From dc7a8eec520618345c74c2c3f1e4db20ca4aec23 Mon Sep 17 00:00:00 2001
From: Ethan Kromhout <kromhout@unc.edu>
Date: Fri, 11 Dec 2020 11:32:16 -0500
Subject: [PATCH 1/5] Corrected error in wordpress server dockerfile

---
 .../roles/200-metarole-role-editor.xml        | 67 -------------------
 Workbench/wordpress_server/Dockerfile         |  2 +-
 2 files changed, 1 insertion(+), 68 deletions(-)
 delete mode 100644 Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-role-editor.xml

diff --git a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-role-editor.xml b/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-role-editor.xml
deleted file mode 100644
index 7d6a18c..0000000
--- a/Workbench/midpoint_server/container_files/mp-home/post-initial-objects/roles/200-metarole-role-editor.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
-	xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
-	<role xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="9e5a82fc-7969-4fd8-9f74-e0857969cdbb" version="1">
-    <name>Editor</name>
-    <metadata>
-        <requestTimestamp>2020-07-20T14:36:12.953Z</requestTimestamp>
-        <createTimestamp>2020-07-20T14:36:12.972Z</createTimestamp>
-        <createChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#init</createChannel>
-        <modifyTimestamp>2020-07-20T15:14:49.494Z</modifyTimestamp>
-        <modifierRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
-            <!-- administrator -->
-        </modifierRef>
-        <modifyChannel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</modifyChannel>
-    </metadata>
-    <operationExecution id="1">
-        <timestamp>2019-03-29T17:20:56.764Z</timestamp>
-        <operation>
-            <objectDelta>
-                <t:changeType>add</t:changeType>
-                <t:objectType>c:RoleType</t:objectType>
-            </objectDelta>
-            <executionResult>
-                <operation>com.evolveum.midpoint.model.impl.lens.ChangeExecutor.executeDelta</operation>
-                <status>success</status>
-                <token>1000000000000003970</token>
-            </executionResult>
-            <objectName>Editor</objectName>
-        </operation>
-        <status>success</status>
-        <initiatorRef oid="00000000-0000-0000-0000-000000000002" relation="org:default" type="c:UserType">
-            <!-- administrator -->
-        </initiatorRef>
-        <channel>http://midpoint.evolveum.com/xml/ns/public/gui/channels-3#user</channel>
-    </operationExecution>
-    <iteration>0</iteration>
-    <iterationToken/>
-    <activation>
-        <administrativeStatus>enabled</administrativeStatus>
-        <effectiveStatus>enabled</effectiveStatus>
-        <enableTimestamp>2020-07-20T14:36:12.967Z</enableTimestamp>
-    </activation>
-    <displayName>Wordpress Editor</displayName>
-    <inducement id="2">
-        <construction>
-            <resourceRef oid="dd683dd5-b7b0-414c-a1d9-7039340ad70b" relation="org:default" type="c:ResourceType">
-                <!-- wordpress -->
-            </resourceRef>
-            <attribute id="3">
-                <c:ref xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3">ri:roles</c:ref>
-                <outbound>
-                    <strength>strong</strength>
-                    <source>
-                        <c:path>$containingObject/name</c:path>
-                    </source>
-                    <expression>
-                        <value>editor</value>
-                    </expression>
-                </outbound>
-            </attribute>
-        </construction>
-        <order>2</order>
-    </inducement>
-</role>
-
-</objects>
\ No newline at end of file
diff --git a/Workbench/wordpress_server/Dockerfile b/Workbench/wordpress_server/Dockerfile
index 2205d6e..b37c206 100644
--- a/Workbench/wordpress_server/Dockerfile
+++ b/Workbench/wordpress_server/Dockerfile
@@ -44,6 +44,6 @@ WORKDIR /var/www/html
 #    && sed -i "s/define( 'DB_COLLATE', '' );/define( 'DB_COLLATE', '' );\ndefine('JWT_AUTH_SECRET_KEY', 'your-top-secret-key');\ndefine('JWT_AUTH_CORS_ENABLE', true);\n/" /var/www/html/wp-config.php \
 #    && sed -i "s/RewriteBase \//RewriteBase \/\nRewriteRule \^wp-json\/\(\.\*\) \/?rest_route=\/\$1 \[L\]\n/" /var/www/html/.htaccess 
 
-ln -sf /run/secrets/shib_sp-key.pem /etc/shibboleth/sp-key.pem
+RUN ln -sf /run/secrets/shib_sp-key.pem /etc/shibboleth/sp-key.pem
 RUN chown -R apache:apache /var/www/html
 RUN /usr/local/bin/setservername.sh

From f25ec7cce663b170dd39c994e818a0c17b6b5149 Mon Sep 17 00:00:00 2001
From: Ethan Kromhout <ethan@unc.edu>
Date: Fri, 11 Dec 2020 13:53:55 -0500
Subject: [PATCH 2/5] Restoring SP version to latest for wordpress

---
 Workbench/wordpress_server/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Workbench/wordpress_server/Dockerfile b/Workbench/wordpress_server/Dockerfile
index 67f25b9..374255b 100644
--- a/Workbench/wordpress_server/Dockerfile
+++ b/Workbench/wordpress_server/Dockerfile
@@ -1,4 +1,4 @@
-FROM tier/shibboleth_sp:3.0.4_03122019
+FROM tier/shibboleth_sp:latest
 
 VOLUME /var/www/html
 

From 719301972bcf573559f799746ad768f5cb121171 Mon Sep 17 00:00:00 2001
From: Ethan Kromhout <ethan@unc.edu>
Date: Mon, 14 Dec 2020 11:20:04 -0500
Subject: [PATCH 3/5] Added health check for wordpress_server

---
 Workbench/docker-compose.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 66be446..642aa37 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -300,6 +300,11 @@ services:
     command: bash -c 'if [ ! -s /var/www/html/wp-config.php ];  then while ! nc -z  wordpress_data 3306 ; do echo waiting for mysql on wordpress_data to start; sleep 3; done; /root/wp core download --allow-root && sleep 10 && /root/wp config create --dbname=wordpress --dbuser=wordpress --dbpass=54y6RxN7GfC7aes3 --dbhost=wordpress_data --allow-root; sleep 3 && /root/wp core install --url="http://localhost/" --title="wordpress" --admin_user="admin" --admin_password="54y6RxN7GfC7aes3" --admin_email="sentrifugo.container@gmail.com" --allow-root && /root/wp --allow-root rewrite structure "/%postname%" --hard --debug; /root/wp  rewrite flush --hard --debug --allow-root && sed -i "s/<\/IfModule>/RewriteCond \%{HTTP:Authorization} \^\(\.\*\)\nRewriteRule \^\(\.\*\) - [E=HTTP_AUTHORIZATION:\%1]\n<\/IfModule>\nSetEnvIf Authorization "\(\.\*\)" HTTP_AUTHORIZATION=\$$1/" /var/www/html/.htaccess && /root/sed.sh && /root/wp plugin install jwt-authentication-for-wp-rest-api  --activate --allow-root && /root/wp plugin install wp-rest-api-log --activate --allow-root && /root/wp plugin install shibboleth --activate --allow-root; fi; /usr/local/bin/startup.sh;'
     ports:
       - "80:80"
+    healthcheck:
+      test: curl -s wordpress_server:80
+      interval: 30s
+      timeout: 30s
+      retries: 3
     devices:
       - "/dev/tty:/dev/tty"
     volumes:

From fde873364766d81a58f8ffeef104d2463612ba51 Mon Sep 17 00:00:00 2001
From: Ethan Kromhout <ethan@unc.edu>
Date: Mon, 14 Dec 2020 11:29:35 -0500
Subject: [PATCH 4/5] Unset container name for wordpress containers

---
 Workbench/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/Workbench/docker-compose.yml b/Workbench/docker-compose.yml
index 642aa37..027e01d 100644
--- a/Workbench/docker-compose.yml
+++ b/Workbench/docker-compose.yml
@@ -292,7 +292,6 @@ services:
      
   wordpress_server:
     build: ./wordpress_server/
-    container_name: wordpress_server
     networks:
       - net
     depends_on:
@@ -324,7 +323,6 @@ services:
 
   wordpress_data:
     build: ./wordpress_data/
-    container_name: wordpress_data
     networks:
       - net
     volumes:

From df29a7a31cff73c4efe343f03c5a986e00b9972c Mon Sep 17 00:00:00 2001
From: Ethan Kromhout <ethan@unc.edu>
Date: Mon, 14 Dec 2020 13:07:35 -0500
Subject: [PATCH 5/5] HandlerURL updates

---
 Workbench/configs-and-secrets/wordpress/httpd/shib.conf         | 2 +-
 .../configs-and-secrets/wordpress/shibboleth/shibboleth2.xml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Workbench/configs-and-secrets/wordpress/httpd/shib.conf b/Workbench/configs-and-secrets/wordpress/httpd/shib.conf
index a2273aa..069a29b 100644
--- a/Workbench/configs-and-secrets/wordpress/httpd/shib.conf
+++ b/Workbench/configs-and-secrets/wordpress/httpd/shib.conf
@@ -22,7 +22,7 @@ ShibCompatValidUser Off
 #
 # Ensures handler will be accessible.
 #
-<Location /registrySSO/Shibboleth.sso>
+<Location /wordpresssSSO/Shibboleth.sso>
   AuthType None
   Require all granted
   SetHandler shib
diff --git a/Workbench/configs-and-secrets/wordpress/shibboleth/shibboleth2.xml b/Workbench/configs-and-secrets/wordpress/shibboleth/shibboleth2.xml
index ccff4d2..9efdc25 100644
--- a/Workbench/configs-and-secrets/wordpress/shibboleth/shibboleth2.xml
+++ b/Workbench/configs-and-secrets/wordpress/shibboleth/shibboleth2.xml
@@ -24,7 +24,7 @@
         cookieProps to "https" for SSL-only sites. Note that while we default checkAddress to
         "false", this makes an assertion stolen in transit easier for attackers to misuse.
         -->
-        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" handlerURL="/registrySSO/Shibboleth.sso"
+        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" handlerURL="/wordpressSSO/Shibboleth.sso"
                   checkAddress="false" handlerSSL="true" cookieProps="https"
                   redirectLimit="exact">