aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/passwordauth.pm
Commit message (Collapse)AuthorAge
* passwordauth: Don't allow registering accounts that look like openids.Joey Hess2015-05-14
| | | | | Also prohibit @ in account names, in case the file regexp was relaxed to allow it.
* avoid showing password prefs for emailauth userJoey Hess2015-05-13
|
* allow users to subscribe to comments w/o registeringJoey Hess2012-04-02
| | | | | | | | | | Technically, when the user does this, a passwordless account is created for them. The notify mails include a login url, and once logged in that way, the user can enter a password to get a regular account (although one with an annoying username). This all requires the passwordauth plugin is enabled. A future enhancement could be to split the passwordless user concept out into a separate plugin.
* support do=tokenauth login for passwordless accountsJoey Hess2012-04-02
|
* passwordauth: Fix url in password recovery email to be absolute.Joey Hess2012-04-02
| | | | | This got broken when cgiurl began often returning a relative url. Added a cgiurl_abs for the things that need a guaranteed absolute cgiurl.
* add support for a passwordless login tokenJoey Hess2012-04-02
| | | | | | | | | The plan is to use this for accounts that are created implicitly, as when a non-logged-in user subscribes to notifyemail. Such an account has no password, and login can be accomplished by way of a url that is sent to them in email. When the user sets a password, the passwordless login token is disabled.
* fix another undef/"" confusionJoey Hess2012-03-28
|
* stop using REMOTE_ADDRJoey Hess2010-06-23
| | | | | | | | | | | Everywhere that REMOTE_ADDR was used, a session object is available, so instead use its remote_addr method. In IkiWiki::Receive, stop setting a dummy REMOTE_ADDR. Note that it's possible for a session cookie to be obtained using one IP address, and then used from another IP. In this case, the first IP will now be used. I think that should be ok.
* fix uninitialized value warningJoey Hess2010-04-20
| | | | | | $cgi->params('do') may not be defined. The CSRF code may delete all cgi params. This uninitalized value was introduced when do=register support was added recently.
* Group related plugins into sections in the setup file, and drop unused rcs ↵Joey Hess2010-02-11
| | | | plugins from the setup file.
* factor out a userpage functionJoey Hess2010-02-04
| | | | Not yet exported, as only 4 quite core plugins use it.
* Add link to userpage (or creation link) to top of preferences page.Joey Hess2010-02-04
|
* typoJoey Hess2010-02-04
|
* Improve display of openid in preferences page.Joey Hess2010-02-04
| | | | | | | | | Now that openiduser is in IkiWiki core, it's ok to have passwordauth check for it, and avoid displaying useless password fields when showing preferences for an openid. Also improved the styling of the display of the openid in the preferneces page.
* Allow jumping directly into account registration process by going to ↵Joey Hess2010-02-04
| | | | ikiwiki.cgi?do=register
* Disable the Preferences link if no plugin with an auth hook is enabled.Joey Hess2009-06-09
|
* finalise version 3.00 of the plugin apiJoey Hess2008-12-23
|
* Coding style change: Remove explcit vim folding markers.Joey Hess2008-12-17
|
* add plugin safe/rebuild info (part 2 of 3)Joey Hess2008-08-03
| | | | (brain.. melting..)
* remove default values in getsetupJoey Hess2008-07-26
| | | | | They were a bit confusing, since they did not actually set the default, and example values are sufficient.
* typoJoey Hess2008-07-26
|
* adminemail may be undefinedJoey Hess2008-07-26
|
* allow account_creation_password to not be definedJoey Hess2008-07-26
|
* added getsetup hooks for all plugins up to recentchangesJoey Hess2008-07-25
|
* hashed password support, and empty password security fixJoey Hess2008-05-30
| | | | | | | This implements the previously documented hashed password support. While implementing that, I noticed a security hole, which this commit also fixes..
* * Change formbuilder hook to not be responsible for displaying a form,Joey Hess2007-12-12
| | | | | | so that more than one plugin can use this hook. I believe this is a safe change, since only passwordauth uses this hook. (If some other plugin already used it, it would have broken passwordauth!)
* * Fix some bugs in password handling:joey2007-05-17
| | | | | | - If the password is empty in preferences, don't clear the existing password. - Actually check the confirm password field, even if it's left empty.
* * Add an account-creation password as a simple anti-spam mechanism. Ifjoshtriplett2007-05-09
| | | | | set in the wiki setup, passwordauth will require the password in order to create an account.
* * Fix a bug that prevented clearing email or subscriptions.joey2007-04-30
|
* correct size of name field in initial login form (same size as password)joey2007-04-30
|
* Revert passwordauth fieldset and doc to avoid 2.0 regressions; need to ↵joshtriplett2007-04-30
| | | | re-evaluate after 2.0.
* * Group passwordauth fields with a fieldset as well. Add a newjoshtriplett2007-04-30
| | | | | | | | passwordauth page to the basewiki describing password authentication; like openid, it uses conditional to check which forms of authentication the wiki allows. Add conditional cross- links between the openid and passwordauth pages, to help the user understand how they can log in.
* I don't think this comment adds muchjoey2007-04-29
|
* * Use fieldsets in the preferences form to group related options together.joey2007-04-29
| | | | Especially cleans up the ordering of the admin's preferences form.
* * pagespec_match() has changed to take named parameters, to better allowjoey2007-04-27
| | | | | | | | | for extended pagespecs. The old calling convention will still work for back-compat for now. * The calling convention for functions in the IkiWiki::PageSpec namespace has changed so they are passed named parameters. * Plugin interface version increased to 2.00 since I don't anticipate any more interface changes before 2.0.
* * Many changes to make ikiwiki very resistant to write failuresjoey2007-02-15
| | | | | | | | including out of disk space situations. ikiwiki should never leave truncated files, and if the error occurs during a web-based file edit, the user will be given an opportunity to retry. Inspired by the many ways Moin Moin destroys itself when out of disk. :-) * Fix syslogging of errors.
* missing IkiWiki::joey2007-02-03
|
* * Add canedit hook, allowing arbitrary controls over when a page can bejoey2007-02-02
| | | | | | | | | | | | | edited. * Move code forcing signing before edit to a new "signinedit" plugin, and code checking for locked pages into a new "lockedit" plugin. Both are enabled by default. * Remove the anonok config setting. This is now implemented by a new "anonok" plugin. Anyone with a wiki allowing anonymous edits should change their configs to enable this new plugin. * Add an opendiscussion plugin that allows anonymous users to edit discussion pages, on a wiki that is otherwise wouldn't allow it. * Lots of CGI code reorg and cleanup.
* * Initial work on internationalization of the program code. po/ikiwiki.potjoey2006-12-29
| | | | | is available for translation. * Export gettext() from IkiWiki module.
* bugfixenjoey2006-11-22
|
* addjoey2006-11-20