From d8d994b07c616e6f4891289aef0abcc4a8a6015e Mon Sep 17 00:00:00 2001 From: "http://www.openidfrance.fr/beaufils" Date: Sun, 20 Jul 2008 19:44:34 -0400 Subject: --- doc/todo/cas_authentication.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 doc/todo/cas_authentication.mdwn (limited to 'doc/todo') diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn new file mode 100644 index 000000000..73c0965ca --- /dev/null +++ b/doc/todo/cas_authentication.mdwn @@ -0,0 +1,7 @@ +ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use this SSO mechanism very popular in universities web services. + +I have already written a first draft plugin supporting that authentication mechanism. + +What is the best way to submit it to you ? + +--[[/users/bbb]] -- cgit v1.2.3 From 1a9ae3b241cfca845d238730e992fe02216cbac5 Mon Sep 17 00:00:00 2001 From: "http://www.openidfrance.fr/beaufils" Date: Sun, 20 Jul 2008 20:25:37 -0400 Subject: --- doc/todo/cas_authentication.mdwn | 142 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 139 insertions(+), 3 deletions(-) (limited to 'doc/todo') diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index 73c0965ca..5adbe1c39 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,7 +1,143 @@ -ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use this SSO mechanism very popular in universities web services. +[[!tag patch]] -I have already written a first draft plugin supporting that authentication mechanism. +ikiwiki should support [Central Authentication +Service](http://www.ja-sig.org/products/cas/) authentication in order to use +this SSO mechanism very popular in +universities web services. -What is the best way to submit it to you ? +I have already written a first draft plugin supporting that authentication +mechanism. It works for me with my university CAS service. I did not try it +with other CAS server but it do not see any reason why it should not work. + +What is the best way to submit it to you (just in case it can help my patch +follows) ? --[[/users/bbb]] + +------------------------------------------------------------------------------ + diff --git a/IkiWiki/Plugin/cas.pm b/IkiWiki/Plugin/cas.pm + new file mode 100644 + index 0000000..ea189df + --- /dev/null + +++ b/IkiWiki/Plugin/cas.pm + @@ -0,0 +1,94 @@ + +#!/usr/bin/perl + +# JaSIG CAS support by Bruno Beaufils + +package IkiWiki::Plugin::cas; + + + +use warnings; + +use strict; + +use IkiWiki 2.00; + +use AuthCAS; # http://search.cpan.org/~osalaun/AuthCAS-1.3.1/ + + + +sub import { #{{{ + + hook(type => "getopt", id => "cas", call => \&getopt); + + hook(type => "auth", id => "cas", call => \&auth); + + hook(type => "formbuilder_setup", id => "cas", call => \&formbuilder_setup); + +} # }}} + + + +# FIXME: We should check_config to ensure that : + +# * cas_url and ca_file are present + +# * no other auth plugin are present (at least passwordauth and openid) + + + +sub getopt () { #{{{ + + eval q{use Getopt::Long}; + + error($@) if $@; + + Getopt::Long::Configure('pass_through'); + + GetOptions("cas_url=s" => \$config{cas_url}); + + GetOptions("ca_file=s" => \$config{ca_file}); + +} #}}} + + + +sub auth ($$) { #{{{ + + my $q=shift; + + my $session=shift; + + + + my $cas = new AuthCAS(casUrl => $config{'cas'}{'cas_url'}, + + CAFile => $config{'cas'}{'ca_file'}); + + + + my $service = $config{'cgiurl'}; + + my $ticket = $q->param('ticket'); + + + + unless (defined($ticket)) { + + $service .= "?$ENV{QUERY_STRING}"; + + my $login_url = $cas->getServerLoginURL($service); + + debug("CAS: asking a Service Ticket for service $service"); + + IkiWiki::redirect($q, $login_url); + + exit 0; + + } else { + + $service = $service . "?$ENV{QUERY_STRING}"; + + $service =~ s/\&ticket=$ticket//; + + my $user = $cas->validateST($service, $ticket); + + if (defined $user) { + + debug("CAS: validating a Service Ticket ($ticket) for service $service"); + + $session->param(name=>$user); + + $session->param(CASservice=>$service); + + IkiWiki::cgi_savesession($session); + + } else { + + error("CAS failure: ".&AuthCAS::get_errors()); + + } + + } + +} #}}} + + + +# I use formbuilder_setup and not formbuilder type in order to bypass the + +# Logout processing done in IkiWiki::CGI::cgi_prefs() + +sub formbuilder_setup (@) { #{{{ + + my %params=@_; + + + + my $form=$params{form}; + + my $session=$params{session}; + + my $cgi=$params{cgi}; + + my $buttons=$params{buttons}; + + + + my $cas = new AuthCAS(casUrl => $config{'cas'}{'cas_url'}, + + CAFile => $config{'cas'}{'ca_file'}); + + + + if ($form->title eq "preferences") { + + # Show the login + + if (! defined $form->field(name => "name")) { + + $form->field(name => "CAS ID", + + disabled => 1, + + value => $session->param("name"), + + size => 50, + + force => 1, + + fieldset => "login"); + + } + + + + # Force a logout if asked + + if ($form->submitted && $form->submitted eq 'Logout') + + { + + debug("CAS: asking to remove the Ticket Grant Cookie"); + + IkiWiki::redirect($cgi, $cas->getServerLogoutURL($config{'url'})); + + $session->delete(); + + exit 0; + + } + + } + +} + + + +1 + diff --git a/doc/plugins/cas.mdwn b/doc/plugins/cas.mdwn + new file mode 100644 + index 0000000..2f2f53e + --- /dev/null + +++ b/doc/plugins/cas.mdwn + @@ -0,0 +1,18 @@ + +[[!template id=plugin name=cas core=0 author="[[bbb]]"]] + +[[!tag type/auth]] + + + +This plugin allows users to use authentication offered by a + +[JaSIG](http://www.ja-sig.org) [CAS](http://www.ja-sig.org/products/cas/) server to log + +into the wiki. + + + +The plugin needs the [[!cpan AuthCAS-1.3.1]] perl module. + + + +This plugin has two mandatory configuration option. You **must** set `--cas_url` + +to the url of a server offering CAS 2.0 authentication. You must also set the + +`--ca_file` to an absolute path to the file containing CA certificates used by + +the server (generally, aka under Debian, fixing that value to + +`/etc/ssl/certs/ca-certificates.crt` is sufficient). + + + +This plugin is not enabled by default. It can not be used with other + +authentication plugin, such as [[passwordauth]] or [[openid]]. + +------------------------------------------------------------------------------ -- cgit v1.2.3 From 359af8c197ae440ed4a979ab8486d3155f82e54e Mon Sep 17 00:00:00 2001 From: "http://www.openidfrance.fr/beaufils" Date: Sun, 20 Jul 2008 20:29:29 -0400 Subject: --- doc/todo/cas_authentication.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/todo') diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index 5adbe1c39..7e84b67e9 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,4 +1,4 @@ -[[!tag patch]] +[[!tag type/patch]] ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use -- cgit v1.2.3 From 45388ed356a3e7b88632bbf0f245527f36c43710 Mon Sep 17 00:00:00 2001 From: "http://www.openidfrance.fr/beaufils" Date: Sun, 20 Jul 2008 20:32:28 -0400 Subject: --- doc/todo/cas_authentication.mdwn | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'doc/todo') diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index 7e84b67e9..1129b06ce 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,4 +1,4 @@ -[[!tag type/patch]] +[[!tag patch type/auth]] ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use @@ -121,8 +121,8 @@ follows) ? --- /dev/null +++ b/doc/plugins/cas.mdwn @@ -0,0 +1,18 @@ - +[[!template id=plugin name=cas core=0 author="[[bbb]]"]] - +[[!tag type/auth]] + +[[ template id=plugin name=cas core=0 author="[[bbb]]"]] + +[[ tag type/auth]] + +This plugin allows users to use authentication offered by a +[JaSIG](http://www.ja-sig.org) [ Date: Sun, 20 Jul 2008 20:36:27 -0400 Subject: --- doc/todo/cas_authentication.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/todo') diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index fbfb5f7b0..ab523001c 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,4 +1,4 @@ -[[!tag patch]] +[[!tag patch wishlist]] ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use -- cgit v1.2.3 From a74158e717a41ec14348764d181d619aa7629fec Mon Sep 17 00:00:00 2001 From: "http://harningt.eharning.us/" Date: Sun, 20 Jul 2008 23:52:43 -0400 Subject: Comment about implementation questions to add WMD for Wysiwym markdown editor --- doc/todo/Add_showdown_GUI_input__47__edit.mdwn | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'doc/todo') diff --git a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn index a3db94bdd..56797696e 100644 --- a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn +++ b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn @@ -18,3 +18,12 @@ A demo is at >> be worthwhile to consider this option again? It seems to have a companion >> product (wmd) with formatting widgets and a live preview pane, that is >> promised to be MIT licensed as of the next release.... --Chapman Flack + +>>> What sort of integration would be needed to put in WMD? +>>> It looks like it would need to be aware of some plugin/wikiword behavior +>>> ... perhaps taking a Wikiword and making it appear like a link in preview, but +>>> with a different style (perhaps diff color/font). For plugin commands, +>>> applying a 'real' preview would probably be difficult, so it'd probably +>>> be necessary to insert some sort of placeholder, perhaps by outputting +>>> the text in monospace form w/ a lighter font to denote that it won't +>>> directly be shown in the page... -- cgit v1.2.3 From 375f7e53513fcd3bd37e58243f5a1eda3705b435 Mon Sep 17 00:00:00 2001 From: "http://harningt.eharning.us/" Date: Mon, 21 Jul 2008 01:56:07 -0400 Subject: -- fix attr --- doc/todo/Add_showdown_GUI_input__47__edit.mdwn | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/todo') diff --git a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn index 56797696e..e864f5351 100644 --- a/doc/todo/Add_showdown_GUI_input__47__edit.mdwn +++ b/doc/todo/Add_showdown_GUI_input__47__edit.mdwn @@ -26,4 +26,4 @@ A demo is at >>> applying a 'real' preview would probably be difficult, so it'd probably >>> be necessary to insert some sort of placeholder, perhaps by outputting >>> the text in monospace form w/ a lighter font to denote that it won't ->>> directly be shown in the page... +>>> directly be shown in the page... -- [[harningt]] -- cgit v1.2.3 From 6153fd6d88fd41ee12a850652a6903a17ae9edda Mon Sep 17 00:00:00 2001 From: "http://www.cse.unsw.edu.au/~willu/" Date: Mon, 21 Jul 2008 06:26:20 -0400 Subject: Thoughts on example setup file --- doc/todo/Make_example_setup_file_consistent.mdwn | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 doc/todo/Make_example_setup_file_consistent.mdwn (limited to 'doc/todo') diff --git a/doc/todo/Make_example_setup_file_consistent.mdwn b/doc/todo/Make_example_setup_file_consistent.mdwn new file mode 100644 index 000000000..c4157816e --- /dev/null +++ b/doc/todo/Make_example_setup_file_consistent.mdwn @@ -0,0 +1,22 @@ +The current example [[ikiwiki.setup]] file has a number of options included, but commented out. This is standard. Unfortunately there are two standards for the settings of those commented out options: + + - Have the commented out options showing the default setting, or + - Have the commented out options showing the most common alternate setting. + +Each of these has its advantages. The first makes it clear what the default setting is. The second makes it easy to switch the option on -- you just uncomment the option. + +My issue with ikiwiki's example setup file is that it doesn't appear to be consistent. Looking at the 'svn' entries (the first set of rcs entries), we see that + + svnpath => "trunk", + +is an example of the first type, but + + rcs => "svn", + +is an example of the second type. + +I think things could be improved if a clear decision was made here. Most of the settings seem to be of the second type. Perhaps all that is needed is for settings of the first type to grow a comment: + + svnpath => "trunk", #default + +What do others think? -- cgit v1.2.3