X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/359af8c197ae440ed4a979ab8486d3155f82e54e..30d3c052d49ab798fc0407be0a7d438c51b57aa7:/doc/todo/cas_authentication.mdwn?ds=sidebyside diff --git a/doc/todo/cas_authentication.mdwn b/doc/todo/cas_authentication.mdwn index 7e84b67e9..ed8010518 100644 --- a/doc/todo/cas_authentication.mdwn +++ b/doc/todo/cas_authentication.mdwn @@ -1,4 +1,4 @@ -[[!tag type/patch]] +[[!tag patch wishlist]] ikiwiki should support [Central Authentication Service](http://www.ja-sig.org/products/cas/) authentication in order to use @@ -14,6 +14,26 @@ follows) ? --[[/users/bbb]] +> Inline here is ok; git-am by mail is ok; a git repo I can pull from also +> ok. +> +> This looks pretty acceptable as-is, but you need to put a copyright and +> license statement at the top. I have a few questions that I'll insert +> inline with the patch below. --[[Joey]] + +>> I have made some corrections to this patch (my cas plugin) in order to use +>> IkiWiki 3.00 interface and take your comments into account. It should work +>> fine now. +>> +>> You can pull it from my git repo at +>> http://git.boulgour.com/bbb/ikiwiki.git/ and maybe add it to your main +>> repo. +>> +>> I will add GNU GPL copyright license statement as soon as I get some free +>> time. +>> +>> --[[/users/bbb]] + ------------------------------------------------------------------------------ diff --git a/IkiWiki/Plugin/cas.pm b/IkiWiki/Plugin/cas.pm new file mode 100644 @@ -29,26 +49,40 @@ follows) ? +use strict; +use IkiWiki 2.00; +use AuthCAS; # http://search.cpan.org/~osalaun/AuthCAS-1.3.1/ + +> In ikiwiki we generally deman-load perl modules only when they're used. +> This avoids loading expensive modules when the CGI isn't doing +> authentication. Can you do that with AuthCAS? Something like this before +> the use of it: `eval q{use AuthCAS}; error $@ if $@` + + - +sub import { #{{{ + +sub import { + hook(type => "getopt", id => "cas", call => \&getopt); + hook(type => "auth", id => "cas", call => \&auth); + hook(type => "formbuilder_setup", id => "cas", call => \&formbuilder_setup); - +} # }}} - + + +} + +> Could you please use tabs for indentation of program flow? + +# FIXME: We should check_config to ensure that : +# * cas_url and ca_file are present + +> Please fix that.. + +# * no other auth plugin are present (at least passwordauth and openid) - + - +sub getopt () { #{{{ + +> Why would you want to make other auth plugins not work? Could a site not +> legitimatly chose to use this and another auth method? + + +sub getopt () { + eval q{use Getopt::Long}; + error($@) if $@; + Getopt::Long::Configure('pass_through'); + GetOptions("cas_url=s" => \$config{cas_url}); + GetOptions("ca_file=s" => \$config{ca_file}); - +} #}}} + +} + - +sub auth ($$) { #{{{ + +sub auth ($$) { + my $q=shift; + my $session=shift; + @@ -77,11 +111,11 @@ follows) ? + error("CAS failure: ".&AuthCAS::get_errors()); + } + } - +} #}}} + +} + +# I use formbuilder_setup and not formbuilder type in order to bypass the +# Logout processing done in IkiWiki::CGI::cgi_prefs() - +sub formbuilder_setup (@) { #{{{ + +sub formbuilder_setup (@) { + my %params=@_; + + my $form=$params{form}; @@ -121,8 +155,8 @@ follows) ? --- /dev/null +++ b/doc/plugins/cas.mdwn @@ -0,0 +1,18 @@ - +[[!template id=plugin name=cas core=0 author="[[bbb]]"]] - +[[!tag type/auth]] + +[[ template id=plugin name=cas core=0 author="[[bbb]]"]] + +[[ tag type/auth]] + +This plugin allows users to use authentication offered by a +[JaSIG](http://www.ja-sig.org) [