[dokuwiki] signing requests

• From: Robin Gareus <robin@xxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Mon, 09 Mar 2009 19:39:19 +0100

Hi DokuDev's.

Attached patch adds two new events to dokuwiki to facilitate
authentication of signed requests as well as to sign outgoing HTTP requests.

The patch applies to today's darcs revision - please consider merging
it. It opens the door to write plugins that handle access-tokens rather
than require users to disclose passwords. Amongst others, it'll be of
interest for the upcoming sync-plugin.

The OAuth plugin uses these Events to transparently authenticate
incoming requests and automatically sign outgoing HTTP requests, without
requiring a user to disclose his or her password.

For more information and source of the OAuth plugin see
https://rg42.org/wiki/dokuoauth - After fixing some upstream oauth-php
issues with query-param-arrays, I've just resumed development of the
DokuWiki plugin. stay tuned.

cheers,
robin

diff -rN -u old-robwiki/inc/HTTPClient.php new-robwiki/inc/HTTPClient.php
--- old-robwiki/inc/HTTPClient.php      2009-03-09 17:58:55.000000000 +0100
+++ new-robwiki/inc/HTTPClient.php      2009-03-09 17:58:55.000000000 +0100
@@ -158,6 +158,18 @@
         $this->error  = '';
         $this->status = 0;
 
+        $httpdata = array('url'    => $url,
+                          'data'   => $data,
+                          'method' => $method);
+        $evt = new Doku_Event('OUTGOING_HTTP_REQUEST',$httpdata);
+        if ($evt->advise_before()) {
+            $url    = $httpdata['url'];
+            $data   = $httpdata['data'];
+            $method = $httpdata['method'];
+        }
+        $evt->advise_after();
+        unset($evt);
+
         // parse URL into bits
         $uri = parse_url($url);
         $server = $uri['host'];
diff -rN -u old-robwiki/inc/auth.php new-robwiki/inc/auth.php
--- old-robwiki/inc/auth.php    2009-03-09 17:58:55.000000000 +0100
+++ new-robwiki/inc/auth.php    2009-03-09 17:58:55.000000000 +0100
@@ -81,7 +81,13 @@
         // external trust mechanism in place
         $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']);
       }else{
-        
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']);
+        $evt = new Doku_Event('ACTION_ON_AUTH',$ACT);
+        $evt->advise_before();
+        if(empty($_SERVER['REMOTE_USER'])) {
+            
auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']);
+        }
+        $evt->advise_after();
+        unset($evt);
       }
     }
 

• Follow-Ups:
  • [dokuwiki] Re: signing requests
    • From: Andreas Gohr

Other related posts:

• » [dokuwiki] signing requests - Robin Gareus
• » [dokuwiki] Re: signing requests- Andreas Gohr
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Andreas Gohr
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Mikhail I. Izmestev
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Robin Gareus
• » [dokuwiki] Re: signing requests- Andreas Gohr

1. Home
2. dokuwiki
3. Archive
4. 03-2009

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---