X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/54cf5a62cab254e923c8d73ae8bd043a1f33c3b1..239c37989d4fb3e94c4c6db841a49a79b9ea040f:/IkiWiki/Plugin/httpauth.pm diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm index 336eb793a..76d574b2a 100644 --- a/IkiWiki/Plugin/httpauth.pm +++ b/IkiWiki/Plugin/httpauth.pm @@ -4,19 +4,114 @@ package IkiWiki::Plugin::httpauth; use warnings; use strict; -use IkiWiki; +use IkiWiki 3.00; -sub import { #{{{ - hook(type => "auth", id => "skeleton", call => \&auth); -} # }}} +sub import { + hook(type => "checkconfig", id => "httpauth", call => \&checkconfig); + hook(type => "getsetup", id => "httpauth", call => \&getsetup); + hook(type => "auth", id => "httpauth", call => \&auth); + hook(type => "formbuilder_setup", id => "httpauth", + call => \&formbuilder_setup); + hook(type => "canedit", id => "httpauth", call => \&canedit, + first => 1); +} -sub auth ($$) { #{{{ +sub getsetup () { + return + plugin => { + safe => 1, + rebuild => 0, + section => "auth", + }, + cgiauthurl => { + type => "string", + example => "http://example.com/wiki/auth/ikiwiki.cgi", + description => "url to redirect to when authentication is needed", + safe => 1, + rebuild => 0, + }, + httpauth_pagespec => { + type => "pagespec", + example => "!*/Discussion", + description => "PageSpec of pages where only httpauth will be used for authentication", + safe => 0, + rebuild => 0, + }, +} + +sub checkconfig () { + if ($config{cgi} && defined $config{cgiauthurl} && + keys %{$IkiWiki::hooks{auth}} < 2) { + # There are no other auth hooks registered, so avoid + # the normal signin form, and jump right to httpauth. + require IkiWiki::CGI; + inject(name => "IkiWiki::cgi_signin", call => sub ($$) { + my $cgi=shift; + redir_cgiauthurl($cgi, $cgi->query_string()); + }); + } +} + +sub redir_cgiauthurl ($;@) { + my $cgi=shift; + + IkiWiki::redirect($cgi, + @_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_) + : $config{cgiauthurl}."?@_" + ); + exit; +} + +sub auth ($$) { my $cgi=shift; my $session=shift; if (defined $cgi->remote_user()) { $session->param("name", $cgi->remote_user()); } -} #}}} +} + +sub formbuilder_setup (@) { + my %params=@_; + + my $form=$params{form}; + my $session=$params{session}; + my $cgi=$params{cgi}; + my $buttons=$params{buttons}; + + if ($form->title eq "signin" && + ! defined $cgi->remote_user() && defined $config{cgiauthurl}) { + my $button_text="Login with HTTP auth"; + push @$buttons, $button_text; + + if ($form->submitted && $form->submitted eq $button_text) { + # bounce thru cgiauthurl and then back to + # the stored postsignin action + redir_cgiauthurl($cgi, do => "postsignin"); + } + } +} + +sub canedit ($$$) { + my $page=shift; + my $cgi=shift; + my $session=shift; + + if (! defined $cgi->remote_user() && + (! defined $session->param("name") || + ! IkiWiki::userinfo_get($session->param("name"), "regdate")) && + defined $config{httpauth_pagespec} && + length $config{httpauth_pagespec} && + defined $config{cgiauthurl} && + pagespec_match($page, $config{httpauth_pagespec})) { + return sub { + # bounce thru cgiauthurl and back to edit action + redir_cgiauthurl($cgi, $cgi->query_string()); + }; + } + else { + return undef; + } +} 1