X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/54cf5a62cab254e923c8d73ae8bd043a1f33c3b1..02c1b8b8c77a58b1f5b3575a3f0d8ed58117e041:/IkiWiki/Plugin/httpauth.pm

diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm
index 336eb793a..041eaebc9 100644
--- a/IkiWiki/Plugin/httpauth.pm
+++ b/IkiWiki/Plugin/httpauth.pm
@@ -4,19 +4,114 @@ package IkiWiki::Plugin::httpauth;
 
 use warnings;
 use strict;
-use IkiWiki;
+use IkiWiki 3.00;
 
-sub import { #{{{
-	hook(type => "auth", id => "skeleton", call => \&auth);
-} # }}}
+sub import {
+	hook(type => "checkconfig", id => "httpauth", call => \&checkconfig);
+	hook(type => "getsetup", id => "httpauth", call => \&getsetup);
+	hook(type => "auth", id => "httpauth", call => \&auth);
+	hook(type => "formbuilder_setup", id => "httpauth",
+		call => \&formbuilder_setup);
+	hook(type => "canedit", id => "httpauth", call => \&canedit,
+		first => 1);
+}
 
-sub auth ($$) { #{{{
+sub getsetup () {
+	return
+		plugin => {
+			safe => 1,
+			rebuild => 0,
+			section => "auth",
+		},
+		cgiauthurl => {
+			type => "string",
+			example => "http://example.com/wiki/auth/ikiwiki.cgi",
+			description => "url to redirect to when authentication is needed",
+			safe => 1,
+			rebuild => 0,
+		},
+		httpauth_pagespec => {
+			type => "pagespec",
+			example => "!*/Discussion",
+			description => "PageSpec of pages where only httpauth will be used for authentication",
+			safe => 0,
+			rebuild => 0,
+		},
+}
+
+sub checkconfig () {
+	if ($config{cgi} && defined $config{cgiauthurl} &&
+	    keys %{$IkiWiki::hooks{auth}} < 2) {
+		# There are no other auth hooks registered, so avoid
+		# the normal signin form, and jump right to httpauth.
+		require IkiWiki::CGI;
+		inject(name => "IkiWiki::cgi_signin", call => sub ($$) {
+			my $cgi=shift;
+			redir_cgiauthurl($cgi, $cgi->query_string());
+		});
+	}
+}
+			
+sub redir_cgiauthurl ($;@) {
+	my $cgi=shift;
+
+	IkiWiki::redirect($cgi, 
+		@_ > 1 ? IkiWiki::cgiurl(cgiurl => $config{cgiauthurl}, @_)
+		       : $config{cgiauthurl}."?@_"
+	);
+	exit;
+}
+
+sub auth ($$) {
 	my $cgi=shift;
 	my $session=shift;
 
-	if (defined $cgi->remote_user()) {
+	if (length $cgi->remote_user()) {
 		$session->param("name", $cgi->remote_user());
 	}
-} #}}}
+}
+
+sub formbuilder_setup (@) {
+	my %params=@_;
+
+	my $form=$params{form};
+	my $session=$params{session};
+	my $cgi=$params{cgi};
+	my $buttons=$params{buttons};
+
+	if ($form->title eq "signin" &&
+	    ! length $cgi->remote_user() && defined $config{cgiauthurl}) {
+		my $button_text="Login with HTTP auth";
+		push @$buttons, $button_text;
+
+		if ($form->submitted && $form->submitted eq $button_text) {
+			# bounce thru cgiauthurl and then back to
+			# the stored postsignin action
+			redir_cgiauthurl($cgi, do => "postsignin");
+		}
+	}
+}
+
+sub canedit ($$$) {
+	my $page=shift;
+	my $cgi=shift;
+	my $session=shift;
+
+	if (! length $cgi->remote_user() &&
+	    (! defined $session->param("name") ||
+             ! IkiWiki::userinfo_get($session->param("name"), "regdate")) &&
+	    defined $config{httpauth_pagespec} &&
+	    length $config{httpauth_pagespec} &&
+	    defined $config{cgiauthurl} &&
+	    pagespec_match($page, $config{httpauth_pagespec})) {
+		return sub {
+			# bounce thru cgiauthurl and back to edit action
+			redir_cgiauthurl($cgi, $cgi->query_string());
+		};
+	}
+	else {
+		return undef;
+	}
+}
 
 1