2 # HTTP basic auth plugin.
3 package IkiWiki::Plugin::httpauth;
11 hook(type => "getsetup", id => "httpauth", call => \&getsetup);
12 hook(type => "auth", id => "httpauth", call => \&auth);
13 hook(type => "formbuilder_setup", id => "httpauth",
14 call => \&formbuilder_setup);
15 hook(type => "canedit", id => "httpauth", call => \&canedit,
28 example => "http://example.com/wiki/auth/ikiwiki.cgi",
29 description => "url to redirect to when authentication is needed",
33 httpauth_pagespec => {
35 example => "!*/Discussion",
36 description => "PageSpec of pages where only httpauth will be used for authentication",
42 sub redir_cgiauthurl ($;@) {
45 IkiWiki::redirect($cgi,
46 @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
47 : $config{cgiauthurl}."?@_"
56 if (defined $cgi->remote_user()) {
57 my $user = $cgi->remote_user();
58 $session->param("name", $user);
59 eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
60 my $realname = IkiWiki::userinfo_get($user, "realname");
61 if ((!defined $realname || $realname eq "") &&
62 defined $ENV{SSL_CLIENT_S_DN_CN}) {
63 IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
68 sub formbuilder_setup (@) {
71 my $form=$params{form};
72 my $session=$params{session};
74 my $buttons=$params{buttons};
76 if ($form->title eq "signin" &&
77 ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
78 my $button_text="Login with HTTP auth";
79 push @$buttons, $button_text;
81 if ($form->submitted && $form->submitted eq $button_text) {
82 # bounce thru cgiauthurl and then back to
83 # the stored postsignin action
84 redir_cgiauthurl($cgi, do => "postsignin");
89 sub test_httpauth_pagespec ($) {
101 if (! defined $cgi->remote_user() &&
102 defined $config{httpauth_pagespec} &&
103 length $config{httpauth_pagespec} &&
104 defined $config{cgiauthurl} &&
105 pagespec_match($page, $config{httpauth_pagespec})) {
107 # bounce thru cgiauthurl and back to edit action
108 redir_cgiauthurl($cgi, $cgi->query_string());