aboutsummaryrefslogtreecommitdiff
path: root/IkiWiki/Plugin/httpauth.pm
blob: 76d574b2a899df7e77cb71f2a4f27ee078e76b43 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/usr/bin/perl
# HTTP basic auth plugin.
package IkiWiki::Plugin::httpauth;

use warnings;
use strict;
use IkiWiki 3.00;

sub import {
	hook(type => "checkconfig", id => "httpauth", call => \&checkconfig);
	hook(type => "getsetup", id => "httpauth", call => \&getsetup);
	hook(type => "auth", id => "httpauth", call => \&auth);
	hook(type => "formbuilder_setup", id => "httpauth",
		call => \&formbuilder_setup);
	hook(type => "canedit", id => "httpauth", call => \&canedit,
		first => 1);
}

sub getsetup () {
	return
		plugin => {
			safe => 1,
			rebuild => 0,
			section => "auth",
		},
		cgiauthurl => {
			type => "string",
			example => "http://example.com/wiki/auth/ikiwiki.cgi",
			description => "url to redirect to when authentication is needed",
			safe => 1,
			rebuild => 0,
		},
		httpauth_pagespec => {
			type => "pagespec",
			example => "!*/Discussion",
			description => "PageSpec of pages where only httpauth will be used for authentication",
			safe => 0,
			rebuild => 0,
		},
}

sub checkconfig () {
	if ($config{cgi} && defined $config{cgiauthurl} &&
	    keys %{$IkiWiki::hooks{auth}} < 2) {
		# There are no other auth hooks registered, so avoid
		# the normal signin form, and jump right to httpauth.
		require IkiWiki::CGI;
		inject(name => "IkiWiki::cgi_signin", call => sub ($$) {
			my $cgi=shift;
			redir_cgiauthurl($cgi, $cgi->query_string());
		});
	}
}
			
sub redir_cgiauthurl ($;@) {
	my $cgi=shift;

	IkiWiki::redirect($cgi, 
		@_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
		       : $config{cgiauthurl}."?@_"
	);
	exit;
}

sub auth ($$) {
	my $cgi=shift;
	my $session=shift;

	if (defined $cgi->remote_user()) {
		$session->param("name", $cgi->remote_user());
	}
}

sub formbuilder_setup (@) {
	my %params=@_;

	my $form=$params{form};
	my $session=$params{session};
	my $cgi=$params{cgi};
	my $buttons=$params{buttons};

	if ($form->title eq "signin" &&
	    ! defined $cgi->remote_user() && defined $config{cgiauthurl}) {
		my $button_text="Login with HTTP auth";
		push @$buttons, $button_text;

		if ($form->submitted && $form->submitted eq $button_text) {
			# bounce thru cgiauthurl and then back to
			# the stored postsignin action
			redir_cgiauthurl($cgi, do => "postsignin");
		}
	}
}

sub canedit ($$$) {
	my $page=shift;
	my $cgi=shift;
	my $session=shift;

	if (! defined $cgi->remote_user() &&
	    (! defined $session->param("name") ||
             ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
	    defined $config{httpauth_pagespec} &&
	    length $config{httpauth_pagespec} &&
	    defined $config{cgiauthurl} &&
	    pagespec_match($page, $config{httpauth_pagespec})) {
		return sub {
			# bounce thru cgiauthurl and back to edit action
			redir_cgiauthurl($cgi, $cgi->query_string());
		};
	}
	else {
		return undef;
	}
}

1