summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--IkiWiki/Plugin/openid.pm27
-rw-r--r--debian/changelog7
-rw-r--r--doc/plugins/openid.mdwn16
3 files changed, 47 insertions, 3 deletions
diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm
index e10e21f4d..57cb139ca 100644
--- a/IkiWiki/Plugin/openid.pm
+++ b/IkiWiki/Plugin/openid.pm
@@ -40,6 +40,18 @@ sub getsetup () {
rebuild => 0,
section => "auth",
},
+ openid_realm => {
+ type => "string",
+ description => "url of openid realm (default is cgiurl)",
+ safe => 0,
+ rebuild => 0,
+ },
+ openid_cgiurl => {
+ type => "string",
+ description => "url to ikiwiki cgi to use for openid authentication (default is cgiurl)",
+ safe => 0,
+ rebuild => 0,
+ },
}
sub openid_selector {
@@ -135,9 +147,15 @@ sub validate ($$$;$) {
);
}
+ my $cgiurl=$config{openid_cgiurl};
+ $cgiurl=$config{cgiurl} if ! defined $cgiurl;
+
+ my $trust_root=$config{openid_realm};
+ $trust_root=$cgiurl if ! defined $trust_root;
+
my $check_url = $claimed_identity->check_url(
- return_to => IkiWiki::cgiurl(do => "postsignin"),
- trust_root => $config{cgiurl},
+ return_to => "$cgiurl?do=postsignin",
+ trust_root => $trust_root,
delayed_return => 1,
);
# Redirect the user to the OpenID server, which will
@@ -220,12 +238,15 @@ sub getobj ($$) {
$secret=rand;
$session->param(openid_secret => $secret);
}
+
+ my $cgiurl=$config{openid_cgiurl};
+ $cgiurl=$config{cgiurl} if ! defined $cgiurl;
return Net::OpenID::Consumer->new(
ua => $ua,
args => $q,
consumer_secret => sub { return shift()+$secret },
- required_root => $config{cgiurl},
+ required_root => $cgiurl,
);
}
diff --git a/debian/changelog b/debian/changelog
index 01307db55..9a6b1361c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ikiwiki (3.20100611) UNRELEASED; urgency=low
+
+ * openid: Add openid_realm and openid_cgiurl configuration options,
+ useful in a few edge case setups.
+
+ -- Joey Hess <joeyh@debian.org> Fri, 11 Jun 2010 13:39:15 -0400
+
ikiwiki (3.20100610) unstable; urgency=low
* creation_day() etc use local time, not gmtime. To match calendars, which
diff --git a/doc/plugins/openid.mdwn b/doc/plugins/openid.mdwn
index 7da2f8575..3fb4c26b8 100644
--- a/doc/plugins/openid.mdwn
+++ b/doc/plugins/openid.mdwn
@@ -13,3 +13,19 @@ to support users entering "https" OpenID urls.
This plugin is enabled by default, but can be turned off if you want to
only use some other form of authentication, such as [[passwordauth]].
+
+## options
+
+These options do not normally need to be set, but can be useful in
+certian setups.
+
+* `openid_realm` can be used to control the scope of the openid request.
+ It defaults to the `cgiurl` (or `openid_cgiurl` if set); only allowing
+ ikiwiki's [[CGI]] to authenticate. If you have multiple ikiwiki instances,
+ or other things using openid on the same site, you may choose to put them
+ all in the same realm to improve the user's openid experience.
+
+* `openid_cgiurl` can be used to cause a different than usual `cgiurl`
+ to be used when doing openid authentication. The `openid_cgiurl` must
+ point to an ikiwiki [[CGI]], and it will need to match the `openid_realm`
+ to work.