HTTP-auth for Sputnik
  • 000003 by valebedev@... on 2008/12/02 at 11:56 GMT
  • 000002 by yuri@... on 2008/12/01 at 23:07 GMT

Page Content

From valebedev at gmail.com  Mon Dec  1 16:02:14 2008
From: valebedev at gmail.com (Vladimir Lebedev)
Date: Mon Dec  1 15:06:47 2008
Subject: [Sputnik-list] HTTP-auth for Sputnik
Message-ID: <14370124.1941228154530328.JavaMail.wal@macpro-wal.local>

Dear all,

Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors.

Thank you very much in advance,

Vladimir


From yuri at sims.berkeley.edu  Mon Dec  1 17:07:26 2008
From: yuri at sims.berkeley.edu (Yuri Takhteyev)
Date: Mon Dec  1 16:11:52 2008
Subject: [Sputnik-list] HTTP-auth for Sputnik
In-Reply-To: <14370124.1941228154530328.JavaMail.wal@macpro-wal.local>
References: <14370124.1941228154530328.JavaMail.wal@macpro-wal.local>
Message-ID: <fa4efbc00812011107y5198654enc1bba622df14ef1c@mail.gmail.com>

I can suggest three options.  First, you can definitely simply put
Sputnik behind http authentication, as you would with any site. Your
users will need to then do http authentication before they see
anything. Sputnik wouldn't know whether they actually authenticated
and who they are logged in as, but this may not matter. This is also
by far the most secure way to protect your Sputnik.

Another alternative is to use Sputnik authentication, but change it to
really limit what information is displayed to non-authenticated users.
You can edit permissions in @Root and prohibit nearly all actions to
non-authenticated users (just comment out most of the options there),
leaving just enough to allow them to login. You can also hide the
navigation bar quite easily for  users who are not logged in by
editing sputnik/templates node and changing

$do_nav_sections[=[
     <li class='$class' id='$id'>
      <a $link>$title</a>
      <ul class='$class'> <!-- ul.back will be hidden via CSS -->
       $subsections[[<li class='$class'><a $link>$title</a></li>]]
       <li style="display:none">&nbsp;</li>
      </ul>
     </li>]=]

to

$if_logged_in[======[
$do_nav_sections[=[

     <li class='$class' id='$id'>

      <a $link>$title</a>

      <ul class='$class'> <!-- ul.back will be hidden via CSS -->

       $subsections[[<li class='$class'><a $link>$title</a></li>]]

       <li style="display:none">&nbsp;</li>

      </ul>

     </li>]=]
]======]

Finally, it should be possible to change sputnik to actually pick up
authentication information from the headers. The less elegant way to
do this would be to edit Sputnik:translate_request () in
sputnik/lua/sputnik/init.lua to look at HTTP headers and set
request.user as you like. A better way of doing this would be to write
an a new authentication module using
sputnik/lua/sputnik/auth/simple.lua as an example. (The authentication
API would need to be extended a little bit to allow passing the
headers.)

  - yuri

On Mon, Dec 1, 2008 at 10:02 AM, Vladimir Lebedev <valebedev@gmail.com> wrote:
> Dear all,
>
> Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors.
>
> Thank you very much in advance,
>
> Vladimir
>
> _______________________________________________
> Sputnik-list mailing list
> Sputnik-list@lists.luaforge.net
> http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
>



-- 
http://sputnik.freewisdom.org/


From valebedev at gmail.com  Tue Dec  2 05:56:26 2008
From: valebedev at gmail.com (Vladimir Lebedev)
Date: Tue Dec  2 05:01:04 2008
Subject: [Sputnik-list] HTTP-auth for Sputnik
In-Reply-To: <fa4efbc00812011107y5198654enc1bba622df14ef1c@mail.gmail.com>
Message-ID: <2650059.2061228204582629.JavaMail.wal@macpro-wal.local>

Dear Yuri,

Thanks a lot for your help! I put "$if_logged_in" in a couple more places in sputnik/template and now it seems to be OK for the beginning.

I'm not sure that I'll be able to write a new authentication plugin - I quit my programming carrier more then 15 years ago... Though if I try, I'll let you know! :)

Best regards,
Vladimir  

----- ???????? ????????? -----
??: "Yuri Takhteyev" <yuri@sims.berkeley.edu>
????: "Vladimir Lebedev" <valebedev@gmail.com>
?????: sputnik-list@lists.luaforge.net
????????????: ???????????, 1 ??????? 2008 ? 22:07:26 GMT +03:00 ??????, ?????-?????????, ?????????
????: Re: [Sputnik-list] HTTP-auth for Sputnik

I can suggest three options.  First, you can definitely simply put
Sputnik behind http authentication, as you would with any site. Your
users will need to then do http authentication before they see
anything. Sputnik wouldn't know whether they actually authenticated
and who they are logged in as, but this may not matter. This is also
by far the most secure way to protect your Sputnik.

Another alternative is to use Sputnik authentication, but change it to
really limit what information is displayed to non-authenticated users.
You can edit permissions in @Root and prohibit nearly all actions to
non-authenticated users (just comment out most of the options there),
leaving just enough to allow them to login. You can also hide the
navigation bar quite easily for  users who are not logged in by
editing sputnik/templates node and changing

$do_nav_sections[=[
     <li class='$class' id='$id'>
      <a $link>$title</a>
      <ul class='$class'> <!-- ul.back will be hidden via CSS -->
       $subsections[[<li class='$class'><a $link>$title</a></li>]]
       <li style="display:none">&nbsp;</li>
      </ul>
     </li>]=]

to

$if_logged_in[======[
$do_nav_sections[=[

     <li class='$class' id='$id'>

      <a $link>$title</a>

      <ul class='$class'> <!-- ul.back will be hidden via CSS -->

       $subsections[[<li class='$class'><a $link>$title</a></li>]]

       <li style="display:none">&nbsp;</li>

      </ul>

     </li>]=]
]======]

Finally, it should be possible to change sputnik to actually pick up
authentication information from the headers. The less elegant way to
do this would be to edit Sputnik:translate_request () in
sputnik/lua/sputnik/init.lua to look at HTTP headers and set
request.user as you like. A better way of doing this would be to write
an a new authentication module using
sputnik/lua/sputnik/auth/simple.lua as an example. (The authentication
API would need to be extended a little bit to allow passing the
headers.)

  - yuri

On Mon, Dec 1, 2008 at 10:02 AM, Vladimir Lebedev <valebedev@gmail.com> wrote:
> Dear all,
>
> Is it possible to authenticate an user via simple http authentication? I need this in order to conceal both content and structure of my wiki from anonymous visitors.
>
> Thank you very much in advance,
>
> Vladimir
>
> _______________________________________________
> Sputnik-list mailing list
> Sputnik-list@lists.luaforge.net
> http://lists.luaforge.net/cgi-bin/mailman/listinfo/sputnik-list
>



-- 
http://sputnik.freewisdom.org/
Powered by Sputnik | XHTML 1.1