]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blob - IkiWiki/Plugin/emailauth.pm
57100a2d74915c5c6537984b7b45e67e71abac07
[git.ikiwiki.info.git] / IkiWiki / Plugin / emailauth.pm
1 #!/usr/bin/perl
2 # Ikiwiki email address as login
3 package IkiWiki::Plugin::emailauth;
5 use warnings;
6 use strict;
7 use IkiWiki 3.00;
9 sub import {
10         hook(type => "getsetup", id => "emailauth", "call" => \&getsetup);
11         hook(type => "cgi", id => "cgi", "call" => \&cgi);
12         IkiWiki::loadplugin("loginselector");
13         IkiWiki::Plugin::loginselector::register_login_plugin(
14                 "emailauth",
15                 \&email_setup,
16                 \&email_check_input,
17                 \&email_auth,
18         );
19 }
21 sub getsetup () {
22         return
23                 plugin => {
24                         safe => 1,
25                         rebuild => 0,
26                         section => "auth",
27                 },
28 }
30 sub email_setup ($$) {
31         my $q=shift;
32         my $template=shift;
34         return 1;
35 }
37 sub email_check_input ($) {
38         my $cgi=shift;
39         defined $cgi->param('do')
40                 && $cgi->param("do") eq "signin"
41                 && defined $cgi->param('Email_entry')
42                 && length $cgi->param('Email_entry');
43 }
45 # Send login link to email.
46 sub email_auth ($$$$) {
47         my $cgi=shift;
48         my $session=shift;
49         my $errordisplayer=shift;
50         my $infodisplayer=shift;
52         my $email=$cgi->param('Email_entry');
53         unless ($email =~ /.\@./) {
54                 $errordisplayer->(gettext("Invalid email address."));
55                 return;
56         }
58         # Implicit account creation.
59         my $userinfo=IkiWiki::userinfo_retrieve();
60         if (! exists $userinfo->{$email} || ! ref $userinfo->{$email}) {
61                 IkiWiki::userinfo_setall($email, {
62                         'email' => $email,
63                         'regdate' => time,
64                 });
65         }
67         my $token=gentoken($email, $session);
68         my $template=template("emailauth.tmpl");
69         $template->param(
70                 wikiname => $config{wikiname},
71                 # Intentionally using short field names to keep link short.
72                 authurl => IkiWiki::cgiurl_abs(
73                         'e' => $email,
74                         'v' => $token,
75                 ),
76         );
77         
78         eval q{use Mail::Sendmail};
79         error($@) if $@;
80         sendmail(
81                 To => $email,
82                 From => "$config{wikiname} admin <".
83                         (defined $config{adminemail} ? $config{adminemail} : "")
84                         .">",
85                 Subject => "$config{wikiname} login",
86                 Message => $template->output,
87         ) or error(gettext("Failed to send mail"));
89         $infodisplayer->(gettext("You have been sent an email, with a link you can open to complete the login process."));
90 }
92 # Finish login process.
93 sub cgi ($$) {
94         my $cgi=shift;
96         my $email=$cgi->param('e');
97         my $v=$cgi->param('v');
98         if (defined $email && defined $v && length $email && length $v) {
99                 my $token=gettoken($email);
100                 if ($token eq $v) {
101                         cleartoken($email);
102                         my $session=getsession($email);
103                         IkiWiki::cgi_postsignin($cgi, $session);
104                 }
105                 elsif (length $token ne length $cgi->param('v')) {
106                         error(gettext("Wrong login token length. Please check that you pasted in the complete login link from the email!"));
107                 }
108                 else {
109                         loginfailure();
110                 }
111         }
114 # Generates the token that will be used in the authurl to log the user in.
115 # This needs to be hard to guess, and relatively short. Generating a cgi
116 # session id will make it as hard to guess as any cgi session.
118 # Store token in userinfo; this allows the user to log in
119 # using a different browser session, if it takes a while for the
120 # email to get to them.
122 # The postsignin value from the session is also stored in the userinfo
123 # to allow resuming in a different browser session.
124 sub gentoken ($$) {
125         my $email=shift;
126         my $session=shift;
127         eval q{use CGI::Session};
128         error($@) if $@;
129         my $token = CGI::Session->new->id;
130         IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
131         IkiWiki::userinfo_set($email, "emailauth", $token);
132         IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
133         return $token;
136 # Gets the token, checking for expiry.
137 sub gettoken ($) {
138         my $email=shift;
139         my $val=IkiWiki::userinfo_get($email, "emailauth");
140         my $expire=IkiWiki::userinfo_get($email, "emailauthexpire");
141         if (! length $val || time > $expire) {
142                 loginfailure();
143         }
144         return $val;
147 # Generate a session to use after successful login.
148 sub getsession ($) {
149         my $email=shift;
151         IkiWiki::lockwiki();
152         IkiWiki::loadindex();
153         my $session=IkiWiki::cgi_getsession();
155         my $postsignin=IkiWiki::userinfo_get($email, "emailauthpostsignin");
156         IkiWiki::userinfo_set($email, "emailauthpostsignin", "");
157         if (defined $postsignin && length $postsignin) {
158                 $session->param(postsignin => $postsignin);
159         }
161         $session->param(name => $email);
162         my $nickname=$email;
163         $nickname=~s/@.*//;
164         $session->param(nickname => Encode::decode_utf8($nickname));
166         IkiWiki::cgi_savesession($session);
168         return $session;
171 sub cleartoken ($) {
172         my $email=shift;
173         IkiWiki::userinfo_set($email, "emailauthexpire", 0);
174         IkiWiki::userinfo_set($email, "emailauth", "");
177 sub loginfailure () {
178         error "Bad email authentication token. Please retry login.";