Merge branch 'master' into sipb

[ikiwiki.git] / IkiWiki / Plugin / httpauth.pm

diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm
index 202ca11532e357322d1a14b2b285460c2b500f11..0bdc4a75423a4156f1312d2d20c3872c738d7514 100644 (file)
--- a/IkiWiki/Plugin/httpauth.pm
+++ b/IkiWiki/Plugin/httpauth.pm
@@ -5,14 +5,15 @@ package IkiWiki::Plugin::httpauth;
 use warnings;
 use strict;
 use IkiWiki 3.00;
+use Data::Dumper;
 
 sub import {
        hook(type => "getsetup", id => "httpauth", call => \&getsetup);
        hook(type => "auth", id => "httpauth", call => \&auth);
        hook(type => "formbuilder_setup", id => "httpauth",
                call => \&formbuilder_setup);
-       hook(type => "canedit", id => "httpauth", call => \&canedit);
-       hook(type => "pagetemplate", id => "httpauth", call => \&pagetemplate);
+       hook(type => "canedit", id => "httpauth", call => \&canedit,
+               first => 1);
 }
 
 sub getsetup () {
@@ -20,6 +21,7 @@ sub getsetup () {
                plugin => {
                        safe => 1,
                        rebuild => 0,
+                       section => "auth",
                },
                cgiauthurl => {
                        type => "string",
@@ -41,7 +43,9 @@ sub redir_cgiauthurl ($;@) {
        my $cgi=shift;
 
        IkiWiki::redirect($cgi, 
-               IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_));
+               @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
+                      : $config{cgiauthurl}."?@_"
+       );
        exit;
 }
 
@@ -50,7 +54,14 @@ sub auth ($$) {
        my $session=shift;
 
        if (defined $cgi->remote_user()) {
-               $session->param("name", $cgi->remote_user());
+               my $user = $cgi->remote_user();
+               $session->param("name", $user);
+               eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN});
+               my $realname = IkiWiki::userinfo_get($user, "realname");
+               if ((!defined $realname || $realname eq "") &&
+                   defined $ENV{SSL_CLIENT_S_DN_CN}) {
+               IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN});
+               }
        }
 }
 
@@ -78,10 +89,8 @@ sub formbuilder_setup (@) {
 sub test_httpauth_pagespec ($) {
        my $page=shift;
 
-       return defined $config{httpauth_pagespec} &&
-              length $config{httpauth_pagespec} &&
-              defined $config{cgiauthurl} &&
-              pagespec_match($page, $config{httpauth_pagespec});
+       return (
+       );
 }
 
 sub canedit ($$$) {
@@ -89,11 +98,14 @@ sub canedit ($$$) {
        my $cgi=shift;
        my $session=shift;
 
-       if (! defined $cgi->remote_user() && test_httpauth_pagespec($page)) {
+       if (! defined $cgi->remote_user() &&
+           defined $config{httpauth_pagespec} &&
+           length $config{httpauth_pagespec} &&
+           defined $config{cgiauthurl} &&
+           pagespec_match($page, $config{httpauth_pagespec})) {
                return sub {
-                       IkiWiki::redirect($cgi, 
-                               $config{cgiauthurl}.'?'.$cgi->query_string());
-                       exit;
+                       # bounce thru cgiauthurl and back to edit action
+                       redir_cgiauthurl($cgi, $cgi->query_string());
                };
        }
        else {
@@ -101,18 +113,4 @@ sub canedit ($$$) {
        }
 }
 
-sub pagetemplate (@_) {
-       my %params=@_;
-       my $template=$params{template};
-
-       if ($template->param("editurl") &&
-           test_httpauth_pagespec($params{page})) {
-               # go directly to cgiauthurl when editing a page matching
-               # the pagespec
-               $template->param(editurl => IkiWiki::cgiurl(
-                       cgiurl => $config{cgiauthurl},
-                       do => "edit", page => $params{page}));
-       }
-}
-
 1