2 # Ikiwiki email address as login
3 package IkiWiki::Plugin::emailauth;
10 hook(type => "getsetup", id => "emailauth", "call" => \&getsetup);
11 hook(type => "cgi", id => "emailauth", "call" => \&cgi);
12 hook(type => "formbuilder_setup", id => "emailauth", "call" => \&formbuilder_setup);
13 IkiWiki::loadplugin("loginselector");
14 IkiWiki::Plugin::loginselector::register_login_plugin(
31 description => "email address to send emailauth mails as (default: adminemail)",
37 sub email_setup ($$) {
44 sub email_check_input ($) {
46 defined $cgi->param('do')
47 && $cgi->param("do") eq "signin"
48 && defined $cgi->param('Email_entry')
49 && length $cgi->param('Email_entry');
52 # Send login link to email.
53 sub email_auth ($$$$) {
56 my $errordisplayer=shift;
57 my $infodisplayer=shift;
59 my $email=$cgi->param('Email_entry');
60 unless ($email =~ /.\@./) {
61 $errordisplayer->(gettext("Invalid email address."));
65 # Implicit account creation.
66 my $userinfo=IkiWiki::userinfo_retrieve();
67 if (! exists $userinfo->{$email} || ! ref $userinfo->{$email}) {
68 IkiWiki::userinfo_setall($email, {
74 my $token=gentoken($email, $session);
75 my $template=template("emailauth.tmpl");
77 wikiname => $config{wikiname},
78 # Intentionally using short field names to keep link short.
79 authurl => IkiWiki::cgiurl_abs_samescheme(
85 eval q{use Mail::Sendmail};
87 my $shorturl=$config{url};
88 $shorturl=~s/^https?:\/\///i;
89 my $emailauth_sender=$config{emailauth_sender};
90 $emailauth_sender=$config{adminemail} unless defined $emailauth_sender;
93 From => "$config{wikiname} admin <".
94 (defined $emailauth_sender ? $emailauth_sender : "")
96 Subject => "$config{wikiname} login | $shorturl",
97 Message => $template->output,
98 ) or error(gettext("Failed to send mail"));
100 $infodisplayer->(gettext("You have been sent an email, with a link you can open to complete the login process."));
103 # Finish login process.
107 my $email=$cgi->param('e');
108 my $v=$cgi->param('v');
109 if (defined $email && defined $v && length $email && length $v) {
110 my $token=gettoken($email);
113 my $session=getsession($email);
114 IkiWiki::cgi_postsignin($cgi, $session);
116 elsif (length $token ne length $cgi->param('v')) {
117 error(gettext("Wrong login token length. Please check that you pasted in the complete login link from the email!"));
125 sub formbuilder_setup (@) {
127 my $form=$params{form};
128 my $session=$params{session};
130 if ($form->title eq "preferences" &&
131 IkiWiki::emailuser($session->param("name"))) {
132 $form->field(name => "email", disabled => 1);
136 # Generates the token that will be used in the authurl to log the user in.
137 # This needs to be hard to guess, and relatively short. Generating a cgi
138 # session id will make it as hard to guess as any cgi session.
140 # Store token in userinfo; this allows the user to log in
141 # using a different browser session, if it takes a while for the
142 # email to get to them.
144 # The postsignin value from the session is also stored in the userinfo
145 # to allow resuming in a different browser session.
149 eval q{use CGI::Session};
151 my $token = CGI::Session->new("driver:DB_File", undef, {FileName => "/dev/null"})->id;
152 IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
153 IkiWiki::userinfo_set($email, "emailauth", $token);
154 IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
158 # Gets the token, checking for expiry.
161 my $val=IkiWiki::userinfo_get($email, "emailauth");
162 my $expire=IkiWiki::userinfo_get($email, "emailauthexpire");
163 if (! length $val || time > $expire) {
169 # Generate a session to use after successful login.
174 IkiWiki::loadindex();
175 my $session=IkiWiki::cgi_getsession();
177 my $postsignin=IkiWiki::userinfo_get($email, "emailauthpostsignin");
178 IkiWiki::userinfo_set($email, "emailauthpostsignin", "");
179 if (defined $postsignin && length $postsignin) {
180 $session->param(postsignin => $postsignin);
183 $session->param(name => $email);
186 $session->param(nickname => Encode::decode_utf8($nickname));
188 IkiWiki::cgi_savesession($session);
195 IkiWiki::userinfo_set($email, "emailauthexpire", 0);
196 IkiWiki::userinfo_set($email, "emailauth", "");
199 sub loginfailure () {
200 error "Bad email authentication token. Please retry login.";