openid: Add openid_realm and openid_cgiurl configuration options, useful in a few...

diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm
index e10e21f4d6f9eed60be8cfa8650b9ddf9391b1a6..57cb139cae5b82509a59f4300b5d11e03ff9640e 100644 (file)
--- a/IkiWiki/Plugin/openid.pm
+++ b/IkiWiki/Plugin/openid.pm
@@ -40,6 +40,18 @@ sub getsetup () {
                        rebuild => 0,
                        section => "auth",
                },
+               openid_realm => {
+                       type => "string",
+                       description => "url of openid realm (default is cgiurl)",
+                       safe => 0,
+                       rebuild => 0,
+               },
+               openid_cgiurl => {
+                       type => "string",
+                       description => "url to ikiwiki cgi to use for openid authentication (default is cgiurl)",
+                       safe => 0,
+                       rebuild => 0,
+               },
 }
 
 sub openid_selector {
@@ -135,9 +147,15 @@ sub validate ($$$;$) {
                );
        }
 
+       my $cgiurl=$config{openid_cgiurl};
+       $cgiurl=$config{cgiurl} if ! defined $cgiurl;
+
+       my $trust_root=$config{openid_realm};
+       $trust_root=$cgiurl if ! defined $trust_root;
+
        my $check_url = $claimed_identity->check_url(
-               return_to => IkiWiki::cgiurl(do => "postsignin"),
-               trust_root => $config{cgiurl},
+               return_to => "$cgiurl?do=postsignin",
+               trust_root => $trust_root,
                delayed_return => 1,
        );
        # Redirect the user to the OpenID server, which will
@@ -220,12 +238,15 @@ sub getobj ($$) {
                $secret=rand;
                $session->param(openid_secret => $secret);
        }
+       
+       my $cgiurl=$config{openid_cgiurl};
+       $cgiurl=$config{cgiurl} if ! defined $cgiurl;
 
        return Net::OpenID::Consumer->new(
                ua => $ua,
                args => $q,
                consumer_secret => sub { return shift()+$secret },
-               required_root => $config{cgiurl},
+               required_root => $cgiurl,
        );
 }
 

diff --git a/debian/changelog b/debian/changelog
index 01307db550a1a054b163ae2563975236db4dbc1d..9a6b1361ca1792e26c7a2c50db15b683ee5a433d 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ikiwiki (3.20100611) UNRELEASED; urgency=low
+
+  * openid: Add openid_realm and openid_cgiurl configuration options,
+    useful in a few edge case setups.
+
+ -- Joey Hess <joeyh@debian.org>  Fri, 11 Jun 2010 13:39:15 -0400
+
 ikiwiki (3.20100610) unstable; urgency=low
 
   * creation_day() etc use local time, not gmtime. To match calendars, which

diff --git a/doc/plugins/openid.mdwn b/doc/plugins/openid.mdwn
index 7da2f85759099a340486eb09c438ce00980401b1..3fb4c26b82983d2e99bcff24f6ef6677327f6a01 100644 (file)
--- a/doc/plugins/openid.mdwn
+++ b/doc/plugins/openid.mdwn
@@ -13,3 +13,19 @@ to support users entering "https" OpenID urls.
 
 This plugin is enabled by default, but can be turned off if you want to
 only use some other form of authentication, such as [[passwordauth]].
+
+## options
+
+These options do not normally need to be set, but can be useful in
+certian setups.
+
+* `openid_realm` can be used to control the scope of the openid request.
+  It defaults to the `cgiurl` (or `openid_cgiurl` if set); only allowing
+  ikiwiki's [[CGI]] to authenticate. If you have multiple ikiwiki instances,
+  or other things using openid on the same site, you may choose to put them
+  all in the same realm to improve the user's openid experience.
+
+* `openid_cgiurl` can be used to cause a different than usual `cgiurl`
+  to be used when doing openid authentication. The `openid_cgiurl` must
+  point to an ikiwiki [[CGI]], and it will need to match the `openid_realm`
+  to work.