summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2009-11-10 00:50:59 -0500
committerJoey Hess <joey@gnu.kitenet.net>2009-11-10 00:50:59 -0500
commit92a6f2e5e88b513ceaa1b9083ddbf6e928122893 (patch)
tree83be70ed008f9b5c8ae548d38dc256686b2c9757
parent7dc357a6db55873d02a52ab7fbc451e5192fa5cb (diff)
httpauth: Add cgiauthurl setting that can be used to do http basic auth only when ikiwiki needs authentication, rather than for any access to the cgi/wiki.
-rw-r--r--IkiWiki/Plugin/httpauth.pm11
-rw-r--r--debian/changelog3
-rw-r--r--doc/plugins/httpauth.mdwn24
3 files changed, 34 insertions, 4 deletions
diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm
index 1816c9d74..bbfff859a 100644
--- a/IkiWiki/Plugin/httpauth.pm
+++ b/IkiWiki/Plugin/httpauth.pm
@@ -17,6 +17,13 @@ sub getsetup () {
safe => 1,
rebuild => 0,
},
+ cgiauthurl => {
+ type => "string",
+ example => "ttp://example.com/wiki/auth/ikiwiki.cgi",
+ description => "url to redirect to when authentication is needed",
+ safe => 1,
+ rebuild => 0,
+ },
}
sub auth ($$) {
@@ -26,6 +33,10 @@ sub auth ($$) {
if (defined $cgi->remote_user()) {
$session->param("name", $cgi->remote_user());
}
+ elsif (defined $config{cgiauthurl}) {
+ IkiWiki::redirect($cgi, $config{cgiauthurl}.'?'.$cgi->query_string());
+ exit;
+ }
}
1
diff --git a/debian/changelog b/debian/changelog
index 4ab63f175..1a703b11f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,9 @@ ikiwiki (3.20091032) UNRELEASED; urgency=low
or sidebar.
* localstyle: New plugin, allows overrding the toplevel local.css
with one that is closer to a page.
+ * httpauth: Add cgiauthurl setting that can be used to do http basic auth
+ only when ikiwiki needs authentication, rather than for any access to
+ the cgi/wiki.
-- Joey Hess <joeyh@debian.org> Fri, 06 Nov 2009 12:04:29 -0500
diff --git a/doc/plugins/httpauth.mdwn b/doc/plugins/httpauth.mdwn
index 11ed223e7..77796a3d7 100644
--- a/doc/plugins/httpauth.mdwn
+++ b/doc/plugins/httpauth.mdwn
@@ -2,8 +2,24 @@
[[!tag type/auth]]
This plugin allows HTTP basic authentication to be used to log into the
-wiki. To use the plugin, your web server should be set up to perform HTTP
-basic authentiation for at least the directory containing `ikiwiki.cgi`.
-The authenticated user will be automatically signed into the wiki.
+wiki.
-This plugin is included in ikiwiki, but is not enabled by default.
+## fully authenticated wiki
+
+One way to use the plugin is to configure your web server to require
+HTTP basic authentication for any access to the directory containing the
+wiki (and `ikiwiki.cgi`). The authenticated user will be automatically
+signed into the wiki. This method is suitable only for private wikis.
+
+## separate cgiauthurl
+
+To use httpauth for a wiki where the content is public, and where
+the `ikiwiki.cgi` needs to be usable without authentication (for searching
+and so on), you can configure a separate url that is used for
+authentication, via the `cgiauthurl` option in the setup file. This
+url will then be redirected to whenever authentication is needed.
+
+A typical setup is to make an `auth` subdirectory, and symlink `ikiwiki.cgi`
+into it. Then configure the web server to require authentication only for
+access to the `auth` subdirectory. Then `cgiauthurl` is pointed at this
+symlink.