#!/usr/bin/perl
# HTTP basic auth plugin.
package IkiWiki::Plugin::httpauth;

use warnings;
use strict;
use IkiWiki 3.00;
use Data::Dumper;

sub import {
	hook(type => "getsetup", id => "httpauth", call => \&getsetup);
	hook(type => "auth", id => "httpauth", call => \&auth);
}

sub getsetup () {
	return
		plugin => {
			safe => 1,
			rebuild => 0,
		},
}

sub auth ($$) {
	my $cgi=shift;
	my $session=shift;

	if (defined $cgi->remote_user()) {
		my $user = $cgi->remote_user();
		$session->param("name", $user);
		eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
		my $realname = IkiWiki::userinfo_get($user, "realname");
		if ((!defined $realname || $realname eq "") &&
		    defined $ENV{SSL_CLIENT_S_DN_CN}) {
		IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
		}
	}
}

1