use warnings;
use strict;
use IkiWiki 3.00;
+use Data::Dumper;
sub import {
hook(type => "getsetup", id => "httpauth", call => \&getsetup);
hook(type => "auth", id => "httpauth", call => \&auth);
- hook(type => "canedit", id => "httpauth", call => \&canedit,
- last => 1);
hook(type => "formbuilder_setup", id => "httpauth",
call => \&formbuilder_setup);
+ hook(type => "canedit", id => "httpauth", call => \&canedit,
+ first => 1);
}
sub getsetup () {
plugin => {
safe => 1,
rebuild => 0,
+ section => "auth",
},
cgiauthurl => {
type => "string",
safe => 1,
rebuild => 0,
},
+ httpauth_pagespec => {
+ type => "pagespec",
+ example => "!*/Discussion",
+ description => "PageSpec of pages where only httpauth will be used for authentication",
+ safe => 0,
+ rebuild => 0,
+ },
}
-sub redir_cgiauthurl ($$) {
+sub redir_cgiauthurl ($;@) {
my $cgi=shift;
- my $params=shift;
- IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params);
+ IkiWiki::redirect($cgi,
+ @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
+ : $config{cgiauthurl}."?@_"
+ );
exit;
}
my $session=shift;
if (defined $cgi->remote_user()) {
- $session->param("name", $cgi->remote_user());
- }
-}
-
-sub canedit ($$$) {
- my $page=shift;
- my $cgi=shift;
- my $session=shift;
-
- if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
- return sub { redir_cgiauthurl($cgi, $cgi->query_string()) };
- }
- else {
- return undef;
+ my $user = $cgi->remote_user();
+ $session->param("name", $user);
+ eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
+ my $realname = IkiWiki::userinfo_get($user, "realname");
+ if ((!defined $realname || $realname eq "") &&
+ defined $ENV{SSL_CLIENT_S_DN_CN}) {
+ IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
+ }
}
}
push @$buttons, $button_text;
if ($form->submitted && $form->submitted eq $button_text) {
- redir_cgiauthurl($cgi, "do=postsignin");
- exit;
+ # bounce thru cgiauthurl and then back to
+ # the stored postsignin action
+ redir_cgiauthurl($cgi, do => "postsignin");
}
}
}
+sub test_httpauth_pagespec ($) {
+ my $page=shift;
+
+ return (
+ );
+}
+
+sub canedit ($$$) {
+ my $page=shift;
+ my $cgi=shift;
+ my $session=shift;
+
+ if (! defined $cgi->remote_user() &&
+ defined $config{httpauth_pagespec} &&
+ length $config{httpauth_pagespec} &&
+ defined $config{cgiauthurl} &&
+ pagespec_match($page, $config{httpauth_pagespec})) {
+ return sub {
+ # bounce thru cgiauthurl and back to edit action
+ redir_cgiauthurl($cgi, $cgi->query_string());
+ };
+ }
+ else {
+ return undef;
+ }
+}
+
1