From 475b4199e1624350b928a002fe83033ee3389b31 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 11 Jun 2010 13:53:56 -0400 Subject: [PATCH] openid: Add openid_realm and openid_cgiurl configuration options, useful in a few edge case setups. --- IkiWiki/Plugin/openid.pm | 27 ++++++++++++++++++++++++--- debian/changelog | 7 +++++++ doc/plugins/openid.mdwn | 16 ++++++++++++++++ 3 files changed, 47 insertions(+), 3 deletions(-) diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm index e10e21f4d..57cb139ca 100644 --- a/IkiWiki/Plugin/openid.pm +++ b/IkiWiki/Plugin/openid.pm @@ -40,6 +40,18 @@ sub getsetup () { rebuild => 0, section => "auth", }, + openid_realm => { + type => "string", + description => "url of openid realm (default is cgiurl)", + safe => 0, + rebuild => 0, + }, + openid_cgiurl => { + type => "string", + description => "url to ikiwiki cgi to use for openid authentication (default is cgiurl)", + safe => 0, + rebuild => 0, + }, } sub openid_selector { @@ -135,9 +147,15 @@ sub validate ($$$;$) { ); } + my $cgiurl=$config{openid_cgiurl}; + $cgiurl=$config{cgiurl} if ! defined $cgiurl; + + my $trust_root=$config{openid_realm}; + $trust_root=$cgiurl if ! defined $trust_root; + my $check_url = $claimed_identity->check_url( - return_to => IkiWiki::cgiurl(do => "postsignin"), - trust_root => $config{cgiurl}, + return_to => "$cgiurl?do=postsignin", + trust_root => $trust_root, delayed_return => 1, ); # Redirect the user to the OpenID server, which will @@ -220,12 +238,15 @@ sub getobj ($$) { $secret=rand; $session->param(openid_secret => $secret); } + + my $cgiurl=$config{openid_cgiurl}; + $cgiurl=$config{cgiurl} if ! defined $cgiurl; return Net::OpenID::Consumer->new( ua => $ua, args => $q, consumer_secret => sub { return shift()+$secret }, - required_root => $config{cgiurl}, + required_root => $cgiurl, ); } diff --git a/debian/changelog b/debian/changelog index 01307db55..9a6b1361c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +ikiwiki (3.20100611) UNRELEASED; urgency=low + + * openid: Add openid_realm and openid_cgiurl configuration options, + useful in a few edge case setups. + + -- Joey Hess Fri, 11 Jun 2010 13:39:15 -0400 + ikiwiki (3.20100610) unstable; urgency=low * creation_day() etc use local time, not gmtime. To match calendars, which diff --git a/doc/plugins/openid.mdwn b/doc/plugins/openid.mdwn index 7da2f8575..3fb4c26b8 100644 --- a/doc/plugins/openid.mdwn +++ b/doc/plugins/openid.mdwn @@ -13,3 +13,19 @@ to support users entering "https" OpenID urls. This plugin is enabled by default, but can be turned off if you want to only use some other form of authentication, such as [[passwordauth]]. + +## options + +These options do not normally need to be set, but can be useful in +certian setups. + +* `openid_realm` can be used to control the scope of the openid request. + It defaults to the `cgiurl` (or `openid_cgiurl` if set); only allowing + ikiwiki's [[CGI]] to authenticate. If you have multiple ikiwiki instances, + or other things using openid on the same site, you may choose to put them + all in the same realm to improve the user's openid experience. + +* `openid_cgiurl` can be used to cause a different than usual `cgiurl` + to be used when doing openid authentication. The `openid_cgiurl` must + point to an ikiwiki [[CGI]], and it will need to match the `openid_realm` + to work. -- 2.39.5