/cookbooks/foundation/recipes/board.rb b/cookbooks/foundation/recipes/board.rb
@@ -35,8 +35,6 @@
   email_sender "[email protected]"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
-  recaptcha_private_key passwords["board"]["recaptcha"]
   version "1.37"
 end
 

diff --git a/cookbooks/foundation/recipes/dwg.rb b/cookbooks/foundation/recipes/dwg.rb
@@ -35,8 +35,6 @@
   email_sender "[email protected]"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
-  recaptcha_private_key passwords["dwg"]["recaptcha"]
   version "1.37"
 end
 

diff --git a/cookbooks/foundation/recipes/mwg.rb b/cookbooks/foundation/recipes/mwg.rb
@@ -35,8 +35,6 @@
   email_sender "[email protected]"
   email_sender_name "OSMF Board Wiki"
   private_site true
-  recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
-  recaptcha_private_key passwords["mwg"]["recaptcha"]
   version "1.37"
 end
 

diff --git a/cookbooks/foundation/recipes/wiki.rb b/cookbooks/foundation/recipes/wiki.rb
@@ -41,8 +41,6 @@
   email_sender "[email protected]"
   email_sender_name "OSMF Wiki"
   private_accounts true
-  recaptcha_public_key "6LflIQATAAAAAMXyDWpba-FgipVzE-aGF4HIR59N"
-  recaptcha_private_key passwords["wiki"]["recaptcha"]
   extra_file_extensions ["mp3"]
   version "1.37"
 end

diff --git a/cookbooks/mediawiki/resources/site.rb b/cookbooks/mediawiki/resources/site.rb
@@ -42,8 +42,8 @@
 property :admin_password, :kind_of => String, :required => [:create]
 property :private_accounts, :kind_of => [TrueClass, FalseClass], :default => false
 property :private_site, :kind_of => [TrueClass, FalseClass], :default => false
-property :recaptcha_public_key, :kind_of => String
-property :recaptcha_private_key, :kind_of => String
+property :hcaptcha_public_key, :kind_of => String, :default => ""
+property :hcaptcha_private_key, :kind_of => String, :default => ""
 property :extra_file_extensions, :kind_of => [String, Array], :default => []
 property :fpm_max_children, :kind_of => Integer, :default => 5
 property :fpm_start_servers, :kind_of => Integer, :default => 2
@@ -297,8 +297,8 @@
     mediawiki_extension "ConfirmEdit" do
       site new_resource.site
       template "mw-ext-ConfirmEdit.inc.php.erb"
-      variables :public_key => new_resource.recaptcha_public_key,
-                :private_key => new_resource.recaptcha_private_key
+      variables :public_key => new_resource.hcaptcha_public_key,
+                :private_key => new_resource.hcaptcha_private_key
       update_site false
     end
   end
@@ -386,6 +386,11 @@
     update_site false
   end
 
+  mediawiki_extension "CategoryTree" do
+    site new_resource.site
+    update_site false
+  end
+
   mediawiki_extension "cldr" do
     site new_resource.site
     template "mw-ext-cldr.inc.php.erb"

diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
@@ -186,16 +186,6 @@ $wgResourceLoaderMaxQueryLength = -1;
 # Only Allow Signed-in users to edit
 $wgGroupPermissions['*']['edit'] = false;
 
-# Only allow autoconfirmed for a few actions
-$wgGroupPermissions['user']['move'] = false;
-$wgGroupPermissions['user']['movefile'] = false;
-$wgGroupPermissions['user']['move-categorypages'] = false;
-$wgGroupPermissions['user']['upload'] = false;
-$wgGroupPermissions['autoconfirmed']['move'] = true;
-$wgGroupPermissions['autoconfirmed']['movefile'] = true;
-$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true;
-$wgGroupPermissions['autoconfirmed']['upload'] = true;
-
 # Allow bureaucrat group access to oversight options
 $wgGroupPermissions['bureaucrat']['hideuser'] = true;
 $wgGroupPermissions['bureaucrat']['deletelogentry'] = true;
@@ -224,8 +214,8 @@ $wgGroupPermissions['sysop']['gadgets-definition-edit'] = true;
 $wgGroupPermissions['*']['createaccount'] = false;
 $wgGroupPermissions['user']['createaccount'] = true;
 <% end -%>
-<% if @mediawiki[:private_site] -%>
 
+<% if @mediawiki[:private_site] -%>
 # Disable reading by anonymous users
 $wgGroupPermissions['*']['read'] = false;
 
@@ -239,13 +229,6 @@ $wgGroupPermissions['*']['createaccount'] = false;
 $wgUploadPath = "$wgScriptPath/img_auth.php";
 <% end -%>
 
-<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%>
-# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops
-$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed'];
-$wgAddGroups['sysop'][] = 'confirmed';
-$wgRemoveGroups['sysop'][] = 'confirmed';
-<% end -%>
-
 # Allow Subpages on Main Namespace
 $wgNamespacesWithSubpages[NS_MAIN] = true;
 
@@ -259,10 +242,6 @@ $wgEmailConfirmToEdit = true;
 # Extend autoblock period
 $wgAutoblockExpiry = 7776000; // 90 days
 
-# Autopromote users to autoconfirmed
-$wgAutoConfirmAge = 345600; // 4 days
-$wgAutoConfirmCount = 10;
-
 # Disable Hit Counter for Performance
 $wgDisableCounters = TRUE;
 # Disable IP in Header to avoid cache issue
@@ -279,15 +258,24 @@ $wgAllowExternalImagesFrom = array( 'http://tile.openstreetmap.org/', 'https://t
 
 $wgNoFollowDomainExceptions = array( 'www.openstreetmap.org', 'josm.openstreetmap.de', 'taginfo.openstreetmap.org', 'blog.openstreetmap.org', 'wiki.osmfoundation.org' );
 
-# FIXME - move to specific
-# defines which links of the sidebar are translatable
-$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'mapfeatures-url', 'contributors-url', 'helppage', 'blogs-url', 'shop-url', 'sitesupport-url' );
-
 # FIXME - move to specific
 $wgAllowUserJs = TRUE;
 $wgAllowUserCss = TRUE;
 
-# FIXME - move to specific
+# Raise expensive lua (and other function) call limits to match WP
+# Docs:  https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit
+# Wikipedia's Config:  https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php
+$wgExpensiveParserFunctionLimit = 500;
+
+
+<% if @mediawiki[:site_notice] -%>
+$wgSiteNotice = "<%= @mediawiki[:site_notice] %>";
+<% end -%>
+<% if @mediawiki[:site_readonly] -%>
+$wgReadOnly = "<%= @mediawiki[:site_readonly] %>";
+<% end -%>
+
+<% if @name == "wiki.openstreetmap.org" -%>
 # DE
 define('NS_LANG_DE', 200);
 $wgExtraNamespaces[NS_LANG_DE] = 'DE';
@@ -351,28 +339,72 @@ define('NS_LANG_JA_TALK', 213);
 $wgExtraNamespaces[NS_LANG_JA_TALK] = 'JA_talk';
 $wgNamespacesWithSubpages[NS_LANG_JA_TALK] = TRUE;
 
+# Proposal
+# namespace features a specific search weight defined at
+# cookbooks/mediawiki/templates/default/mw-ext-CirrusSearch.inc.php.erb
+define('NS_PROPOSAL', 3000);
+$wgExtraNamespaces[NS_PROPOSAL] = 'Proposal';
+$wgNamespacesWithSubpages[NS_PROPOSAL] = TRUE;
+$wgContentNamespaces[] = NS_PROPOSAL;
+define('NS_PROPOSAL_TALK', 3001);
+$wgExtraNamespaces[NS_PROPOSAL_TALK] = 'Proposal talk';
+$wgNamespacesWithSubpages[NS_PROPOSAL_TALK] = TRUE;
+
 $wgNamespacesToBeSearchedDefault[NS_LANG_DE] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_FR] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_ES] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_IT] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_NL] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_RU] = TRUE;
 $wgNamespacesToBeSearchedDefault[NS_LANG_JA] = TRUE;
+$wgNamespacesToBeSearchedDefault[NS_PROPOSAL] = TRUE;
 
+# defines which links of the sidebar are translatable
+$wgForceUIMsgAsContentMsg = array( 'mainpage-url', 'mapfeatures-url', 'contributors-url', 'helppage', 'blogs-url', 'shop-url', 'sitesupport-url' );
+<% end -%>
 
-# Raise expensive lua (and other function) call limits to match WP
-# Docs:  https://www.mediawiki.org/wiki/Manual:$wgExpensiveParserFunctionLimit
-# Wikipedia's Config:  https://noc.wikimedia.org/conf/highlight.php?file=CommonSettings.php
-$wgExpensiveParserFunctionLimit = 500;
-
+# load extensions
+<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%>
+<%= "require_once('#{file}');" %>
+<% end -%>
 
-<% if @mediawiki[:site_notice] -%>
-$wgSiteNotice = "<%= @mediawiki[:site_notice] %>";
+<% if @name == "wiki.openstreetmap.org" -%>
+# setting the search weight of the main wiki's proposal namespace lower then general talk pages (0.2), but
+# higher then wiki project namespace (0.1)
+# Documentation at https://phabricator.wikimedia.org/source/extension-cirrussearch/browse/master/docs/settings.txt$693
+$wgCirrusSearchNamespaceWeights = array_merge ( $wgCirrusSearchNamespaceWeights, array ( NS_PROPOSAL => 0.15 ));
 <% end -%>
-<% if @mediawiki[:site_readonly] -%>
-$wgReadOnly = "<%= @mediawiki[:site_readonly] %>";
+
+<% if not(@mediawiki[:private_accounts]) and not(@mediawiki[:private_site]) -%>
+# require user confirmation for certain actions
+$wgGroupPermissions['user']['move'] = false;
+$wgGroupPermissions['user']['movefile'] = false;
+$wgGroupPermissions['user']['move-categorypages'] = false;
+$wgGroupPermissions['user']['upload'] = false;
+$wgGroupPermissions['autoconfirmed']['move'] = true;
+$wgGroupPermissions['autoconfirmed']['movefile'] = true;
+$wgGroupPermissions['autoconfirmed']['move-categorypages'] = true;
+$wgGroupPermissions['autoconfirmed']['upload'] = true;
+# Autopromote users to autoconfirmed
+$wgAutoConfirmAge = 345600; // 4 days
+$wgAutoConfirmCount = 10;
+
+# user group "confirmed" with identical rights as "autoconfirmed", but assigned manually by sysops
+$wgGroupPermissions['confirmed'] = $wgGroupPermissions['autoconfirmed'];
+$wgAddGroups['sysop'][] = 'confirmed';
+$wgRemoveGroups['sysop'][] = 'confirmed';
 <% end -%>
 
-<% Dir.glob("#{@directory}/LocalSettings.d/*.php") do |file| -%>
-<%= "require_once('#{file}');" %>
+<% if @mediawiki[:private_accounts] or @mediawiki[:private_site] -%>
+# disable automatic confirmation of users, grant all "autoconfirmed" rights to all users
+$wgAutoConfirmAge = 0;
+$wgAutoConfirmCount = 0;
+$wgGroupPermissions['user'] = array_merge( $wgGroupPermissions['user'], $wgGroupPermissions['autoconfirmed'] );
+
+unset( $wgGroupPermissions['autoconfirmed'] );
+unset( $wgRevokePermissions['autoconfirmed'] );
+unset( $wgAddGroups['autoconfirmed'] );
+unset( $wgRemoveGroups['autoconfirmed'] );
+unset( $wgGroupsAddToSelf['autoconfirmed'] );
+unset( $wgGroupsRemoveFromSelf['autoconfirmed'] );
 <% end -%>
diff --git a/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb b/cookbooks/mediawiki/templates/default/mw-ext-ConfirmEdit.inc.php.erb
@@ -1,12 +1,12 @@
 <?php
 # DO NOT EDIT - This file is being maintained by Chef
-wfLoadExtensions( array( 'ConfirmEdit', 'ConfirmEdit/ReCaptchaNoCaptcha' ) );
-$wgCaptchaClass = 'ReCaptchaNoCaptcha';
-$wgReCaptchaSendRemoteIP = true;
-$wgReCaptchaSiteKey = '<%= @public_key %>';
-$wgReCaptchaSecretKey = '<%= @private_key %>';
-
-$wgCaptchaTriggers['addurl'] = true;
-$wgCaptchaTriggers['create'] = true;
+wfLoadExtensions( array( 'ConfirmEdit', 'ConfirmEdit/hCaptcha' ) );
+$wgHCaptchaSendRemoteIP = true;
+$wgHCaptchaSiteKey = '<%= @public_key %>';
+$wgHCaptchaSecretKey = '<%= @private_key %>';
 
 $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
+$wgGroupPermissions['bot'          ]['skipcaptcha'] = true;
+$wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;
+
+$wgRateLimits['badcaptcha']['newbie'] = [ 100, 86400 ];
diff --git a/cookbooks/wiki/recipes/default.rb b/cookbooks/wiki/recipes/default.rb
@@ -53,8 +53,8 @@
 
   metanamespace "Wiki"
 
-  recaptcha_public_key "6LdFIQATAAAAAMwtHeI8KDgPqvRbXeNYSq1gujKz"
-  recaptcha_private_key passwords["recaptcha"]
+  hcaptcha_public_key "b67a410b-955e-4049-b432-f9c00e0202c0"
+  hcaptcha_private_key passwords["hcaptcha"]
 
   # site_notice "MAINTENANCE: WIKI READ-ONLY UNTIL Monday 16 May 2016 - 11:00am UTC/GMT."
   # site_readonly "MAINTENANCE: WIKI READ-ONLY UNTIL Monday 16 May 2016 - 11:00am UTC/GMT."

diff --git a/roles/dev.rb b/roles/dev.rb
@@ -5,7 +5,7 @@
   :accounts => {
     :users => {
       :edgemaster => { :status => false },
-      :emacsen => { :status => :administrator },
+      :emacsen => { :status => :user },
       :twain => { :status => :user },
       :bretth => { :status => false },
       :richard => { :status => false },

diff --git a/roles/ironbelly.rb b/roles/ironbelly.rb
@@ -73,21 +73,6 @@
   },
   :rsyncd => {
     :modules => {
-      :hosts => {
-        :comment => "Host data",
-        :path => "/home/hosts",
-        :read_only => true,
-        :write_only => false,
-        :list => false,
-        :uid => "tomh",
-        :gid => "tomh",
-        :transfer_logging => false,
-        :hosts_allow => [
-          "212.110.172.32",                      # shenron
-          "2001:41c9:1:400::32",                 # shenron
-          "212.159.112.221"                      # grant
-        ]
-      },
       :logs => {
         :comment => "Log files",
         :path => "/store/logs",

diff --git a/test/data_bags/wiki/passwords.json b/test/data_bags/wiki/passwords.json
@@ -1,6 +1,6 @@
 {
   "database": "database_password",
   "admin": "admin_password",
-  "recaptcha": "precaptcha_token",
+  "hcaptcha": "precaptcha_token",
   "thunderforest": "thunderforest_token"
 }