2008-12-01 16:02 | 
valebedev
Vladimir Lebedev <valebedev at gmail.com>
Dear all, Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors. Thank you very much in advance, Vladimir
2008-12-01 17:07 | 
yuri
Yuri Takhteyev <yuri at sims.berkeley.edu>
I can suggest three options. First, you can definitely simply put
Sputnik behind http authentication, as you would with any site. Your
users will need to then do http authentication before they see
anything. Sputnik wouldn't know whether they actually authenticated
and who they are logged in as, but this may not matter. This is also
by far the most secure way to protect your Sputnik.
Another alternative is to use Sputnik authentication, but change it to
really limit what information is displayed to non-authenticated users.
You can edit permissions in @Root and prohibit nearly all actions to
non-authenticated users (just comment out most of the options there),
leaving just enough to allow them to login. You can also hide the
navigation bar quite easily for users who are not logged in by
editing sputnik/templates node and changing
$do_nav_sections[=[
<li class='$class' id='$id'>
<a $link>$title</a>
<ul class='$class'> <!-- ul.back will be hidden via CSS -->
$subsections[[<li class='$class'><a $link>$title</a></li>]]
<li style="display:none"> </li>
</ul>
</li>]=]
to
$if_logged_in[======[
$do_nav_sections[=[
<li class='$class' id='$id'>
<a $link>$title</a>
<ul class='$class'> <!-- ul.back will be hidden via CSS -->
$subsections[[<li class='$class'><a $link>$title</a></li>]]
<li style="display:none"> </li>
</ul>
</li>]=]
]======]
Finally, it should be possible to change sputnik to actually pick up
authentication information from the headers. The less elegant way to
do this would be to edit Sputnik:translate_request () in
sputnik/lua/sputnik/init.lua to look at HTTP headers and set
request.user as you like. A better way of doing this would be to write
an a new authentication module using
sputnik/lua/sputnik/auth/simple.lua as an example. (The authentication
API would need to be extended a little bit to allow passing the
headers.)
- yuri
On Mon, Dec 1, 2008 at 10:02 AM, Vladimir Lebedev <valebedev@gmail.com> wrote:
> Dear all,
>
> Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors.
>
> Thank you very much in advance,
>
> Vladimir
>
> _______________________________________________
> Sputnik-list mailing list
> Sputnik-list@lists.luaforge.net
> http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
>
--
http://sputnik.freewisdom.org/
2008-12-02 05:56 | valebedev
Vladimir Lebedev <valebedev at gmail.com>
Dear Yuri,
Thanks a lot for your help! I put "$if_logged_in" in a couple more places in sputnik/template and now it seems to be OK for the beginning.
I'm not sure that I'll be able to write a new authentication plugin - I quit my programming carrier more then 15 years ago... Though if I try, I'll let you know! :)
Best regards,
Vladimir
----- ???????? ????????? -----
??: "Yuri Takhteyev" <yuri@sims.berkeley.edu>
????: "Vladimir Lebedev" <valebedev@gmail.com>
?????: sputnik-list@lists.luaforge.net
????????????: ???????????, 1 ??????? 2008 ? 22:07:26 GMT +03:00 ??????, ?????-?????????, ?????????
????: Re: [Sputnik-list] HTTP-auth for Sputnik
I can suggest three options. First, you can definitely simply put
Sputnik behind http authentication, as you would with any site. Your
users will need to then do http authentication before they see
anything. Sputnik wouldn't know whether they actually authenticated
and who they are logged in as, but this may not matter. This is also
by far the most secure way to protect your Sputnik.
Another alternative is to use Sputnik authentication, but change it to
really limit what information is displayed to non-authenticated users.
You can edit permissions in @Root and prohibit nearly all actions to
non-authenticated users (just comment out most of the options there),
leaving just enough to allow them to login. You can also hide the
navigation bar quite easily for users who are not logged in by
editing sputnik/templates node and changing
$do_nav_sections[=[
<li class='$class' id='$id'>
<a $link>$title</a>
<ul class='$class'> <!-- ul.back will be hidden via CSS -->
$subsections[[<li class='$class'><a $link>$title</a></li>]]
<li style="display:none"> </li>
</ul>
</li>]=]
to
$if_logged_in[======[
$do_nav_sections[=[
<li class='$class' id='$id'>
<a $link>$title</a>
<ul class='$class'> <!-- ul.back will be hidden via CSS -->
$subsections[[<li class='$class'><a $link>$title</a></li>]]
<li style="display:none"> </li>
</ul>
</li>]=]
]======]
Finally, it should be possible to change sputnik to actually pick up
authentication information from the headers. The less elegant way to
do this would be to edit Sputnik:translate_request () in
sputnik/lua/sputnik/init.lua to look at HTTP headers and set
request.user as you like. A better way of doing this would be to write
an a new authentication module using
sputnik/lua/sputnik/auth/simple.lua as an example. (The authentication
API would need to be extended a little bit to allow passing the
headers.)
- yuri
On Mon, Dec 1, 2008 at 10:02 AM, Vladimir Lebedev <valebedev@gmail.com> wrote:
> Dear all,
>
> Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors.
>
> Thank you very much in advance,
>
> Vladimir
>
> _______________________________________________
> Sputnik-list mailing list
> Sputnik-list@lists.luaforge.net
> http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
>
--
http://sputnik.freewisdom.org/