From 046095552ac231366d71a3c7a84bdc6d46662212 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Thu, 11 Feb 2010 17:26:09 -0500 Subject: [PATCH 1/1] httpauth: When cgiauthurl is configured, httpauth can now be used alongside other authentication methods (like openid or anonok). Rather than always redirect to the cgiauthurl for authentication, there is now a button on the login form to use it. --- IkiWiki/Plugin/httpauth.pm | 35 +++++++++++++++++++++++++++---- IkiWiki/Plugin/openid.pm | 2 +- debian/changelog | 4 ++++ doc/bugs/anonok_vs._httpauth.mdwn | 2 ++ doc/plugins/httpauth.mdwn | 9 ++++---- 5 files changed, 43 insertions(+), 9 deletions(-) diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm index a18f8ca54..d0d4da0b7 100644 --- a/IkiWiki/Plugin/httpauth.pm +++ b/IkiWiki/Plugin/httpauth.pm @@ -11,6 +11,8 @@ sub import { hook(type => "auth", id => "httpauth", call => \&auth); hook(type => "canedit", id => "httpauth", call => \&canedit, last => 1); + hook(type => "formbuilder_setup", id => "httpauth", + call => \&formbuilder_setup); } sub getsetup () { @@ -27,6 +29,14 @@ sub getsetup () { rebuild => 0, }, } + +sub redir_cgiauthurl ($$) { + my $cgi=shift; + my $params=shift; + + IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$params); + exit; +} sub auth ($$) { my $cgi=shift; @@ -43,14 +53,31 @@ sub canedit ($$$) { my $session=shift; if (! defined $cgi->remote_user() && defined $config{cgiauthurl}) { - return sub { - IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$cgi->query_string()); - exit; - }; + return sub { redir_cgiauthurl($cgi, $cgi->query_string()) }; } else { return undef; } } +sub formbuilder_setup (@) { + my %params=@_; + + my $form=$params{form}; + my $session=$params{session}; + my $cgi=$params{cgi}; + my $buttons=$params{buttons}; + + if ($form->title eq "signin" && + ! defined $cgi->remote_user() && defined $config{cgiauthurl}) { + my $button_text="Login with HTTP auth"; + push @$buttons, $button_text; + + if ($form->submitted && $form->submitted eq $button_text) { + redir_cgiauthurl($cgi, "do=postsignin"); + exit; + } + } +} + 1 diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm index b60740c0e..382d8286f 100644 --- a/IkiWiki/Plugin/openid.pm +++ b/IkiWiki/Plugin/openid.pm @@ -56,7 +56,7 @@ sub formbuilder_setup (@) { # OpenID fieldset. $form->fieldsets("OpenID"); - $form->field( + $form->field( name => "openid_url", label => gettext("Log in with")." ".htmllink("", "", "ikiwiki/OpenID", noimageinline => 1), fieldset => "OpenID", diff --git a/debian/changelog b/debian/changelog index 358a5dc5c..3dd68558e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -15,6 +15,10 @@ ikiwiki (3.20100123) UNRELEASED; urgency=low * Fix color and format plugins to appear in the websetup interface. * amazon_s3: Fix to support the EU S3 datacenter, which is more picky about attempts to create already existing buckets. + * httpauth: When cgiauthurl is configured, httpauth can now be used + alongside other authentication methods (like openid or anonok). Rather + than always redirect to the cgiauthurl for authentication, there is now + a button on the login form to use it. -- Joey Hess Tue, 26 Jan 2010 22:25:33 -0500 diff --git a/doc/bugs/anonok_vs._httpauth.mdwn b/doc/bugs/anonok_vs._httpauth.mdwn index b738e3b6c..bff37e18b 100644 --- a/doc/bugs/anonok_vs._httpauth.mdwn +++ b/doc/bugs/anonok_vs._httpauth.mdwn @@ -114,3 +114,5 @@ index 127c321..a18f8ca 100644 >> time that httpauth is redirecting to the cgiauthurl. As mentioned above, >> the only way to deal with that would be to add a link to the signin page >> that does the httpauth signin. --[[Joey]] + +>>> That's dealt with in final version. [[done]] --[[Joey]] diff --git a/doc/plugins/httpauth.mdwn b/doc/plugins/httpauth.mdwn index 77796a3d7..a7aac558b 100644 --- a/doc/plugins/httpauth.mdwn +++ b/doc/plugins/httpauth.mdwn @@ -14,10 +14,11 @@ signed into the wiki. This method is suitable only for private wikis. ## separate cgiauthurl To use httpauth for a wiki where the content is public, and where -the `ikiwiki.cgi` needs to be usable without authentication (for searching -and so on), you can configure a separate url that is used for -authentication, via the `cgiauthurl` option in the setup file. This -url will then be redirected to whenever authentication is needed. +the `ikiwiki.cgi` needs to be usable without authentication (for searching, +or logging in using other methods, and so on), you can configure a separate +url that is used for authentication, via the `cgiauthurl` option in the setup +file. This url will then be redirected to when a user chooses to log in using +httpauth. A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi` into it. Then configure the web server to require authentication only for -- 2.39.5