Wiki Server - People - suppress for unauthenticated users

Instead of disabling functionnalities, why not just secure the whole wiki thing ? 😎

Based on this (http://codedmemes.com/lib/password-protecting-directories-files-domains/), I managed to create a webapp that would "lock down" the whole subdomain, and require users to authenticate. Good news ? With a little tweaking, you can use your own open directory for user authentication.

Here's the .conf file code

<Location />

Order deny,allow

Deny from All

AuthType Basic

AuthName "Authorized Users Only"

Require valid-user

</Location>

This will require that the personn authenticates using an existing user. But you can also (I suppose, didn't try) restrict to a group. It's basic .htaccess directives, but I sincerely don't know how Apple makes it work this way (without having to define the open directory, ldap auth, etc I mena). Sad news, though, it appears that only AuthType Basic works in this case, no Digest 😟

And here is the .plist file

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>name</key>

<string>sub.domain.com.webapp.auth_wiki</string>

<key>displayName</key>

<string>(WebApp's Name)</string>

<key>includeFiles</key>

<array>

<string>/Library/Server/Web/Config/apache2/webapp_scripts/httpd_grm_auth_wiki.c onf</string>

</array>

<key>launchKeys</key>

<array/>

<key>proxies</key>

<dict/>

<key>installationIndicatorFilePath</key>

<string>/Library/Server/Web/Config/apache2/webapp_scripts/httpd_grm_auth_wiki.co nf</string>

<key>requiredModuleNames</key>

<array/>

<key>requiredWebAppNames</key>

<array/>

<key>sslPolicy</key>

<integer>0</integer>

</dict>

</plist>

You'll notice that, since I couldn't find the "extra" folder mentionned in the above link, I used the "webapp_scripts" folder. Don't know if it's ok... but at least it works.

Then, you go in Server.app, restart Apache (by disabling and re-enabling websites, for example), edit your website's setting, go to advanced and enable the "WebApp". And you're good to go.

Edit: the worst part, regarding the wiki's default security, it's that through "people" you can access "activities" and, then, most of the wiki's content (files' names, full wiki entries, blog posts, etc... thought I was having a nightmare when I realised this)

Edit 2: By adapting the .conf file, you can also only restrict the access to certain paths (such as /wiki/people/ and /wiki/pages/) just like you would with a .htaccess. It doesn't have to be the whole subdomain.

Hello,

I running a closed Wiki with OS X Yosemite. It seems that (again) the location of some of the files mentioned here have been moved. As I have the same problem (trying to suppress Wiki People for unauthenticated users, for both the Mac/PC and iPad display of the Wiki) I am asking you whether you have found the new locations? Here are the things I've tried:

1. I have changed the "DisableAllProjectsView" in the file "collabd.plist" (as suggested here) to "true". This indeed hides the People page for the Mac/PC but (still, as with the older versions of Mac OS X Server) not for the iPad display of the Wiki. And it hides it for both unauthenticated and authenticated users, similar to changing "DisableAllProjectsView" or "DisableAllActivityView" to "true".

2. I can live with hiding the People page for everyone but it should be also hidden for iPad users. I don't have a problem with disabling the iPad display of the Wiki and use the Mac/PC display instead. I have therefore tried to find the "people_controller.rb" but unfortunately the directory "coreclient" (within the "Contents" of the "Server.app", as suggested here) does not exist anymore. Instead, there are five directories starting with "coreclient" followed by "auth", "base", "desktop", "mobile" and "wiki". These contain the various versions/displays e.g. of the Wiki but where's the controller?

Your help is very much appreciated!

Cheers, Martin

I found the application controllers under

/Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/app/con trollers/application_controller.rb

but it does not seem to include the redirect for iPads.

I found the ipad redirect in the java script file main.js

/Applications/Server.app/Contents/ServerRoot/usr/share/collabd/coreclientwiki/pu blic/javascripts

in lines 115-121:

if (browser().isiPad() && browser().isiOS5Plus()) {

var routeFromURL = CC.getRouteFromURL();

if (!routeFromURL || routeFromURL.match(/^\/*$/)) {

routeFromURL = "/wiki";

}

window.location.href = "/wiki/ipad/#route=%@".fmt(routeFromURL);

return;

Commenting or deleting these lines, resetting owner/group/permissions and restarting the Wiki, however, does not have an effect. The iPad still uses the iPad display of the Wiki (including People, Activities, Wikis for unauthenticated users). I have just talked to Apple Support and they will forward the problem to the developers. Unfortunately I won't get a feedback from that. We simply have to wait until we get it fixed by an upgrade of Mac OS X Server.

Obviously Apple founded the case interesting enough to call me back. After several phone calls and emails there doesn't seem to be a simple solution to the problem. The redirect to the iPad version of the Wiki doesn't simply point to a different directory but rebuilts the entire appearance. I hope that I have said that correctly. They are working on it and I will let you know whenever I hear anything back from Apple.