Merge branch 'master' of ssh://git.ikiwiki.info/srv/git/ikiwiki.info

3 files changed, 174 insertions, 0 deletions

diff --git a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn
index a3db94bdd..e864f5351 100644
--- a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn
+++ b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn
@@ -18,3 +18,12 @@ A demo is at <http://www.attacklab.net/showdown-gui.html>
 >> be worthwhile to consider this option again? It seems to have a companion
 >> product (wmd) with formatting widgets and a live preview pane, that is
 >> promised to be MIT licensed as of the next release.... --Chapman Flack
+
+>>> What sort of integration would be needed to put in WMD?
+>>> It looks like it would need to be aware of some plugin/wikiword behavior
+>>> ... perhaps taking a Wikiword and making it appear like a link in preview, but
+>>> with a different style (perhaps diff color/font).  For plugin commands,
+>>> applying a 'real' preview would probably be difficult, so it'd probably
+>>> be necessary to insert some sort of placeholder, perhaps by outputting
+>>> the text in monospace form w/ a lighter font to denote that it won't
+>>> directly be shown in the page... -- [[harningt]]
diff --git a/doc/todo/Make_example_setup_file_consistent.mdwn b/doc/todo/Make_example_setup_file_consistent.mdwn
new file mode 100644
index 000000000..c4157816e
--- /dev/null
+++ b/doc/todo/Make_example_setup_file_consistent.mdwn
@@ -0,0 +1,22 @@
+The current example [[ikiwiki.setup]] file has a number of options included, but commented out.  This is standard.  Unfortunately there are two standards for the settings of those commented out options:
+
+  - Have the commented out options showing the default setting, or
+  - Have the commented out options showing the most common alternate setting.
+
+Each of these has its advantages.  The first makes it clear what the default setting is.  The second makes it easy to switch the option on -- you just uncomment the option.
+
+My issue with ikiwiki's example setup file is that it doesn't appear to be consistent.  Looking at the 'svn' entries (the first set of rcs entries), we see that
+
+    svnpath => "trunk",
+
+is an example of the first type, but 
+
+    rcs => "svn",
+
+is an example of the second type.
+
+I think things could be improved if a clear decision was made here.  Most of the settings seem to be of the second type.  Perhaps all that is needed is for settings of the first type to grow a comment:
+
+    svnpath => "trunk",        #default
+
+What do others think?
diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn
new file mode 100644
index 000000000..ab523001c
--- /dev/null
+++ b/doc/todo/cas_authentication.mdwn
@@ -0,0 +1,143 @@
+[[!tag patch wishlist]]
+
+ikiwiki should support [Central Authentication
+Service](http://www.ja-sig.org/products/cas/) authentication in order to use
+this <acronym title='Single Sign On'>SSO</acronym> mechanism very popular in
+universities web services.
+
+I have already written a first draft plugin supporting that authentication
+mechanism. It works for me with my university CAS service. I did not try it
+with other CAS server but it do not see any reason why it should not work.
+
+What is the best way to submit it to you (just in case it can help my patch
+follows) ?
+
+--[[/users/bbb]]
+
+------------------------------------------------------------------------------
+    diff --git a/IkiWiki/Plugin/cas.pm b/IkiWiki/Plugin/cas.pm
+    new file mode 100644
+    index 0000000..ea189df
+    --- /dev/null
+    +++ b/IkiWiki/Plugin/cas.pm
+    @@ -0,0 +1,94 @@
+    +#!/usr/bin/perl
+    +# JaSIG CAS support by Bruno Beaufils <bruno@boulgour.com>
+    +package IkiWiki::Plugin::cas;
+    +
+    +use warnings;
+    +use strict;
+    +use IkiWiki 2.00;
+    +use AuthCAS;                  # http://search.cpan.org/~osalaun/AuthCAS-1.3.1/
+    +
+    +sub import { #{{{
+    +    hook(type => "getopt", id => "cas", call => \&getopt);
+    +    hook(type => "auth", id => "cas", call => \&auth);
+    +    hook(type => "formbuilder_setup", id => "cas", call => \&formbuilder_setup);
+    +} # }}}
+    +
+    +# FIXME: We should check_config to ensure that :
+    +# * cas_url and ca_file are present
+    +# * no other auth plugin are present (at least passwordauth and openid)
+    +
+    +sub getopt () { #{{{
+    +    eval q{use Getopt::Long};
+    +    error($@) if $@;
+    +    Getopt::Long::Configure('pass_through');
+    +    GetOptions("cas_url=s" => \$config{cas_url});
+    +    GetOptions("ca_file=s" => \$config{ca_file});
+    +} #}}}
+    +
+    +sub auth ($$) { #{{{
+    +    my $q=shift;
+    +    my $session=shift;
+    +
+    +    my $cas = new AuthCAS(casUrl => $config{'cas'}{'cas_url'},
+    +                          CAFile => $config{'cas'}{'ca_file'});
+    +
+    +    my $service = $config{'cgiurl'};
+    +    my $ticket = $q->param('ticket');
+    +
+    +    unless (defined($ticket)) {
+    +        $service .= "?$ENV{QUERY_STRING}";
+    +        my $login_url = $cas->getServerLoginURL($service);
+    +        debug("CAS: asking a Service Ticket for service $service");
+    +        IkiWiki::redirect($q, $login_url);
+    +        exit 0;
+    +    } else {
+    +        $service = $service . "?$ENV{QUERY_STRING}";
+    +        $service =~ s/\&ticket=$ticket//;
+    +        my $user = $cas->validateST($service, $ticket);
+    +        if (defined $user) {
+    +            debug("CAS: validating a Service Ticket ($ticket) for service $service");
+    +            $session->param(name=>$user);
+    +            $session->param(CASservice=>$service);
+    +            IkiWiki::cgi_savesession($session);
+    +        } else {
+    +            error("CAS failure: ".&AuthCAS::get_errors());
+    +        }
+    +    }
+    +} #}}}
+    +
+    +# I use formbuilder_setup and not formbuilder type in order to bypass the
+    +# Logout processing done in IkiWiki::CGI::cgi_prefs()
+    +sub formbuilder_setup (@) { #{{{
+    +    my %params=@_;
+    +    
+    +    my $form=$params{form};
+    +    my $session=$params{session};
+    +    my $cgi=$params{cgi};
+    +    my $buttons=$params{buttons};
+    +
+    +    my $cas = new AuthCAS(casUrl => $config{'cas'}{'cas_url'},
+    +                          CAFile => $config{'cas'}{'ca_file'});
+    +
+    +    if ($form->title eq "preferences") {
+    +        # Show the login
+    +        if (! defined $form->field(name => "name")) {
+    +            $form->field(name => "CAS ID",
+    +                         disabled => 1,
+    +                         value => $session->param("name"), 
+    +                         size => 50,
+    +                         force => 1,
+    +                         fieldset => "login");
+    +        }
+    +        
+    +        # Force a logout if asked
+    +        if ($form->submitted && $form->submitted eq 'Logout')
+    +        {
+    +            debug("CAS: asking to remove the Ticket Grant Cookie");
+    +            IkiWiki::redirect($cgi, $cas->getServerLogoutURL($config{'url'}));
+    +            $session->delete();
+    +            exit 0;
+    +        }
+    +    }
+    +}
+    +
+    +1
+    diff --git a/doc/plugins/cas.mdwn b/doc/plugins/cas.mdwn
+    new file mode 100644
+    index 0000000..2f2f53e
+    --- /dev/null
+    +++ b/doc/plugins/cas.mdwn
+    @@ -0,0 +1,18 @@
+    +[[ template id=plugin name=cas core=0 author="[[bbb]]"]]
+    +[[ tag type/auth]]
+    +
+    +This plugin allows users to use authentication offered by a
+    +[JaSIG](http://www.ja-sig.org) [<acronym title='Central Authentication
+    +Service'>CAS</acronym>](http://www.ja-sig.org/products/cas/) server to log
+    +into the wiki.
+    +
+    +The plugin needs the [[!cpan AuthCAS-1.3.1]] perl module.
+    +
+    +This plugin has two mandatory configuration option. You **must** set `--cas_url`
+    +to the url of a server offering CAS 2.0 authentication. You must also set the
+    +`--ca_file` to an absolute path to the file containing CA certificates used by
+    +the server (generally, aka under Debian, fixing that value to
+    +`/etc/ssl/certs/ca-certificates.crt` is sufficient).
+    +
+    +This plugin is not enabled by default. It can not be used with other
+    +authentication plugin, such as [[passwordauth]] or [[openid]].
+
+------------------------------------------------------------------------------