X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/359af8c197ae440ed4a979ab8486d3155f82e54e..1888464a0d9de9cf4ac40c298924018437758aa2:/doc/todo/cas_authentication.mdwn diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index 7e84b67e9..8bf7042df 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,4 +1,4 @@ -[[!tag type/patch]] +[[!tag patch wishlist]] ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use @@ -14,6 +14,13 @@ follows) ? --[[/users/bbb]] +> Inline here is ok; git-am by mail is ok; a git repo I can pull from also +> ok. +> +> This looks pretty acceptable as-is, but you need to put a copyright and +> license statement at the top. I have a few questions that I'll insert +> inline with the patch below. --[[Joey]] + ------------------------------------------------------------------------------ diff --git a/IkiWiki/Plugin/cas.pm b/IkiWiki/Plugin/cas.pm new file mode 100644 @@ -29,26 +36,40 @@ follows) ? +use strict; +use IkiWiki 2.00; +use AuthCAS; # http://search.cpan.org/~osalaun/AuthCAS-1.3.1/ + +> In ikiwiki we generally deman-load perl modules only when they're used. +> This avoids loading expensive modules when the CGI isn't doing +> authentication. Can you do that with AuthCAS? Something like this before +> the use of it: `eval q{use AuthCAS}; error $@ if $@` + + - +sub import { #{{{ + +sub import { + hook(type => "getopt", id => "cas", call => \&getopt); + hook(type => "auth", id => "cas", call => \&auth); + hook(type => "formbuilder_setup", id => "cas", call => \&formbuilder_setup); - +} # }}} - + + +} + +> Could you please use tabs for indentation of program flow? + +# FIXME: We should check_config to ensure that : +# * cas_url and ca_file are present + +> Please fix that.. + +# * no other auth plugin are present (at least passwordauth and openid) - + - +sub getopt () { #{{{ + +> Why would you want to make other auth plugins not work? Could a site not +> legitimatly chose to use this and another auth method? + + +sub getopt () { + eval q{use Getopt::Long}; + error($@) if $@; + Getopt::Long::Configure('pass_through'); + GetOptions("cas_url=s" => \$config{cas_url}); + GetOptions("ca_file=s" => \$config{ca_file}); - +} #}}} + +} + - +sub auth ($$) { #{{{ + +sub auth ($$) { + my $q=shift; + my $session=shift; + @@ -77,11 +98,11 @@ follows) ? + error("CAS failure: ".&AuthCAS::get_errors()); + } + } - +} #}}} + +} + +# I use formbuilder_setup and not formbuilder type in order to bypass the +# Logout processing done in IkiWiki::CGI::cgi_prefs() - +sub formbuilder_setup (@) { #{{{ + +sub formbuilder_setup (@) { + my %params=@_; + + my $form=$params{form}; @@ -121,8 +142,8 @@ follows) ? --- /dev/null +++ b/doc/plugins/cas.mdwn @@ -0,0 +1,18 @@ - +[[!template id=plugin name=cas core=0 author="[[bbb]]"]] - +[[!tag type/auth]] + +[[ template id=plugin name=cas core=0 author="[[bbb]]"]] + +[[ tag type/auth]] + +This plugin allows users to use authentication offered by a +[JaSIG](http://www.ja-sig.org) [