httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth.

master
Joey Hess 2010-02-11 18:25:10 -05:00
parent 046095552a
commit e11876b700
4 changed files with 72 additions and 21 deletions

View File

@ -941,7 +941,12 @@ sub linkpage ($) {
sub cgiurl (@) {
my %params=@_;
return $config{cgiurl}."?".
my $cgiurl=$config{cgiurl};
if (exists $params{cgiurl}) {
$cgiurl=$params{cgiurl};
delete $params{cgiurl};
}
return $cgiurl."?".
join("&", map $_."=".uri_escape_utf8($params{$_}), keys %params);
}

View File

@ -9,10 +9,10 @@ use IkiWiki 3.00;
sub import {
hook(type => "getsetup", id => "httpauth", call => \&getsetup);
hook(type => "auth", id => "httpauth", call => \&auth);
hook(type => "canedit", id => "httpauth", call => \&canedit,
last => 1);
hook(type => "formbuilder_setup", id => "httpauth",
call => \&formbuilder_setup);
hook(type => "canedit", id => "httpauth", call => \&canedit);
hook(type => "pagetemplate", id => "httpauth", call => \&pagetemplate);
}
sub getsetup () {
@ -28,13 +28,20 @@ sub getsetup () {
safe => 1,
rebuild => 0,
},
httpauth_pagespec => {
type => "pagespec",
example => "!*/Discussion",
description => "PageSpec of pages where only httpauth will be used for authentication",
safe => 0,
rebuild => 0,
},
}
sub redir_cgiauthurl ($$) {
sub redir_cgiauthurl ($;@) {
my $cgi=shift;
my $params=shift;
IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params);
IkiWiki::redirect($cgi,
IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_));
exit;
}
@ -47,19 +54,6 @@ sub auth ($$) {
}
}
sub canedit ($$$) {
my $page=shift;
my $cgi=shift;
my $session=shift;
if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
return sub { redir_cgiauthurl($cgi, $cgi->query_string()) };
}
else {
return undef;
}
}
sub formbuilder_setup (@) {
my %params=@_;
@ -74,10 +68,51 @@ sub formbuilder_setup (@) {
push @$buttons, $button_text;
if ($form->submitted && $form->submitted eq $button_text) {
redir_cgiauthurl($cgi, "do=postsignin");
exit;
# bounce thru cgiauthurl and then back to
# the stored postsignin action
redir_cgiauthurl($cgi, do => "postsignin");
}
}
}
sub test_httpauth_pagespec ($) {
my $page=shift;
return defined $config{httpauth_pagespec} &&
length $config{httpauth_pagespec} &&
defined $config{cgiauthurl} &&
pagespec_match($page, $config{httpauth_pagespec});
}
sub canedit ($$$) {
my $page=shift;
my $cgi=shift;
my $session=shift;
if (! defined $cgi->remote_user() && test_httpauth_pagespec($page)) {
return sub {
IkiWiki::redirect($cgi,
$config{cgiauthurl}.'?'.$cgi->query_string());
exit;
};
}
else {
return undef;
}
}
sub pagetemplate (@_) {
my %params=@_;
my $template=$params{template};
if ($template->param("editurl") &&
test_httpauth_pagespec($params{page})) {
# go directly to cgiauthurl when editing a page matching
# the pagespec
$template->param(editurl => IkiWiki::cgiurl(
cgiurl => $config{cgiauthurl},
do => "edit", page => $params{page}));
}
}
1

2
debian/changelog vendored
View File

@ -19,6 +19,8 @@ ikiwiki (3.20100123) UNRELEASED; urgency=low
alongside other authentication methods (like openid or anonok). Rather
than always redirect to the cgiauthurl for authentication, there is now
a button on the login form to use it.
* httpauth: Add httpauth_pagespec setting that can be used to limit
pages to only being edited via users authed with httpauth.
-- Joey Hess <joeyh@debian.org> Tue, 26 Jan 2010 22:25:33 -0500

View File

@ -24,3 +24,12 @@ A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi`
into it. Then configure the web server to require authentication only for
access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this
symlink.
## using only httpauth for some pages
If you want to only use httpauth for editing some pages, while allowing
other authentication methods to be used for other pages, you can
configure `httpauth_pagespec` in the setup file. This makes Edit
links on pages that match the [[ikiwiki/PageSpec]] automatically use
the `cgiauthurl`, and prevents matching pages from being edited by
users authentication via other methods.