if(($ACT == 'edit' || $ACT == 'preview') && $INFO['editable']){ ?> } else { ?> } ?>
This is the simple version of the dokuoauth plugin.
It implements basic oAuth support for DokuWiki using hardcoded tokens instead of the whole oauth-flow. It's mainly intended as example while the dokuoauth plugin is being developed.
The plugin is symmetric: It authenticates OAuth signed requests to dokuwiki as well as adds an oAuth signature to an outgoing request (feed, sync) to hosts for which tokens are defined.
lib/plugins/dokuoauth/tokens.php
with an editor.
Example tokens.php
// oauth-consumer - outgoing requests - local=consumer $oauth_providers=array( array( 'host' => "localhost", 'user' => "" , # if not empty only this user can use this token 'key' => "ctoken", 'secret' => "csecret", 'token' => "atoken", 'token_secret' => "asecret" , 'signature_method' => 'HMAC-SHA1' ), ); // Oauth service provider - incoming requests - local=serviceprovider $oauth_tokens=array( array( 'key' => "ctoken", 'secret' => "csecret", 'token' => "atoken", 'token_secret' => "asecret" , 'user' => "me" # authenticate this user ), array( 'key' => "ct", 'secret' => "cs", 'token' => "at", 'token_secret' => "as" , 'user' => "admin" # authenticate this user ), );
The $oauth_providers
is used for transparently signing outgoing requests. The Plugins intercepts requests via devel:event:httpclient_request_send, and adds an oauth-signature if the hostname matches 'host' and the current (local) user equals the given 'user' (unless 'user' is empty, in which case only the hostname is checked).
$oauth_tokens
are for incoming requests with an oauth_signature
query parameter. If the tokens match and the signature is valid, the specified 'user' is automatically logged in for this request. It works for any HTTP request, though it's mainly intended for XMLRPC.
There can be multiple $oauth_providers
(for different hosts and users) as well as many $oauth_tokens
(different users).
Add a feed to a private namespace to a wiki-page. The outgoing request (to retrieve the feed) will be signed, and the signature will be used to authenticate against DokuWiki again.
{{rss http://localhost/dokuwiki/feed.php?mode=list&ns=private}}
Make sure that the tokens.php
on the server lists the host
(here localhost) in $oauth_providers
and the feed-source has the same tokens and a username that can read the private-namespace in $oauth_tokens
.
use oauthsign
from oauth-utils.
oauthsign -c ctoken -C csecret -t atoken -T asecret -x "http://localhost/dokuwiki/feed.php?mode=list&ns=private"
Enable the debug Log (Admin → Configuration-editor → DokuoAuth) and look in the /tmp/oAuth.debug
file.