diff --git a/IkiWiki.pm b/IkiWiki.pm index dfdd0fe91..bb36b0885 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -1430,6 +1430,7 @@ sub userpage ($) { return length $config{userdir} ? "$config{userdir}/$user" : $user; } +# Username to display for openid accounts. sub openiduser ($) { my $user=shift; @@ -1464,6 +1465,7 @@ sub openiduser ($) { return; } +# Username to display for emailauth accounts. sub emailuser ($) { my $user=shift; if (defined $user && $user =~ m/(.+)@/) { @@ -1475,6 +1477,22 @@ sub emailuser ($) { return; } +# Some user information should not be exposed in commit metadata, etc. +# This generates a cloaked form of such information. +sub cloak ($) { + my $user=shift; + # cloak email address using http://xmlns.com/foaf/spec/#term_mbox_sha1sum + if ($user=~m/(.+)@/) { + my $nick=$1; + eval q{use Digest::SHA}; + return $user if $@; + return $nick.'@'.Digest::SHA::sha1_hex("mailto:$user"); + } + else { + return $user; + } +} + sub htmlize ($$$$) { my $page=shift; my $destpage=shift; diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm index d801c72a0..1763828a4 100644 --- a/IkiWiki/CGI.pm +++ b/IkiWiki/CGI.pm @@ -336,16 +336,19 @@ sub check_banned ($$) { my $banned=0; my $name=$session->param("name"); + my $cloak=cloak($name) if defined $name; if (defined $name && - grep { $name eq $_ } @{$config{banned_users}}) { + grep { $name eq $_ || $cloak eq $_ } @{$config{banned_users}}) { $banned=1; } foreach my $b (@{$config{banned_users}}) { if (pagespec_match("", $b, ip => $session->remote_addr(), - name => defined $name ? $name : "", - )) { + name => defined $name ? $name : "") + || pagespec_match("", $b, + ip => cloak($session->remote_addr()), + name => defined $cloak ? $cloak : "")) { $banned=1; last; } diff --git a/IkiWiki/Plugin/bzr.pm b/IkiWiki/Plugin/bzr.pm index e2b102dee..5ec254f84 100644 --- a/IkiWiki/Plugin/bzr.pm +++ b/IkiWiki/Plugin/bzr.pm @@ -133,10 +133,10 @@ sub bzr_author ($) { my $ipaddr=$session->remote_addr(); if (defined $user) { - return IkiWiki::possibly_foolish_untaint($user); + return IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($user)); } elsif (defined $ipaddr) { - return "Anonymous from ".IkiWiki::possibly_foolish_untaint($ipaddr); + return "Anonymous from ".IkiWiki::possibly_foolish_untaint(IkiWiki::cloak($ipaddr)); } else { return "Anonymous"; diff --git a/IkiWiki/Plugin/comments.pm b/IkiWiki/Plugin/comments.pm index eaa924e51..ad813d19d 100644 --- a/IkiWiki/Plugin/comments.pm +++ b/IkiWiki/Plugin/comments.pm @@ -466,7 +466,7 @@ sub editcomment ($$) { my $content = "[[!comment format=$type\n"; if (defined $session->param('name')) { - my $username = $session->param('name'); + my $username = IkiWiki::cloak($session->param('name')); $username =~ s/"/"/g; $content .= " username=\"$username\"\n"; } @@ -479,7 +479,7 @@ sub editcomment ($$) { if (!(defined $session->param('name') || defined $session->param('nickname')) && defined $session->remote_addr()) { - $content .= " ip=\"".$session->remote_addr()."\"\n"; + $content .= " ip=\"".IkiWiki::cloak($session->remote_addr())."\"\n"; } if ($config{comments_allowauthor}) { diff --git a/IkiWiki/Plugin/cvs.pm b/IkiWiki/Plugin/cvs.pm index 841aec914..8989a26e3 100644 --- a/IkiWiki/Plugin/cvs.pm +++ b/IkiWiki/Plugin/cvs.pm @@ -456,12 +456,12 @@ sub commitmessage (@) { if (defined $params{session}) { if (defined $params{session}->param("name")) { return "web commit by ". - $params{session}->param("name"). + IkiWiki::cloak($params{session}->param("name")). (length $params{message} ? ": $params{message}" : ""); } elsif (defined $params{session}->remote_addr()) { return "web commit from ". - $params{session}->remote_addr(). + IkiWiki::cloak($params{session}->remote_addr()). (length $params{message} ? ": $params{message}" : ""); } } diff --git a/IkiWiki/Plugin/darcs.pm b/IkiWiki/Plugin/darcs.pm index 646f65df1..9dccd95a4 100644 --- a/IkiWiki/Plugin/darcs.pm +++ b/IkiWiki/Plugin/darcs.pm @@ -147,10 +147,10 @@ sub commitauthor (@) { my $author="anon\@web"; if (defined $params{session}) { if (defined $params{session}->param("name")) { - return $params{session}->param("name").'@web'; + return IkiWiki::cloak($params{session}->param("name")).'@web'; } elsif (defined $params{session}->remote_addr()) { - return $params{session}->remote_addr().'@web'; + return IkiWiki::cloak($params{session}->remote_addr()).'@web'; } } return 'anon@web'; diff --git a/IkiWiki/Plugin/git.pm b/IkiWiki/Plugin/git.pm index 75b89e476..4d48388a0 100644 --- a/IkiWiki/Plugin/git.pm +++ b/IkiWiki/Plugin/git.pm @@ -579,7 +579,7 @@ sub rcs_commit_helper (@) { $u=$params{session}->remote_addr(); } if (defined $u) { - $u=encode_utf8($u); + $u=encode_utf8(IkiWiki::cloak($u)); $ENV{GIT_AUTHOR_NAME}=$u; } if (defined $params{session}->param("nickname")) { diff --git a/IkiWiki/Plugin/mercurial.pm b/IkiWiki/Plugin/mercurial.pm index 8da4ceb07..9f0c5b721 100644 --- a/IkiWiki/Plugin/mercurial.pm +++ b/IkiWiki/Plugin/mercurial.pm @@ -183,10 +183,10 @@ sub rcs_commit_helper (@) { my $user="Anonymous"; if (defined $params{session}) { if (defined $params{session}->param("name")) { - $user = $params{session}->param("name"); + $user = IkiWiki::cloak($params{session}->param("name")); } elsif (defined $params{session}->remote_addr()) { - $user = $params{session}->remote_addr(); + $user = IkiWiki::cloak($params{session}->remote_addr()); } my $nickname=$user; diff --git a/IkiWiki/Plugin/monotone.pm b/IkiWiki/Plugin/monotone.pm index 105627814..b0bba5661 100644 --- a/IkiWiki/Plugin/monotone.pm +++ b/IkiWiki/Plugin/monotone.pm @@ -310,10 +310,10 @@ sub commitauthor (@) { if (defined $params{session}) { if (defined $params{session}->param("name")) { - return "Web user: " . $params{session}->param("name"); + return "Web user: " . IkiWiki::cloak($params{session}->param("name")); } elsif (defined $params{session}->remote_addr()) { - return "Web IP: " . $params{session}->remote_addr(); + return "Web IP: " . IkiWiki::cloak($params{session}->remote_addr()); } } return "Web: Anonymous"; diff --git a/IkiWiki/Plugin/svn.pm b/IkiWiki/Plugin/svn.pm index fd11f2c63..c46a52dcf 100644 --- a/IkiWiki/Plugin/svn.pm +++ b/IkiWiki/Plugin/svn.pm @@ -147,12 +147,12 @@ sub commitmessage (@) { if (defined $params{session}) { if (defined $params{session}->param("name")) { return "web commit by ". - $params{session}->param("name"). + IkiWiki::cloak($params{session}->param("name")). (length $params{message} ? ": $params{message}" : ""); } elsif (defined $params{session}->remote_addr()) { return "web commit from ". - $params{session}->remote_addr(). + IkiWiki::cloak($params{session}->remote_addr()). (length $params{message} ? ": $params{message}" : ""); } } diff --git a/IkiWiki/Plugin/tla.pm b/IkiWiki/Plugin/tla.pm index 11be248e8..c2fffbced 100644 --- a/IkiWiki/Plugin/tla.pm +++ b/IkiWiki/Plugin/tla.pm @@ -108,12 +108,12 @@ sub rcs_commit (@) { if (defined $params{session}) { if (defined $params{session}->param("name")) { $message="web commit by ". - $params{session}->param("name"). + IkiWiki::cloak($params{session}->param("name")). (length $message ? ": $message" : ""); } elsif (defined $params{session}->remote_addr()) { $message="web commit from ". - $params{session}->remote_addr(). + IkiWiki::cloak($params{session}->remote_addr()). (length $message ? ": $message" : ""); } } diff --git a/doc/banned_users.mdwn b/doc/banned_users.mdwn index c44f8c587..23433b15b 100644 --- a/doc/banned_users.mdwn +++ b/doc/banned_users.mdwn @@ -8,3 +8,7 @@ For example: If a banned user attempts to use the ikiwiki CGI, they will receive a 403 Forbidden webpage indicating they are banned. + +Note that when [[plugins/emailauth]] is used, the user's email address +is displayed in cloaked form in commits of their edits. This cloaked email +address can be used as-is in the `banned_users` setting. diff --git a/doc/plugins/emailauth.mdwn b/doc/plugins/emailauth.mdwn index db22e2931..74097d2cc 100644 --- a/doc/plugins/emailauth.mdwn +++ b/doc/plugins/emailauth.mdwn @@ -11,8 +11,10 @@ some other form of authentication, such as [[passwordauth]] or [[openid]]. Users who have logged in using emailauth will have their email address used as their username. In places where the username is displayed, like the RecentChanges page, the domain will be omitted, to avoid exposing the -user's email address. Note though that the email address will be visible -when looking at eg, commits in the git repository. +user's email address. In places where the full username needs to be put, +like commits of changes, the email address is cloaked using +the +foaf:mbox_sha1sum spec. This plugin needs the [[!cpan Mail::SendMail]] perl module installed, and able to send outgoing email. diff --git a/doc/todo/emailauth.mdwn b/doc/todo/emailauth.mdwn index 357a4ad9b..4683bbad2 100644 --- a/doc/todo/emailauth.mdwn +++ b/doc/todo/emailauth.mdwn @@ -131,4 +131,6 @@ Thoughts anyone? --[[Joey]] >>> from `smcv ` - if the hash is of `mailto:whatever` >>> (like my example one) then it's compatible with >>> [FOAF](http://xmlns.com/foaf/spec/#term_mbox_sha1sum). ->>> --[[smcv]] +>>> --[[smcv]]a + +>>> Email addresses are now cloaked in commits, using foaf:mbox_sha1sum. --[[Joey]]