ikiwiki/IkiWiki/Plugin/httpauth.pm

#!/usr/bin/perl
# HTTP basic auth plugin.
package IkiWiki::Plugin::httpauth;

use warnings;
use strict;
use IkiWiki 3.00;

sub import {
	hook(type => "getsetup", id => "httpauth", call => \&getsetup);
	hook(type => "auth", id => "httpauth", call => \&auth);
	hook(type => "formbuilder_setup", id => "httpauth",
		call => \&formbuilder_setup);
	hook(type => "canedit", id => "httpauth", call => \&canedit,
		first => 1);
}

sub getsetup () {
	return
		plugin => {
			safe => 1,
			rebuild => 0,
			section => "auth",
		},
		cgiauthurl => {
			type => "string",
			example => "http://example.com/wiki/auth/ikiwiki.cgi",
			description => "url to redirect to when authentication is needed",
			safe => 1,
			rebuild => 0,
		},
		httpauth_pagespec => {
			type => "pagespec",
			example => "!*/Discussion",
			description => "PageSpec of pages where only httpauth will be used for authentication",
			safe => 0,
			rebuild => 0,
		},
}
			
sub redir_cgiauthurl ($;@) {
	my $cgi=shift;

	IkiWiki::redirect($cgi, 
		@_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
		       : $config{cgiauthurl}."?@_"
	);
	exit;
}

sub auth ($$) {
	my $cgi=shift;
	my $session=shift;

	if (defined $cgi->remote_user()) {
		$session->param("name", $cgi->remote_user());
	}
}

sub formbuilder_setup (@) {
	my %params=@_;

	my $form=$params{form};
	my $session=$params{session};
	my $cgi=$params{cgi};
	my $buttons=$params{buttons};

	if ($form->title eq "signin" &&
	    ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
		my $button_text="Login with HTTP auth";
		push @$buttons, $button_text;

		if ($form->submitted && $form->submitted eq $button_text) {
			# bounce thru cgiauthurl and then back to
			# the stored postsignin action
			redir_cgiauthurl($cgi, do => "postsignin");
		}
	}
}

sub canedit ($$$) {
	my $page=shift;
	my $cgi=shift;
	my $session=shift;

	if (! defined $cgi->remote_user() &&
	    (! defined $session->param("name") ||
             ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
	    defined $config{httpauth_pagespec} &&
	    length $config{httpauth_pagespec} &&
	    defined $config{cgiauthurl} &&
	    pagespec_match($page, $config{httpauth_pagespec})) {
		return sub {
			# bounce thru cgiauthurl and back to edit action
			redir_cgiauthurl($cgi, $cgi->query_string());
		};
	}
	else {
		return undef;
	}
}

1
* Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. 2006-11-20 02:52:18 +01:00			`#!/usr/bin/perl`
			`# HTTP basic auth plugin.`
			`package IkiWiki::Plugin::httpauth;`

			`use warnings;`
			`use strict;`
finalise version 3.00 of the plugin api 2008-12-23 22:34:19 +01:00			`use IkiWiki 3.00;`
* Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. 2006-11-20 02:52:18 +01:00
Coding style change: Remove explcit vim folding markers. 2008-12-17 21:22:16 +01:00			`sub import {`
add plugin safe/rebuild info (part 1 of 2) too many plugins.. brain exploding.. 2008-08-03 22:40:12 +02:00			`hook(type => "getsetup", id => "httpauth", call => \&getsetup);`
* Add openidsignup config option. * Make the openid plugin support the callbacks from myopenid.com via its affiliate program. * Change how post signin actions are propigated through the signin process; they're now stored in the session. 2006-11-20 10:40:09 +01:00			`hook(type => "auth", id => "httpauth", call => \&auth);`
httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00			`hook(type => "formbuilder_setup", id => "httpauth",`
			`call => \&formbuilder_setup);`
partially fix httpauth canedit hook My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary. 2010-02-12 01:54:40 +01:00			`hook(type => "canedit", id => "httpauth", call => \&canedit,`
			`first => 1);`
Coding style change: Remove explcit vim folding markers. 2008-12-17 21:22:16 +01:00			`}`
* Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. 2006-11-20 02:52:18 +01:00
Coding style change: Remove explcit vim folding markers. 2008-12-17 21:22:16 +01:00			`sub getsetup () {`
add plugin safe/rebuild info (part 1 of 2) too many plugins.. brain exploding.. 2008-08-03 22:40:12 +02:00			`return`
			`plugin => {`
			`safe => 1,`
			`rebuild => 0,`
Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file. 2010-02-12 04:24:15 +01:00			`section => "auth",`
add plugin safe/rebuild info (part 1 of 2) too many plugins.. brain exploding.. 2008-08-03 22:40:12 +02:00			`},`
httpauth: Add cgiauthurl setting that can be used to do http basic auth only when ikiwiki needs authentication, rather than for any access to the cgi/wiki. 2009-11-10 06:50:59 +01:00			`cgiauthurl => {`
			`type => "string",`
typo 2009-11-10 06:53:34 +01:00			`example => "http://example.com/wiki/auth/ikiwiki.cgi",`
httpauth: Add cgiauthurl setting that can be used to do http basic auth only when ikiwiki needs authentication, rather than for any access to the cgi/wiki. 2009-11-10 06:50:59 +01:00			`description => "url to redirect to when authentication is needed",`
			`safe => 1,`
			`rebuild => 0,`
			`},`
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`httpauth_pagespec => {`
			`type => "pagespec",`
			`example => "!*/Discussion",`
			`description => "PageSpec of pages where only httpauth will be used for authentication",`
			`safe => 0,`
			`rebuild => 0,`
			`},`
Coding style change: Remove explcit vim folding markers. 2008-12-17 21:22:16 +01:00			`}`
httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`sub redir_cgiauthurl ($;@) {`
httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00			`my $cgi=shift;`

httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`IkiWiki::redirect($cgi,`
partially fix httpauth canedit hook My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary. 2010-02-12 01:54:40 +01:00			`@_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)`
			`: $config{cgiauthurl}."?@_"`
			`);`
httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00			`exit;`
			`}`
add plugin safe/rebuild info (part 1 of 2) too many plugins.. brain exploding.. 2008-08-03 22:40:12 +02:00
Coding style change: Remove explcit vim folding markers. 2008-12-17 21:22:16 +01:00			`sub auth ($$) {`
* Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. 2006-11-20 02:52:18 +01:00			`my $cgi=shift;`
			`my $session=shift;`

			`if (defined $cgi->remote_user()) {`
			`$session->param("name", $cgi->remote_user());`
			`}`
patch so far 2010-02-11 22:36:19 +01:00			`}`

httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00			`sub formbuilder_setup (@) {`
			`my %params=@_;`

			`my $form=$params{form};`
			`my $session=$params{session};`
			`my $cgi=$params{cgi};`
			`my $buttons=$params{buttons};`

			`if ($form->title eq "signin" &&`
			`! defined $cgi->remote_user() && defined $config{cgiauthurl}) {`
			`my $button_text="Login with HTTP auth";`
			`push @$buttons, $button_text;`

			`if ($form->submitted && $form->submitted eq $button_text) {`
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`# bounce thru cgiauthurl and then back to`
			`# the stored postsignin action`
			`redir_cgiauthurl($cgi, do => "postsignin");`
httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. 2010-02-11 23:26:09 +01:00			`}`
			`}`
			`}`

httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`sub canedit ($$$) {`
			`my $page=shift;`
			`my $cgi=shift;`
			`my $session=shift;`

fix logic error 2010-02-12 00:32:07 +01:00			`if (! defined $cgi->remote_user() &&`
httpauth: Avoid redirecting the user to the cgiauthurl if they already have a login session. 2010-08-31 00:32:32 +02:00			`(! defined $session->param("name") \|\|`
			`! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&`
partially fix httpauth canedit hook My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary. 2010-02-12 01:54:40 +01:00			`defined $config{httpauth_pagespec} &&`
			`length $config{httpauth_pagespec} &&`
			`defined $config{cgiauthurl} &&`
			`pagespec_match($page, $config{httpauth_pagespec})) {`
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`return sub {`
partially fix httpauth canedit hook My logic was right before. Cleaned up some code. (Page creation is still a problem.) Also, I removed the Edit url munging, because that is not necessary with the canedit hook, since canedit will handle redirection through cgiauthurl if necessary. 2010-02-12 01:54:40 +01:00			`# bounce thru cgiauthurl and back to edit action`
			`redir_cgiauthurl($cgi, $cgi->query_string());`
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth. 2010-02-12 00:25:10 +01:00			`};`
			`}`
			`else {`
			`return undef;`
			`}`
			`}`

* Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. 2006-11-20 02:52:18 +01:00			`1`