aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2010-02-11 18:25:10 -0500
committerJoey Hess <joey@gnu.kitenet.net>2010-02-11 18:25:10 -0500
commite11876b7003c700fbc3717ca9c5af5aac3b72ac2 (patch)
treeeb291262b9ad7ca99a3092eb251de63ffc6a21bc
parent046095552ac231366d71a3c7a84bdc6d46662212 (diff)
downloadikiwiki-e11876b7003c700fbc3717ca9c5af5aac3b72ac2.tar
ikiwiki-e11876b7003c700fbc3717ca9c5af5aac3b72ac2.tar.gz
httpauth: Add httpauth_pagespec setting that can be used to limit pages to only being edited via users authed with httpauth.
-rw-r--r--IkiWiki.pm7
-rw-r--r--IkiWiki/Plugin/httpauth.pm75
-rw-r--r--debian/changelog2
-rw-r--r--doc/plugins/httpauth.mdwn9
4 files changed, 72 insertions, 21 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 2a0132745..de7dbfc79 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -941,7 +941,12 @@ sub linkpage ($) {
sub cgiurl (@) {
my %params=@_;
- return $config{cgiurl}."?".
+ my $cgiurl=$config{cgiurl};
+ if (exists $params{cgiurl}) {
+ $cgiurl=$params{cgiurl};
+ delete $params{cgiurl};
+ }
+ return $cgiurl."?".
join("&amp;", map $_."=".uri_escape_utf8($params{$_}), keys %params);
}
diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm
index d0d4da0b7..202ca1153 100644
--- a/IkiWiki/Plugin/httpauth.pm
+++ b/IkiWiki/Plugin/httpauth.pm
@@ -9,10 +9,10 @@ use IkiWiki 3.00;
sub import {
hook(type => "getsetup", id => "httpauth", call => \&getsetup);
hook(type => "auth", id => "httpauth", call => \&auth);
- hook(type => "canedit", id => "httpauth", call => \&canedit,
- last => 1);
hook(type => "formbuilder_setup", id => "httpauth",
call => \&formbuilder_setup);
+ hook(type => "canedit", id => "httpauth", call => \&canedit);
+ hook(type => "pagetemplate", id => "httpauth", call => \&pagetemplate);
}
sub getsetup () {
@@ -28,13 +28,20 @@ sub getsetup () {
safe => 1,
rebuild => 0,
},
+ httpauth_pagespec => {
+ type => "pagespec",
+ example => "!*/Discussion",
+ description => "PageSpec of pages where only httpauth will be used for authentication",
+ safe => 0,
+ rebuild => 0,
+ },
}
-sub redir_cgiauthurl ($$) {
+sub redir_cgiauthurl ($;@) {
my $cgi=shift;
- my $params=shift;
- IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params);
+ IkiWiki::redirect($cgi,
+ IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_));
exit;
}
@@ -47,19 +54,6 @@ sub auth ($$) {
}
}
-sub canedit ($$$) {
- my $page=shift;
- my $cgi=shift;
- my $session=shift;
-
- if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
- return sub { redir_cgiauthurl($cgi, $cgi->query_string()) };
- }
- else {
- return undef;
- }
-}
-
sub formbuilder_setup (@) {
my %params=@_;
@@ -74,10 +68,51 @@ sub formbuilder_setup (@) {
push @$buttons, $button_text;
if ($form->submitted && $form->submitted eq $button_text) {
- redir_cgiauthurl($cgi, "do=postsignin");
- exit;
+ # bounce thru cgiauthurl and then back to
+ # the stored postsignin action
+ redir_cgiauthurl($cgi, do => "postsignin");
}
}
}
+sub test_httpauth_pagespec ($) {
+ my $page=shift;
+
+ return defined $config{httpauth_pagespec} &&
+ length $config{httpauth_pagespec} &&
+ defined $config{cgiauthurl} &&
+ pagespec_match($page, $config{httpauth_pagespec});
+}
+
+sub canedit ($$$) {
+ my $page=shift;
+ my $cgi=shift;
+ my $session=shift;
+
+ if (! defined $cgi->remote_user() && test_httpauth_pagespec($page)) {
+ return sub {
+ IkiWiki::redirect($cgi,
+ $config{cgiauthurl}.'?'.$cgi->query_string());
+ exit;
+ };
+ }
+ else {
+ return undef;
+ }
+}
+
+sub pagetemplate (@_) {
+ my %params=@_;
+ my $template=$params{template};
+
+ if ($template->param("editurl") &&
+ test_httpauth_pagespec($params{page})) {
+ # go directly to cgiauthurl when editing a page matching
+ # the pagespec
+ $template->param(editurl => IkiWiki::cgiurl(
+ cgiurl => $config{cgiauthurl},
+ do => "edit", page => $params{page}));
+ }
+}
+
1
diff --git a/debian/changelog b/debian/changelog
index 3dd68558e..14be7ec69 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -19,6 +19,8 @@ ikiwiki (3.20100123) UNRELEASED; urgency=low
alongside other authentication methods (like openid or anonok). Rather
than always redirect to the cgiauthurl for authentication, there is now
a button on the login form to use it.
+ * httpauth: Add httpauth_pagespec setting that can be used to limit
+ pages to only being edited via users authed with httpauth.
-- Joey Hess <joeyh@debian.org> Tue, 26 Jan 2010 22:25:33 -0500
diff --git a/doc/plugins/httpauth.mdwn b/doc/plugins/httpauth.mdwn
index a7aac558b..0eda5554f 100644
--- a/doc/plugins/httpauth.mdwn
+++ b/doc/plugins/httpauth.mdwn
@@ -24,3 +24,12 @@ A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi`
into it. Then configure the web server to require authentication only for
access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this
symlink.
+
+## using only httpauth for some pages
+
+If you want to only use httpauth for editing some pages, while allowing
+other authentication methods to be used for other pages, you can
+configure `httpauth_pagespec` in the setup file. This makes Edit
+links on pages that match the [[ikiwiki/PageSpec]] automatically use
+the `cgiauthurl`, and prevents matching pages from being edited by
+users authentication via other methods.