Commit Graph

41 Commits (2020bd88a50efef6522a0b08a6abec2ccb1f7b65)

Author SHA1 Message Date
Joey Hess 85a529db3d passwordauth: Don't allow registering accounts that look like openids.
Also prohibit @ in account names, in case the file regexp was relaxed to
allow it.
2015-05-14 10:57:56 -04:00
Joey Hess 497513e737 avoid showing password prefs for emailauth user 2015-05-13 23:24:07 -04:00
Joey Hess c885ec66e0 allow users to subscribe to comments w/o registering
Technically, when the user does this, a passwordless account is created
for them. The notify mails include a login url, and once logged in that
way, the user can enter a password to get a regular account (although
one with an annoying username).

This all requires the passwordauth plugin is enabled. A future enhancement
could be to split the passwordless user concept out into a separate plugin.
2012-04-02 13:45:39 -04:00
Joey Hess c16b1e638e support do=tokenauth login for passwordless accounts 2012-04-02 12:29:13 -04:00
Joey Hess f9e96b0c32 passwordauth: Fix url in password recovery email to be absolute.
This got broken when cgiurl began often returning a relative url.
Added a cgiurl_abs for the things that need a guaranteed absolute cgiurl.
2012-04-02 12:24:14 -04:00
Joey Hess 1d1ef20034 add support for a passwordless login token
The plan is to use this for accounts that are created implicitly, as when
a non-logged-in user subscribes to notifyemail. Such an account has no
password, and login can be accomplished by way of a url that is sent to
them in email.

When the user sets a password, the passwordless login token is disabled.
2012-04-02 12:17:07 -04:00
Joey Hess c0e5a0f1aa fix another undef/"" confusion 2012-03-28 16:47:37 -04:00
Joey Hess 4292802ee5 stop using REMOTE_ADDR
Everywhere that REMOTE_ADDR was used, a session object is available, so
instead use its remote_addr method.

In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR.

Note that it's possible for a session cookie to be obtained using one IP
address, and then used from another IP. In this case, the first IP will now
be used. I think that should be ok.
2010-06-23 16:35:51 -04:00
Joey Hess 93cf1db7b9 fix uninitialized value warning
$cgi->params('do') may not be defined. The CSRF code may delete all
cgi params. This uninitalized value was introduced when do=register
support was added recently.
2010-04-20 17:21:50 -04:00
Joey Hess a63929f6cc Group related plugins into sections in the setup file, and drop unused rcs plugins from the setup file. 2010-02-11 22:24:15 -05:00
Joey Hess 8380a9d000 factor out a userpage function
Not yet exported, as only 4 quite core plugins use it.
2010-02-04 18:24:15 -05:00
Joey Hess a2e78ebcf2 Add link to userpage (or creation link) to top of preferences page. 2010-02-04 15:30:41 -05:00
Joey Hess 68f7be91e5 typo 2010-02-04 15:10:55 -05:00
Joey Hess b547170a96 Improve display of openid in preferences page.
Now that openiduser is in IkiWiki core, it's ok to have passwordauth check
for it, and avoid displaying useless password fields when showing
preferences for an openid.

Also improved the styling of the display of the openid in the preferneces
page.
2010-02-04 15:07:10 -05:00
Joey Hess 345b40c652 Allow jumping directly into account registration process by going to ikiwiki.cgi?do=register 2010-02-04 14:51:56 -05:00
Joey Hess 48a5f9f2d8 Disable the Preferences link if no plugin with an auth hook is enabled. 2009-06-09 15:39:00 -04:00
Joey Hess 678d467a40 finalise version 3.00 of the plugin api 2008-12-23 16:34:19 -05:00
Joey Hess bb93fccf06 Coding style change: Remove explcit vim folding markers. 2008-12-17 15:22:16 -05:00
Joey Hess 39195de96e add plugin safe/rebuild info (part 2 of 3)
(brain.. melting..)
2008-08-03 17:20:21 -04:00
Joey Hess 42ac4ec009 remove default values in getsetup
They were a bit confusing, since they did not actually set the default, and
example values are sufficient.
2008-07-26 21:07:15 -04:00
Joey Hess cd029da493 typo 2008-07-26 14:56:10 -04:00
Joey Hess 26db34e1d6 adminemail may be undefined 2008-07-26 14:54:50 -04:00
Joey Hess c2507d33cb allow account_creation_password to not be defined 2008-07-26 14:02:36 -04:00
Joey Hess 1f8b0460c3 added getsetup hooks for all plugins up to recentchanges 2008-07-25 18:05:55 -04:00
Joey Hess e943812dc9 hashed password support, and empty password security fix
This implements the previously documented hashed password support.

While implementing that, I noticed a security hole, which this commit
also fixes..
2008-05-30 17:35:34 -04:00
Joey Hess 4745391360 * Change formbuilder hook to not be responsible for displaying a form,
so that more than one plugin can use this hook.
  I believe this is a safe change, since only passwordauth uses this hook.
  (If some other plugin already used it, it would have broken passwordauth!)
2007-12-12 03:15:30 -05:00
joey 739325834b * Fix some bugs in password handling:
- If the password is empty in preferences, don't clear the existing
    password.
  - Actually check the confirm password field, even if it's left empty.
2007-05-17 08:06:05 +00:00
joshtriplett b8d7ae91d0 * Add an account-creation password as a simple anti-spam mechanism. If
set in the wiki setup, passwordauth will require the password in
  order to create an account.
2007-05-09 02:05:32 +00:00
joey 9026ae05c2 * Fix a bug that prevented clearing email or subscriptions. 2007-04-30 21:32:24 +00:00
joey f46c35f46f correct size of name field in initial login form (same size as password) 2007-04-30 21:10:14 +00:00
joshtriplett fafaa119cf Revert passwordauth fieldset and doc to avoid 2.0 regressions; need to re-evaluate after 2.0. 2007-04-30 04:08:06 +00:00
joshtriplett 40365e1aee * Group passwordauth fields with a fieldset as well. Add a new
passwordauth page to the basewiki describing password
  authentication; like openid, it uses conditional to check which
  forms of authentication the wiki allows.  Add conditional cross-
  links between the openid and passwordauth pages, to help the user
  understand how they can log in.
2007-04-30 02:26:50 +00:00
joey 64f798786e I don't think this comment adds much 2007-04-29 22:18:02 +00:00
joey 93c6d2c340 * Use fieldsets in the preferences form to group related options together.
Especially cleans up the ordering of the admin's preferences form.
2007-04-29 21:57:25 +00:00
joey ee1ad53c4c * pagespec_match() has changed to take named parameters, to better allow
for extended pagespecs. The old calling convention will still work for
  back-compat for now.
* The calling convention for functions in the IkiWiki::PageSpec namespace
  has changed so they are passed named parameters.
* Plugin interface version increased to 2.00 since I don't anticipate any
  more interface changes before 2.0.
2007-04-27 02:55:52 +00:00
joey d4c61b7281 * Many changes to make ikiwiki very resistant to write failures
including out of disk space situations. ikiwiki should never leave
  truncated files, and if the error occurs during a web-based file edit,
  the user will be given an opportunity to retry.
  Inspired by the many ways Moin Moin destroys itself when out of disk. :-)
* Fix syslogging of errors.
2007-02-15 02:22:08 +00:00
joey 762ecf9461 missing IkiWiki:: 2007-02-03 02:07:03 +00:00
joey 5f162cfd34 * Add canedit hook, allowing arbitrary controls over when a page can be
edited.
* Move code forcing signing before edit to a new "signinedit" plugin, and
  code checking for locked pages into a new "lockedit" plugin. Both are 
  enabled by default.
* Remove the anonok config setting. This is now implemented by a new
  "anonok" plugin. Anyone with a wiki allowing anonymous edits should
  change their configs to enable this new plugin.
* Add an opendiscussion plugin that allows anonymous users to edit
  discussion pages, on a wiki that is otherwise wouldn't allow it.
* Lots of CGI code reorg and cleanup.
2007-02-02 02:33:03 +00:00
joey 912521ef07 * Initial work on internationalization of the program code. po/ikiwiki.pot
is available for translation.
* Export gettext() from IkiWiki module.
2006-12-29 04:38:40 +00:00
joey 4a40b5f9d5 bugfixen 2006-11-22 04:26:44 +00:00
joey c24be1b752 add 2006-11-20 20:55:37 +00:00