diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-11-20 01:52:18 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-11-20 01:52:18 +0000 |
| commit | 54cf5a62cab254e923c8d73ae8bd043a1f33c3b1 (patch) | |
| tree | bc30fa8f0ec7070eadb5dace8e9743272f742ba2 /IkiWiki/Plugin/openid.pm | |
| parent | ad01bcd8b49deed11f602c43d1da8235280d5d6b (diff) | |
* Make auth methods pluggable.
* Move httpauth support to a plugin.
* Add an openid plugin to support logging in using OpenID.
Diffstat (limited to 'IkiWiki/Plugin/openid.pm')
| -rw-r--r-- | IkiWiki/Plugin/openid.pm | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm new file mode 100644 index 000000000..55b1c4b17 --- /dev/null +++ b/IkiWiki/Plugin/openid.pm @@ -0,0 +1,101 @@ +#!/usr/bin/perl +# OpenID support. +package IkiWiki::Plugin::openid; + +use warnings; +use strict; +use IkiWiki; + +sub import { #{{{ + hook(type => "checkconfig", id => "smiley", call => \&checkconfig); + hook(type => "auth", id => "skeleton", call => \&auth); +} # }}} + +sub checkconfig () { #{{{ + # Currently part of the OpenID code is in CGI.pm, and is enabled by + # this setting. + # TODO: modularise it all out into this plugin.. + $config{openid}=1; +} #}}} + +sub auth ($$) { #{{{ + my $q=shift; + my $session=shift; + + if (defined $q->param('openid.mode')) { + my $csr=getobj($q, $session); + + if (my $setup_url = $csr->user_setup_url) { + IkiWiki::redirect($q, $setup_url); + } + elsif ($csr->user_cancel) { + IkiWiki::redirect($q, $config{url}); + } + elsif (my $vident = $csr->verified_identity) { + $session->param(name => $vident->url); + } + } +} #}}} + +sub validate ($$$$) { #{{{ + my $q=shift; + my $session=shift; + my $form=shift; + my $openid_url=shift; + + my $csr=getobj($q, $session); + + my $claimed_identity = $csr->claimed_identity($openid_url); + if (! $claimed_identity) { + # Put the error in the form and fail validation. + $form->field(name => "openid_url", comment => $csr->err); + return 0; + } + my $check_url = $claimed_identity->check_url( + return_to => IkiWiki::cgiurl( + do => $form->field("do"), + page => $form->field("page"), + title => $form->field("title"), + from => $form->field("from"), + subpage => $form->field("subpage") + ), + trust_root => $config{cgiurl}, + delayed_return => 1, + ); + # Redirect the user to the OpenID server, which will + # eventually bounce them back to auth() above. + IkiWiki::redirect($q, $check_url); + exit 0; +} #}}} + +sub getobj ($$) { #{{{ + my $q=shift; + my $session=shift; + + eval q{use Net::OpenID::Consumer}; + error($@) if $@; + + my $ua; + eval q{use LWPx::ParanoidAgent}; + if (! $@) { + $ua=LWPx::ParanoidAgent->new; + } + else { + $ua=LWP::UserAgent->new; + } + + # Store the secret in the session. + my $secret=$session->param("openid_secret"); + if (! defined $secret) { + $secret=$session->param(openid_secret => time); + } + + return Net::OpenID::Consumer->new( + ua => $ua, + args => $q, + consumer_secret => $secret, + required_root => $config{cgiurl}, + ); +} #}}} + +1 |