Joey Hess on 2006-10-02 13:42:42 -0400: > Alec Berryman wrote: > > I have been using this for several days to allow users with LDAP > > accounts full read/write access to a wiki. The only problem I have > > encountered is that the Preferences page does not work correctly; it > > gives an incorrect password error when trying to change subscriptions > > and locked pages. > > I guess that the problem could be that there is no record of the user in > the userinfo database, and so things that try to set values for the user > fail. Although I'm not sure how this could result in a password error. > What is the error message exactly?
My mistake; it was a password error when Firefox filled in the password field and I forgot to delete it. I got the expected error message when trying to change subscriptions or locked_pages that detailed which variable couldn't be set. > A change like this might fix it. This tries to detect a new http auth > user and adds a userdb entry for the user. (Sorry about the formatting.) Thanks - that exact code did the trick. Attached is an updated patch that adds your fix and hides the password fields on the Preferences page when http auth is in use.
--- IkiWiki/Wrapper.pm (revision 1460)
+++ IkiWiki/Wrapper.pm (revision 1482)
@@ -28,7 +28,7 @@
my @envsave;
push @envsave, qw{REMOTE_ADDR QUERY_STRING REQUEST_METHOD REQUEST_URI
CONTENT_TYPE CONTENT_LENGTH GATEWAY_INTERFACE
- HTTP_COOKIE} if $config{cgi};
+ HTTP_COOKIE REMOTE_USER} if $config{cgi};
my $envsave="";
foreach my $var (@envsave) {
$envsave.=<<"EOF"
--- IkiWiki/CGI.pm (revision 1460)
+++ IkiWiki/CGI.pm (revision 1482)
@@ -314,6 +314,11 @@
if (! is_admin($user_name)) {
$form->field(name => "locked_pages", type => "hidden");
}
+
+ if ($config{http_auth}) {
+ $form->field(name => "password", type => "hidden");
+ $form->field(name => "confirm_password", type => "hidden");
+ }
if (! $form->submitted) {
$form->field(name => "email", force => 1,
@@ -643,6 +648,7 @@
# Everything below this point needs the user to be signed in.
if (((! $config{anonok} || $do eq 'prefs') &&
+ (! $config{httpauth}) &&
(! defined $session->param("name") ||
! userinfo_get($session->param("name"), "regdate"))) || $do eq
'signin') {
cgi_signin($q, $session);
@@ -654,6 +660,21 @@
return;
}
+
+ if ($config{httpauth} && (! defined $session->param("name"))) {
+ if (! defined $q->remote_user()) {
+ error("Could not determine authenticated username.");
+ } else {
+ $session->param("name", $q->remote_user());
+ if(!userinfo_get($session->param("name"),"regdate")){
+ userinfo_setall($session->param("name"), {
+ email => "",
+ password => "",
+ regdate=>time,
+ });
+ }
+ }
+ }
if ($do eq 'create' || $do eq 'edit') {
cgi_editpage($q, $session);
--- doc/ikiwiki.setup (revision 1460)
+++ doc/ikiwiki.setup (revision 1482)
@@ -86,6 +86,8 @@
#locale => 'en_US.UTF-8',
# Only send cookies over SSL connections.
#sslcookie => 1,
+ # Use HTTP Authentication instead of Ikiwiki's.
+ #httpauth => 1,
# Logging settings:
verbose => 0,
syslog => 0,
--- ikiwiki.pl (revision 1460)
+++ ikiwiki.pl (revision 1482)
@@ -47,6 +47,7 @@
"adminemail=s" => \$config{adminemail},
"timeformat=s" => \$config{timeformat},
"sslcookie!" => \$config{sslcookie},
+ "httpauth!" => \$config{httpauth},
"exclude=s@" => sub {
$config{wiki_file_prune_regexp}=qr/$config{wiki_file_prune_regexp}|$_[1]/;
},
--- IkiWiki.pm (revision 1460)
+++ IkiWiki.pm (revision 1482)
@@ -62,6 +62,7 @@
timeformat => '%c',
locale => undef,
sslcookie => 0,
+ httpauth => 0,
} #}}}
sub checkconfig () { #{{{
signature.asc
Description: Digital signature
