2 # HTTP basic auth plugin.
3 package IkiWiki::Plugin::httpauth;
11 hook(type => "getsetup", id => "httpauth", call => \&getsetup);
12 hook(type => "auth", id => "httpauth", call => \&auth);
13 hook(type => "formbuilder_setup", id => "httpauth",
14 call => \&formbuilder_setup);
15 hook(type => "canedit", id => "httpauth", call => \&canedit,
28 example => "http://example.com/wiki/auth/ikiwiki.cgi",
29 description => "url to redirect to when authentication is needed",
33 httpauth_pagespec => {
35 example => "!*/Discussion",
36 description => "PageSpec of pages where only httpauth will be used for authentication",
42 sub redir_cgiauthurl ($;@) {
45 IkiWiki::redirect($cgi,
46 @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
47 : $config{cgiauthurl}."?@_"
56 if (defined $cgi->remote_user()) {
57 my $user = $cgi->remote_user();
58 $session->param("name", $user);
59 eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
60 my $realname = IkiWiki::userinfo_get($user, "realname");
61 if ((!defined $realname || $realname eq "") &&
62 defined $ENV{SSL_CLIENT_S_DN_CN}) {
63 IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
68 sub formbuilder_setup (@) {
71 my $form=$params{form};
72 my $session=$params{session};
74 my $buttons=$params{buttons};
76 if ($form->title eq "signin" &&
77 ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
78 my $button_text="Login with HTTP auth";
79 push @$buttons, $button_text;
81 if ($form->submitted && $form->submitted eq $button_text) {
82 # bounce thru cgiauthurl and then back to
83 # the stored postsignin action
84 redir_cgiauthurl($cgi, do => "postsignin");
94 if (! defined $cgi->remote_user() &&
95 (! defined $session->param("name") ||
96 ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
97 defined $config{httpauth_pagespec} &&
98 length $config{httpauth_pagespec} &&
99 defined $config{cgiauthurl} &&
100 pagespec_match($page, $config{httpauth_pagespec})) {
102 # bounce thru cgiauthurl and back to edit action
103 redir_cgiauthurl($cgi, $cgi->query_string());