Hi DokuDev's. Attached patch adds two new events to dokuwiki to facilitate authentication of signed requests as well as to sign outgoing HTTP requests. The patch applies to today's darcs revision - please consider merging it. It opens the door to write plugins that handle access-tokens rather than require users to disclose passwords. Amongst others, it'll be of interest for the upcoming sync-plugin. The OAuth plugin uses these Events to transparently authenticate incoming requests and automatically sign outgoing HTTP requests, without requiring a user to disclose his or her password. For more information and source of the OAuth plugin see https://rg42.org/wiki/dokuoauth - After fixing some upstream oauth-php issues with query-param-arrays, I've just resumed development of the DokuWiki plugin. stay tuned. cheers, robin
diff -rN -u old-robwiki/inc/HTTPClient.php new-robwiki/inc/HTTPClient.php --- old-robwiki/inc/HTTPClient.php 2009-03-09 17:58:55.000000000 +0100 +++ new-robwiki/inc/HTTPClient.php 2009-03-09 17:58:55.000000000 +0100 @@ -158,6 +158,18 @@ $this->error = ''; $this->status = 0; + $httpdata = array('url' => $url, + 'data' => $data, + 'method' => $method); + $evt = new Doku_Event('OUTGOING_HTTP_REQUEST',$httpdata); + if ($evt->advise_before()) { + $url = $httpdata['url']; + $data = $httpdata['data']; + $method = $httpdata['method']; + } + $evt->advise_after(); + unset($evt); + // parse URL into bits $uri = parse_url($url); $server = $uri['host']; diff -rN -u old-robwiki/inc/auth.php new-robwiki/inc/auth.php --- old-robwiki/inc/auth.php 2009-03-09 17:58:55.000000000 +0100 +++ new-robwiki/inc/auth.php 2009-03-09 17:58:55.000000000 +0100 @@ -81,7 +81,13 @@ // external trust mechanism in place $auth->trustExternal($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r']); }else{ - auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); + $evt = new Doku_Event('ACTION_ON_AUTH',$ACT); + $evt->advise_before(); + if(empty($_SERVER['REMOTE_USER'])) { + auth_login($_REQUEST['u'],$_REQUEST['p'],$_REQUEST['r'],$_REQUEST['http_credentials']); + } + $evt->advise_after(); + unset($evt); } }