2 # Ikiwiki email address as login
3 package IkiWiki::Plugin::emailauth;
10 hook(type => "getsetup", id => "emailauth", "call" => \&getsetup);
11 hook(type => "cgi", id => "cgi", "call" => \&cgi);
12 IkiWiki::loadplugin("loginselector");
13 IkiWiki::Plugin::loginselector::register_login_plugin(
30 sub email_setup ($$) {
37 sub email_check_input ($) {
39 defined $cgi->param('do')
40 && $cgi->param("do") eq "signin"
41 && defined $cgi->param('Email_entry')
42 && length $cgi->param('Email_entry');
45 # Send login link to email.
46 sub email_auth ($$$$) {
49 my $errordisplayer=shift;
50 my $infodisplayer=shift;
52 my $email=$cgi->param('Email_entry');
53 unless ($email =~ /.\@./) {
54 $errordisplayer->(gettext("Invalid email address."));
58 # Implicit account creation.
59 my $userinfo=IkiWiki::userinfo_retrieve();
60 if (! exists $userinfo->{$email} || ! ref $userinfo->{$email}) {
61 IkiWiki::userinfo_setall($email, {
67 my $token=gentoken($email, $session);
68 my $template=template("emailauth.tmpl");
70 wikiname => $config{wikiname},
71 # Intentionally using short field names to keep link short.
72 authurl => IkiWiki::cgiurl_abs(
78 eval q{use Mail::Sendmail};
82 From => "$config{wikiname} admin <".
83 (defined $config{adminemail} ? $config{adminemail} : "")
85 Subject => "$config{wikiname} login",
86 Message => $template->output,
87 ) or error(gettext("Failed to send mail"));
89 $infodisplayer->(gettext("You have been sent an email, with a link you can open to complete the login process."));
92 # Finish login process.
96 my $email=$cgi->param('e');
97 my $v=$cgi->param('v');
98 if (defined $email && defined $v && length $email && length $v) {
99 my $token=gettoken($email);
102 my $session=getsession($email);
103 IkiWiki::cgi_postsignin($cgi, $session);
105 elsif (length $token ne length $cgi->param('v')) {
106 error(gettext("Wrong login token length. Please check that you pasted in the complete login link from the email!"));
114 # Generates the token that will be used in the authurl to log the user in.
115 # This needs to be hard to guess, and relatively short. Generating a cgi
116 # session id will make it as hard to guess as any cgi session.
118 # Store token in userinfo; this allows the user to log in
119 # using a different browser session, if it takes a while for the
120 # email to get to them.
122 # The postsignin value from the session is also stored in the userinfo
123 # to allow resuming in a different browser session.
127 eval q{use CGI::Session};
129 my $token = CGI::Session->new->id;
130 IkiWiki::userinfo_set($email, "emailauthexpire", time+(60*60*24));
131 IkiWiki::userinfo_set($email, "emailauth", $token);
132 IkiWiki::userinfo_set($email, "emailauthpostsignin", defined $session->param("postsignin") ? $session->param("postsignin") : "");
136 # Gets the token, checking for expiry.
139 my $val=IkiWiki::userinfo_get($email, "emailauth");
140 my $expire=IkiWiki::userinfo_get($email, "emailauthexpire");
141 if (! length $val || time > $expire) {
147 # Generate a session to use after successful login.
152 IkiWiki::loadindex();
153 my $session=IkiWiki::cgi_getsession();
155 my $postsignin=IkiWiki::userinfo_get($email, "emailauthpostsignin");
156 IkiWiki::userinfo_set($email, "emailauthpostsignin", "");
157 if (defined $postsignin && length $postsignin) {
158 $session->param(postsignin => $postsignin);
161 $session->param(name => $email);
164 $session->param(nickname => Encode::decode_utf8($nickname));
166 IkiWiki::cgi_savesession($session);
173 IkiWiki::userinfo_set($email, "emailauthexpire", 0);
174 IkiWiki::userinfo_set($email, "emailauth", "");
177 sub loginfailure () {
178 error "Bad email authentication token. Please retry login.";