From 54cf5a62cab254e923c8d73ae8bd043a1f33c3b1 Mon Sep 17 00:00:00 2001 From: joey Date: Mon, 20 Nov 2006 01:52:18 +0000 Subject: * Make auth methods pluggable. * Move httpauth support to a plugin. * Add an openid plugin to support logging in using OpenID. --- IkiWiki/Plugin/httpauth.pm | 22 ++++++++++ IkiWiki/Plugin/openid.pm | 101 +++++++++++++++++++++++++++++++++++++++++++++ IkiWiki/Plugin/skeleton.pm | 8 ++++ 3 files changed, 131 insertions(+) create mode 100644 IkiWiki/Plugin/httpauth.pm create mode 100644 IkiWiki/Plugin/openid.pm (limited to 'IkiWiki/Plugin') diff --git a/IkiWiki/Plugin/httpauth.pm b/IkiWiki/Plugin/httpauth.pm new file mode 100644 index 000000000..336eb793a --- /dev/null +++ b/IkiWiki/Plugin/httpauth.pm @@ -0,0 +1,22 @@ +#!/usr/bin/perl +# HTTP basic auth plugin. +package IkiWiki::Plugin::httpauth; + +use warnings; +use strict; +use IkiWiki; + +sub import { #{{{ + hook(type => "auth", id => "skeleton", call => \&auth); +} # }}} + +sub auth ($$) { #{{{ + my $cgi=shift; + my $session=shift; + + if (defined $cgi->remote_user()) { + $session->param("name", $cgi->remote_user()); + } +} #}}} + +1 diff --git a/IkiWiki/Plugin/openid.pm b/IkiWiki/Plugin/openid.pm new file mode 100644 index 000000000..55b1c4b17 --- /dev/null +++ b/IkiWiki/Plugin/openid.pm @@ -0,0 +1,101 @@ +#!/usr/bin/perl +# OpenID support. +package IkiWiki::Plugin::openid; + +use warnings; +use strict; +use IkiWiki; + +sub import { #{{{ + hook(type => "checkconfig", id => "smiley", call => \&checkconfig); + hook(type => "auth", id => "skeleton", call => \&auth); +} # }}} + +sub checkconfig () { #{{{ + # Currently part of the OpenID code is in CGI.pm, and is enabled by + # this setting. + # TODO: modularise it all out into this plugin.. + $config{openid}=1; +} #}}} + +sub auth ($$) { #{{{ + my $q=shift; + my $session=shift; + + if (defined $q->param('openid.mode')) { + my $csr=getobj($q, $session); + + if (my $setup_url = $csr->user_setup_url) { + IkiWiki::redirect($q, $setup_url); + } + elsif ($csr->user_cancel) { + IkiWiki::redirect($q, $config{url}); + } + elsif (my $vident = $csr->verified_identity) { + $session->param(name => $vident->url); + } + } +} #}}} + +sub validate ($$$$) { #{{{ + my $q=shift; + my $session=shift; + my $form=shift; + my $openid_url=shift; + + my $csr=getobj($q, $session); + + my $claimed_identity = $csr->claimed_identity($openid_url); + if (! $claimed_identity) { + # Put the error in the form and fail validation. + $form->field(name => "openid_url", comment => $csr->err); + return 0; + } + my $check_url = $claimed_identity->check_url( + return_to => IkiWiki::cgiurl( + do => $form->field("do"), + page => $form->field("page"), + title => $form->field("title"), + from => $form->field("from"), + subpage => $form->field("subpage") + ), + trust_root => $config{cgiurl}, + delayed_return => 1, + ); + # Redirect the user to the OpenID server, which will + # eventually bounce them back to auth() above. + IkiWiki::redirect($q, $check_url); + exit 0; +} #}}} + +sub getobj ($$) { #{{{ + my $q=shift; + my $session=shift; + + eval q{use Net::OpenID::Consumer}; + error($@) if $@; + + my $ua; + eval q{use LWPx::ParanoidAgent}; + if (! $@) { + $ua=LWPx::ParanoidAgent->new; + } + else { + $ua=LWP::UserAgent->new; + } + + # Store the secret in the session. + my $secret=$session->param("openid_secret"); + if (! defined $secret) { + $secret=$session->param(openid_secret => time); + } + + return Net::OpenID::Consumer->new( + ua => $ua, + args => $q, + consumer_secret => $secret, + required_root => $config{cgiurl}, + ); +} #}}} + +1 diff --git a/IkiWiki/Plugin/skeleton.pm b/IkiWiki/Plugin/skeleton.pm index acac16c1a..f3244ae14 100644 --- a/IkiWiki/Plugin/skeleton.pm +++ b/IkiWiki/Plugin/skeleton.pm @@ -20,6 +20,7 @@ sub import { #{{{ hook(type => "delete", id => "skeleton", call => \&delete); hook(type => "change", id => "skeleton", call => \&change); hook(type => "cgi", id => "skeleton", call => \&cgi); + hook(type => "auth", id => "skeleton", call => \&auth); hook(type => "savestate", id => "savestate", call => \&savestate); } # }}} @@ -95,6 +96,13 @@ sub cgi ($) { #{{{ debug("skeleton plugin running in cgi"); } #}}} +sub auth ($$) { #{{{ + my $cgi=shift; + my $session=shift; + + debug("skeleton plugin running in auth"); +} #}}} + sub savestate () { #{{{ debug("skeleton plugin running in savestate"); } #}}} -- cgit v1.2.3