Added SSO to wordpress.sh

lib/wordpress.sh

@@ -32,6 +32,8 @@ services:
       - ./.env
     extra_hosts:
       - "www.$DOMAIN:$EXTERNALIP"
+      - "listmonk.$DOMAIN:$EXTERNALIP"
+      - "authelia.$DOMAIN:$EXTERNALIP"
     volumes:
       - ./data/bitnami/wordpress:/bitnami/wordpress
     labels:
@@ -188,6 +190,72 @@ uninstall_wordpress() {
   # Delete the app directory
   rm -rf /federated/apps/wordpress
 
+  # Delete the image
+  docker image rm bitnami/wordpress:$IMAGE_VERSION &> /dev/null
+
+  # Delete the DNS record
+  docker exec pdns pdnsutil delete-rrset $DOMAIN wordpress A
+  docker exec pdns pdnsutil delete-rrset $DOMAIN www A
+
+  # Uninstall the SSO configuration if it exists in authelia (authelia must exist too)
+  if [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then
+    sed -i '/### Wordpress/,/### /{/### PowerDNS/!{/### /!d}}' /federated/apps/authelia/data/config/idproviders.yml
+    sed -i '/### Wordpress/d' /federated/apps/authelia/data/config/idproviders.yml
+    /federated/bin/stop authelia
+    /federated/bin/start authelia
+  fi
+
   kill -9 $SPINPID &> /dev/null
   echo -ne "done.\n"
 }
+configsso_wordpress() {
+  [ ! -d "/federated/apps/authelia" ] && failcheck "Authelia is not installed. You need this first before continuing."
+  [ ! -f "/federated/apps/authelia/data/config/idproviders.yml" ] && failcheck "Authelia idproviders.yml is missing."
+  [[ $(grep "### Wordpress" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]] && failcheck "Authelia already has a Wordpress configuration."
+
+  WORDPRESS_CLIENT_SECRET=$(create_password);
+  WORDPRESS_CLIENT_SECRET_HASH=$(docker run -it --rm authelia/authelia:latest authelia crypto hash generate pbkdf2 --password $WORDPRESS_CLIENT_SECRET | awk '{ print $2 }')
+
+cat >> /federated/apps/authelia/data/config/idproviders.yml <<EOF
+     ### Wordpress
+      - client_id: 'wordpress'
+        client_name: 'WordPress'
+        client_secret: $WORDPRESS_CLIENT_SECRET_HASH
+        consent_mode: 'implicit'
+        public: false
+        authorization_policy: 'one_factor'
+        redirect_uris:
+          - 'https://$DOMAIN/wp-admin/admin-ajax.php?action=openid-connect-authorize'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+          - 'groups'
+        userinfo_signed_response_alg: 'none'
+        token_endpoint_auth_method: 'client_secret_post'
+EOF
+
+  # Restart Authelia for changes to take the above configuration
+  /federated/bin/stop authelia
+  /federated/bin/start authelia
+
+sed -i "/Add any custom values/a \
+define( 'OIDC_CLIENT_ID', 'wordpress' );\n\
+define( 'OIDC_CLIENT_SECRET', '$WORDPRESS_CLIENT_SECRET' );\n\
+define( 'OIDC_ENDPOINT_LOGIN_URL', 'https://authelia.$DOMAIN/api/oidc/authorization' );\n\
+define( 'OIDC_ENDPOINT_USERINFO_URL', 'https://authelia.$DOMAIN/api/oidc/userinfo' );\n\
+define( 'OIDC_ENDPOINT_TOKEN_URL', 'https://authelia.$DOMAIN/api/oidc/token' );\n\
+define( 'OIDC_ENDPOINT_LOGOUT_URL', 'https://authelia.$DOMAIN/logout' );\n\
+define( 'OIDC_CLIENT_SCOPE', 'openid profile email groups' );\n\
+define( 'OIDC_LOGIN_TYPE', 'button' );\n\
+define( 'OIDC_CREATE_IF_DOES_NOT_EXIST', '1' );\n\
+define( 'OIDC_LINK_EXISTING_USERS', '1' );\n\
+define( 'OIDC_REDIRECT_USER_BACK', '1' );\n\
+define( 'OIDC_REDIRECT_ON_LOGOUT', '1' );\n" /federated/apps/wordpress/data/bitnami/wordpress/wp-config.php
+
+  docker exec wordpress wp plugin install daggerhart-openid-connect-generic &> /dev/null
+  docker exec wordpress wp plugin activate daggerhart-openid-connect-generic &> /dev/null
+
+  /federated/bin/stop wordpress
+  /federated/bin/start wordpress
+}