X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/blobdiff_plain/c3a530ab93c01f449554d3cee472594d895e4126..54cf5a62cab254e923c8d73ae8bd043a1f33c3b1:/IkiWiki/CGI.pm

diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index 3ba6cf7f8..def0549c5 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -74,10 +74,13 @@ sub cgi_recentchanges ($) { #{{{
 	# during page builds as the return values may change, but they
 	# won't here.)
 	eval q{use Memoize};
+	error($@) if $@;
 	memoize("htmllink");
 
 	eval q{use Time::Duration};
+	error($@) if $@;
 	eval q{use CGI 'escapeHTML'};
+	error($@) if $@;
 
 	my $changelog=[rcs_recentchanges(100)];
 	foreach my $change (@$changelog) {
@@ -114,9 +117,10 @@ sub cgi_signin ($$) { #{{{
 	my $session=shift;
 
 	eval q{use CGI::FormBuilder};
+	error($@) if $@;
 	my $form = CGI::FormBuilder->new(
 		title => "signin",
-		fields => [qw(do title page subpage from name password)],
+		fields => [qw(do title page subpage from name password openid_url)],
 		header => 1,
 		charset => "utf-8",
 		method => 'POST',
@@ -145,33 +149,56 @@ sub cgi_signin ($$) { #{{{
 	$form->field(name => "from", type => "hidden");
 	$form->field(name => "subpage", type => "hidden");
 	$form->field(name => "password", type => "password", required => 0);
+	if ($config{openid}) {
+		$form->field(name => "openid_url", label => "OpenID", comment => "to log in via OpenID");
+	}
+	else {
+		$form->field(name => "openid_url", type => "hidden");
+	}
 	if ($form->submitted eq "Register" || $form->submitted eq "Create Account") {
 		$form->title("register");
 		$form->text("");
-		$form->field(name => "name", comment => "use FirstnameLastName");
 		$form->fields(qw(do title page subpage from name password confirm_password email));
 		$form->field(name => "confirm_password", type => "password");
 		$form->field(name => "email", type => "text");
+		$form->field(name => "openid_url", type => "hidden");
 	}
 	if ($q->param("do") ne "signin" && !$form->submitted) {
 		$form->text("You need to log in first.");
 	}
 	
 	if ($form->submitted) {
+		my $submittype=$form->submitted;
+		# OpenID login uses the Login button, but validates
+		# differently.
+		if ($submittype eq "Login" && $config{openid} && 
+		    length $form->field("openid_url")) {
+			$submittype="OpenID";
+			
+			$form->field(
+				name => "openid_url",
+				validate => sub {
+					# FIXME: ugh
+					IkiWiki::Plugin::openid::validate($q, $session, $form, shift);
+				},
+			);
+		}
+
 		# Set required fields based on how form was submitted.
 		my %required=(
 			"Login" => [qw(name password)],
 			"Register" => [],
 			"Create Account" => [qw(name password confirm_password email)],
 			"Mail Password" => [qw(name)],
+			"OpenID" => [qw(openid_url)],
 		);
-		foreach my $opt (@{$required{$form->submitted}}) {
+		foreach my $opt (@{$required{$submittype}}) {
 			$form->field(name => $opt, required => 1);
 		}
 	
 		# Validate password differently depending on how
 		# form was submitted.
-		if ($form->submitted eq 'Login') {
+		if ($submittype eq 'Login') {
 			$form->field(
 				name => "password",
 				validate => sub {
@@ -181,12 +208,13 @@ sub cgi_signin ($$) { #{{{
 			);
 			$form->field(name => "name", validate => '/^\w+$/');
 		}
-		else {
+		elsif ($submittype ne 'OpenID') {
 			$form->field(name => "password", validate => 'VALUE');
 		}
 		# And make sure the entered name exists when logging
 		# in or sending email, and does not when registering.
-		if ($form->submitted eq 'Create Account') {
+		if ($submittype eq 'Create Account' ||
+		    $submittype eq 'Register') {
 			$form->field(
 				name => "name",
 				validate => sub {
@@ -197,7 +225,7 @@ sub cgi_signin ($$) { #{{{
 				},
 			);
 		}
-		else {
+		elsif ($submittype ne 'OpenID') {
 			$form->field(
 				name => "name",
 				validate => sub {
@@ -225,8 +253,8 @@ sub cgi_signin ($$) { #{{{
 					do => $form->field("do"),
 					page => $form->field("page"),
 					title => $form->field("title"),
-					subpage => $form->field("subpage"),
 					from => $form->field("from"),
+					subpage => $form->field("subpage"),
 				));
 			}
 			else {
@@ -262,6 +290,7 @@ sub cgi_signin ($$) { #{{{
 			);
 			
 			eval q{use Mail::Sendmail};
+			error($@) if $@;
 			sendmail(
 				To => userinfo_get($user_name, "email"),
 				From => "$config{wikiname} admin <$config{adminemail}>",
@@ -294,6 +323,7 @@ sub cgi_prefs ($$) { #{{{
 	my $session=shift;
 
 	eval q{use CGI::FormBuilder};
+	error($@) if $@;
 	my $form = CGI::FormBuilder->new(
 		title => "preferences",
 		fields => [qw(do name password confirm_password email 
@@ -388,6 +418,7 @@ sub cgi_editpage ($$) { #{{{
 	my @buttons=("Save Page", "Preview", "Cancel");
 	
 	eval q{use CGI::FormBuilder; use CGI::FormBuilder::Template::HTML};
+	error($@) if $@;
 	my $renderer=CGI::FormBuilder::Template::HTML->new(
 		fields => \@fields,
 		template_params("editpage.tmpl"),
@@ -639,8 +670,8 @@ sub cgi_editpage ($$) { #{{{
 } #}}}
 
 sub cgi () { #{{{
-	eval q{use CGI};
-	eval q{use CGI::Session};
+	eval q{use CGI; use CGI::Session};
+	error($@) if $@;
 	
 	my $q=CGI->new;
 	
@@ -673,11 +704,30 @@ sub cgi () { #{{{
 		{ FileName => "$config{wikistatedir}/sessions.db" });
 	umask($oldmask);
 	
+	# Auth hooks can sign a user in.
+	if ($do ne 'signin' && ! defined $session->param("name")) {
+		run_hooks(auth => sub {
+			shift->($q, $session)
+		});
+		if (defined $session->param("name")) {
+			# Make sure whatever user was authed is in the
+			# userinfo db.
+			if (! userinfo_get($session->param("name"), "regdate")) {
+				userinfo_setall($session->param("name"), {
+					email => "",
+					password => "",
+					regdate => time,
+				});
+			}
+		}
+	}
+
 	# Everything below this point needs the user to be signed in.
 	if (((! $config{anonok} || $do eq 'prefs') &&
 	     (! $config{httpauth}) &&
 	     (! defined $session->param("name") ||
-	     ! userinfo_get($session->param("name"), "regdate"))) || $do eq 'signin') {
+	     ! userinfo_get($session->param("name"), "regdate")))
+            || $do eq 'signin') {
 		cgi_signin($q, $session);
 	
 		# Force session flush with safe umask.
@@ -688,23 +738,7 @@ sub cgi () { #{{{
 		return;
 	}
 
-	if ($config{httpauth} && (! defined $session->param("name"))) {
-		if (! defined $q->remote_user()) {
-			error("Could not determine authenticated username.");
-		}
-		else {
-			$session->param("name", $q->remote_user());
-			if (! userinfo_get($session->param("name"), "regdate")) {
-				userinfo_setall($session->param("name"), {
-					email => "",
-					password => "",
-					regdate=>time,
-				});
-			}
-		}
-	}
-
-	if (userinfo_get($session->param("name"), "banned")) {
+	if (defined $session->param("name") && userinfo_get($session->param("name"), "banned")) {
 		print $q->header(-status => "403 Forbidden");
 		$session->delete();
 		print "You are banned.";