2 # HTTP basic auth plugin.
3 package IkiWiki::Plugin::httpauth;
11 hook(type => "checkconfig", id => "httpauth", call => \&checkconfig);
12 hook(type => "getsetup", id => "httpauth", call => \&getsetup);
13 hook(type => "auth", id => "httpauth", call => \&auth);
14 hook(type => "formbuilder_setup", id => "httpauth",
15 call => \&formbuilder_setup);
16 hook(type => "canedit", id => "httpauth", call => \&canedit,
29 example => "http://example.com/wiki/auth/ikiwiki.cgi",
30 description => "url to redirect to when authentication is needed",
34 httpauth_pagespec => {
36 example => "!*/Discussion",
37 description => "PageSpec of pages where only httpauth will be used for authentication",
44 if ($config{cgi} && defined $config{cgiauthurl} &&
45 keys %{$IkiWiki::hooks{auth}} < 2) {
46 # There are no other auth hooks registered, so avoid
47 # the normal signin form, and jump right to httpauth.
49 inject(name => "IkiWiki::cgi_signin", call => sub ($$) {
51 redir_cgiauthurl($cgi, $cgi->query_string());
56 sub redir_cgiauthurl ($;@) {
59 IkiWiki::redirect($cgi,
60 @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
61 : $config{cgiauthurl}."?@_"
70 if (defined $cgi->remote_user()) {
71 my $user = $cgi->remote_user();
72 $session->param("name", $user);
73 eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
74 my $realname = IkiWiki::userinfo_get($user, "realname");
75 if ((!defined $realname || $realname eq "") &&
76 defined $ENV{SSL_CLIENT_S_DN_CN}) {
77 IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
82 sub formbuilder_setup (@) {
85 my $form=$params{form};
86 my $session=$params{session};
88 my $buttons=$params{buttons};
90 if ($form->title eq "signin" &&
91 ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
92 my $button_text="Login with HTTP auth";
93 push @$buttons, $button_text;
95 if ($form->submitted && $form->submitted eq $button_text) {
96 # bounce thru cgiauthurl and then back to
97 # the stored postsignin action
98 redir_cgiauthurl($cgi, do => "postsignin");
108 if (! defined $cgi->remote_user() &&
109 (! defined $session->param("name") ||
110 ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
111 defined $config{httpauth_pagespec} &&
112 length $config{httpauth_pagespec} &&
113 defined $config{cgiauthurl} &&
114 pagespec_match($page, $config{httpauth_pagespec})) {
116 # bounce thru cgiauthurl and back to edit action
117 redir_cgiauthurl($cgi, $cgi->query_string());