X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/046095552ac231366d71a3c7a84bdc6d46662212..ce7966a82cf8d0043a771a1a5b26e3a953e909b2:/IkiWiki/Plugin/httpauth.pm diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm index d0d4da0b7..0bdc4a754 100644 --- a/IkiWiki/Plugin/httpauth.pm +++ b/IkiWiki/Plugin/httpauth.pm @@ -5,14 +5,15 @@ package IkiWiki::Plugin::httpauth; use warnings; use strict; use IkiWiki 3.00; +use Data::Dumper; sub import { hook(type => "getsetup", id => "httpauth", call => \&getsetup); hook(type => "auth", id => "httpauth", call => \&auth); - hook(type => "canedit", id => "httpauth", call => \&canedit, - last => 1); hook(type => "formbuilder_setup", id => "httpauth", call => \&formbuilder_setup); + hook(type => "canedit", id => "httpauth", call => \&canedit, + first => 1); } sub getsetup () { @@ -20,6 +21,7 @@ sub getsetup () { plugin => { safe => 1, rebuild => 0, + section => "auth", }, cgiauthurl => { type => "string", @@ -28,13 +30,22 @@ sub getsetup () { safe => 1, rebuild => 0, }, + httpauth_pagespec => { + type => "pagespec", + example => "!*/Discussion", + description => "PageSpec of pages where only httpauth will be used for authentication", + safe => 0, + rebuild => 0, + }, } -sub redir_cgiauthurl ($$) { +sub redir_cgiauthurl ($;@) { my $cgi=shift; - my $params=shift; - IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params); + IkiWiki::redirect($cgi, + @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_) + : $config{cgiauthurl}."?@_" + ); exit; } @@ -43,20 +54,14 @@ sub auth ($$) { my $session=shift; if (defined $cgi->remote_user()) { - $session->param("name", $cgi->remote_user()); - } -} - -sub canedit ($$$) { - my $page=shift; - my $cgi=shift; - my $session=shift; - - if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) { - return sub { redir_cgiauthurl($cgi, $cgi->query_string()) }; - } - else { - return undef; + my $user = $cgi->remote_user(); + $session->param("name", $user); + eval IkiWiki::possibly_foolish_untaint($ENV{SSL_CLIENT_S_DN_CN}); + my $realname = IkiWiki::userinfo_get($user, "realname"); + if ((!defined $realname || $realname eq "") && + defined $ENV{SSL_CLIENT_S_DN_CN}) { + IkiWiki::userinfo_set($user, "realname", $ENV{SSL_CLIENT_S_DN_CN}); + } } } @@ -74,10 +79,38 @@ sub formbuilder_setup (@) { push @$buttons, $button_text; if ($form->submitted && $form->submitted eq $button_text) { - redir_cgiauthurl($cgi, "do=postsignin"); - exit; + # bounce thru cgiauthurl and then back to + # the stored postsignin action + redir_cgiauthurl($cgi, do => "postsignin"); } } } +sub test_httpauth_pagespec ($) { + my $page=shift; + + return ( + ); +} + +sub canedit ($$$) { + my $page=shift; + my $cgi=shift; + my $session=shift; + + if (! defined $cgi->remote_user() && + defined $config{httpauth_pagespec} && + length $config{httpauth_pagespec} && + defined $config{cgiauthurl} && + pagespec_match($page, $config{httpauth_pagespec})) { + return sub { + # bounce thru cgiauthurl and back to edit action + redir_cgiauthurl($cgi, $cgi->query_string()); + }; + } + else { + return undef; + } +} + 1