From: Joey Hess Date: Tue, 10 Nov 2009 05:50:59 +0000 (-0500) Subject: httpauth: Add cgiauthurl setting that can be used to do http basic auth only when... X-Git-Url: https://sipb.mit.edu/gitweb.cgi/ikiwiki.git/commitdiff_plain/92a6f2e5e88b513ceaa1b9083ddbf6e928122893 httpauth: Add cgiauthurl setting that can be used to do http basic auth only when ikiwiki needs authentication, rather than for any access to the cgi/wiki. --- diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm index 1816c9d74..bbfff859a 100644 --- a/IkiWiki/Plugin/httpauth.pm +++ b/IkiWiki/Plugin/httpauth.pm @@ -17,6 +17,13 @@ sub getsetup () { safe => 1, rebuild => 0, }, + cgiauthurl => { + type => "string", + example => "ttp://example.com/wiki/auth/ikiwiki.cgi", + description => "url to redirect to when authentication is needed", + safe => 1, + rebuild => 0, + }, } sub auth ($$) { @@ -26,6 +33,10 @@ sub auth ($$) { if (defined $cgi->remote_user()) { $session->param("name", $cgi->remote_user()); } + elsif (defined $config{cgiauthurl}) { + IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$cgi->query_string()); + exit; + } } 1 diff --git a/debian/changelog b/debian/changelog index 4ab63f175..1a703b11f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,9 @@ ikiwiki (3.20091032) UNRELEASED; urgency=low or sidebar. * localstyle: New plugin, allows overrding the toplevel local.css with one that is closer to a page. + * httpauth: Add cgiauthurl setting that can be used to do http basic auth + only when ikiwiki needs authentication, rather than for any access to + the cgi/wiki. -- Joey Hess Fri, 06 Nov 2009 12:04:29 -0500 diff --git a/doc/plugins/httpauth.mdwn b/doc/plugins/httpauth.mdwn index 11ed223e7..77796a3d7 100644 --- a/doc/plugins/httpauth.mdwn +++ b/doc/plugins/httpauth.mdwn @@ -2,8 +2,24 @@ [[!tag type/auth]] This plugin allows HTTP basic authentication to be used to log into the -wiki. To use the plugin, your web server should be set up to perform HTTP -basic authentiation for at least the directory containing `ikiwiki.cgi`. -The authenticated user will be automatically signed into the wiki. +wiki. -This plugin is included in ikiwiki, but is not enabled by default. +## fully authenticated wiki + +One way to use the plugin is to configure your web server to require +HTTP basic authentication for any access to the directory containing the +wiki (and `ikiwiki.cgi`). The authenticated user will be automatically +signed into the wiki. This method is suitable only for private wikis. + +## separate cgiauthurl + +To use httpauth for a wiki where the content is public, and where +the `ikiwiki.cgi` needs to be usable without authentication (for searching +and so on), you can configure a separate url that is used for +authentication, via the `cgiauthurl` option in the setup file. This +url will then be redirected to whenever authentication is needed. + +A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi` +into it. Then configure the web server to require authentication only for +access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this +symlink.