Merge commit '4dbb8120f760d9009f0c2639f2ccb9808150aed5' into sipb

[ikiwiki.git] / IkiWiki / Plugin / httpauth.pm

#!/usr/bin/perl
# HTTP basic auth plugin.
package IkiWiki::Plugin::httpauth;

use warnings;
use strict;
use IkiWiki 3.00;
use Data::Dumper;

sub import {
        hook(type => "getsetup", id => "httpauth", call => \&getsetup);
        hook(type => "auth", id => "httpauth", call => \&auth);
        hook(type => "formbuilder_setup", id => "httpauth",
                call => \&formbuilder_setup);
        hook(type => "canedit", id => "httpauth", call => \&canedit,
                first => 1);
}

sub getsetup () {
        return
                plugin => {
                        safe => 1,
                        rebuild => 0,
                        section => "auth",
                },
                cgiauthurl => {
                        type => "string",
                        example => "http://example.com/wiki/auth/ikiwiki.cgi",
                        description => "url to redirect to when authentication is needed",
                        safe => 1,
                        rebuild => 0,
                },
                httpauth_pagespec => {
                        type => "pagespec",
                        example => "!*/Discussion",
                        description => "PageSpec of pages where only httpauth will be used for authentication",
                        safe => 0,
                        rebuild => 0,
                },
}
                        
sub redir_cgiauthurl ($;@) {
        my $cgi=shift;

        IkiWiki::redirect($cgi, 
                @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
                       : $config{cgiauthurl}."?@_"
        );
        exit;
}

sub auth ($$) {
        my $cgi=shift;
        my $session=shift;

        if (defined $cgi->remote_user()) {
                my $user = $cgi->remote_user();
                $session->param("name", $user);
                eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
                my $realname = IkiWiki::userinfo_get($user, "realname");
                if ((!defined $realname || $realname eq "") &&
                    defined $ENV{SSL_CLIENT_S_DN_CN}) {
                IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
                }
        }
}

sub formbuilder_setup (@) {
        my %params=@_;

        my $form=$params{form};
        my $session=$params{session};
        my $cgi=$params{cgi};
        my $buttons=$params{buttons};

        if ($form->title eq "signin" &&
            ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
                my $button_text="Login with HTTP auth";
                push @$buttons, $button_text;

                if ($form->submitted && $form->submitted eq $button_text) {
                        # bounce thru cgiauthurl and then back to
                        # the stored postsignin action
                        redir_cgiauthurl($cgi, do => "postsignin");
                }
        }
}

sub canedit ($$$) {
        my $page=shift;
        my $cgi=shift;
        my $session=shift;

        if (! defined $cgi->remote_user() &&
            (! defined $session->param("name") ||
             ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
            defined $config{httpauth_pagespec} &&
            length $config{httpauth_pagespec} &&
            defined $config{cgiauthurl} &&
            pagespec_match($page, $config{httpauth_pagespec})) {
                return sub {
                        # bounce thru cgiauthurl and back to edit action
                        redir_cgiauthurl($cgi, $cgi->query_string());
                };
        }
        else {
                return undef;
        }
}

1