httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth.
parent
046095552a
commit
e11876b700
|
@ -941,7 +941,12 @@ sub linkpage ($) {
|
|||
sub cgiurl (@) {
|
||||
my %params=@_;
|
||||
|
||||
return $config{cgiurl}."?".
|
||||
my $cgiurl=$config{cgiurl};
|
||||
if (exists $params{cgiurl}) {
|
||||
$cgiurl=$params{cgiurl};
|
||||
delete $params{cgiurl};
|
||||
}
|
||||
return $cgiurl."?".
|
||||
join("&", map $_."=".uri_escape_utf8($params{$_}), keys %params);
|
||||
}
|
||||
|
||||
|
|
|
@ -9,10 +9,10 @@ use IkiWiki 3.00;
|
|||
sub import {
|
||||
hook(type => "getsetup", id => "httpauth", call => \&getsetup);
|
||||
hook(type => "auth", id => "httpauth", call => \&auth);
|
||||
hook(type => "canedit", id => "httpauth", call => \&canedit,
|
||||
last => 1);
|
||||
hook(type => "formbuilder_setup", id => "httpauth",
|
||||
call => \&formbuilder_setup);
|
||||
hook(type => "canedit", id => "httpauth", call => \&canedit);
|
||||
hook(type => "pagetemplate", id => "httpauth", call => \&pagetemplate);
|
||||
}
|
||||
|
||||
sub getsetup () {
|
||||
|
@ -28,13 +28,20 @@ sub getsetup () {
|
|||
safe => 1,
|
||||
rebuild => 0,
|
||||
},
|
||||
httpauth_pagespec => {
|
||||
type => "pagespec",
|
||||
example => "!*/Discussion",
|
||||
description => "PageSpec of pages where only httpauth will be used for authentication",
|
||||
safe => 0,
|
||||
rebuild => 0,
|
||||
},
|
||||
}
|
||||
|
||||
sub redir_cgiauthurl ($$) {
|
||||
sub redir_cgiauthurl ($;@) {
|
||||
my $cgi=shift;
|
||||
my $params=shift;
|
||||
|
||||
IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params);
|
||||
IkiWiki::redirect($cgi,
|
||||
IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -47,19 +54,6 @@ sub auth ($$) {
|
|||
}
|
||||
}
|
||||
|
||||
sub canedit ($$$) {
|
||||
my $page=shift;
|
||||
my $cgi=shift;
|
||||
my $session=shift;
|
||||
|
||||
if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
|
||||
return sub { redir_cgiauthurl($cgi, $cgi->query_string()) };
|
||||
}
|
||||
else {
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
sub formbuilder_setup (@) {
|
||||
my %params=@_;
|
||||
|
||||
|
@ -74,10 +68,51 @@ sub formbuilder_setup (@) {
|
|||
push @$buttons, $button_text;
|
||||
|
||||
if ($form->submitted && $form->submitted eq $button_text) {
|
||||
redir_cgiauthurl($cgi, "do=postsignin");
|
||||
exit;
|
||||
# bounce thru cgiauthurl and then back to
|
||||
# the stored postsignin action
|
||||
redir_cgiauthurl($cgi, do => "postsignin");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
sub test_httpauth_pagespec ($) {
|
||||
my $page=shift;
|
||||
|
||||
return defined $config{httpauth_pagespec} &&
|
||||
length $config{httpauth_pagespec} &&
|
||||
defined $config{cgiauthurl} &&
|
||||
pagespec_match($page, $config{httpauth_pagespec});
|
||||
}
|
||||
|
||||
sub canedit ($$$) {
|
||||
my $page=shift;
|
||||
my $cgi=shift;
|
||||
my $session=shift;
|
||||
|
||||
if (! defined $cgi->remote_user() && test_httpauth_pagespec($page)) {
|
||||
return sub {
|
||||
IkiWiki::redirect($cgi,
|
||||
$config{cgiauthurl}.'?'.$cgi->query_string());
|
||||
exit;
|
||||
};
|
||||
}
|
||||
else {
|
||||
return undef;
|
||||
}
|
||||
}
|
||||
|
||||
sub pagetemplate (@_) {
|
||||
my %params=@_;
|
||||
my $template=$params{template};
|
||||
|
||||
if ($template->param("editurl") &&
|
||||
test_httpauth_pagespec($params{page})) {
|
||||
# go directly to cgiauthurl when editing a page matching
|
||||
# the pagespec
|
||||
$template->param(editurl => IkiWiki::cgiurl(
|
||||
cgiurl => $config{cgiauthurl},
|
||||
do => "edit", page => $params{page}));
|
||||
}
|
||||
}
|
||||
|
||||
1
|
||||
|
|
|
@ -19,6 +19,8 @@ ikiwiki (3.20100123) UNRELEASED; urgency=low
|
|||
alongside other authentication methods (like openid or anonok). Rather
|
||||
than always redirect to the cgiauthurl for authentication, there is now
|
||||
a button on the login form to use it.
|
||||
* httpauth: Add httpauth_pagespec setting that can be used to limit
|
||||
pages to only being edited via users authed with httpauth.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Tue, 26 Jan 2010 22:25:33 -0500
|
||||
|
||||
|
|
|
@ -24,3 +24,12 @@ A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi`
|
|||
into it. Then configure the web server to require authentication only for
|
||||
access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this
|
||||
symlink.
|
||||
|
||||
## using only httpauth for some pages
|
||||
|
||||
If you want to only use httpauth for editing some pages, while allowing
|
||||
other authentication methods to be used for other pages, you can
|
||||
configure `httpauth_pagespec` in the setup file. This makes Edit
|
||||
links on pages that match the [[ikiwiki/PageSpec]] automatically use
|
||||
the `cgiauthurl`, and prevents matching pages from being edited by
|
||||
users authentication via other methods.
|
||||
|
|
Loading…
Reference in New Issue