Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Feb 8, 2012
Commits on Oct 29, 2011
Commits on Apr 23, 2011
  1. Migrated to happstack-6.

    authored
    API changes:
    
    * Removed withInput.
    * Replace fileContents with filePath in Params.
    
    Fixes:
    
    * uploadForm.js:  Remove prefix with path when populating wikiname field.
Commits on Apr 13, 2011
  1. @gwern
Commits on Apr 6, 2011
  1. Use base-url to set rpx token_url.

    authored
    This fixes a problem we previously had with authentication-method=rpx
    and authentication-required=read.  Now base-url must be set in config
    if you plan to use RPX authentication.
Commits on Apr 1, 2011
  1. Added RPX support again, using stripped-down module.

    authored
    Note: wget must be in the system path, as it is used to make the
    http request.
  2. Added Network.Gitit.Rpxnow.

    authored
    This is modified from Michael Snoyman's authenticate-0.0.1 and
    http-wget-0.0.1.
Commits on Mar 30, 2011
  1. Removed RPX athentication option.

    authored
    This brought in too many external dependencies, including
    some not satisfiable with the latest Haskell Platform.
    It would be great if someone could write a lightweight RPX
    module with few dependencies.
  2. Added authentication-required field.

    authored
    * If set to 'modify', authentication is required to modify the wiki.
    * If set to 'read', atuhentication is required to view the wiki.
    * If set to 'none', authentication is never required, and pages can
      be edited anonymously.
    
    API changes:
    
    * currentUser moved to Authentication module
    * requireAuthentication added to Config
    * Added AuthenticationLevel type
    * requireUser renamed authenticate, parameter for AuthenticationLevel
      added; requireUserThat renamed authenticateUserThat
Commits on Mar 29, 2011
  1. Added 'rpx' as authentication-method, 'rpx-domain' & 'rpx-key' config.

    authored
    You can now use RPXNow authentication by setting authentication-method
    to rpx and setting rpx-domain and rpx-key appropriately.
Commits on Mar 8, 2010
Commits on Oct 4, 2009
  1. Display informative message on authentication failure.

    John MacFarlane authored
    Resolves Issue #69.
Commits on Aug 16, 2009
Commits on Aug 1, 2009
  1. Proper _login and _logout for HTTP authentication.

    authored
    If you want to make a wiki read-only accessible to everyone,
    but writable only to those who authenticate, you can put your
    /_login URL only under authentication.
    
    The /_logout method here is untested and probably won't work.
  2. Major architectural revision of authentication system.

    authored
    + Now the currently logged in user is taken from the
      REMOTE_USER request header.
    
    + This can be set externally (as by mod_auth_cas) or
      by a gitit filter that runs before the other wiki handlers.
    
    + This gitit filter, withUser, is set in config and will
      differ depending on whether we're using form authentication
      (in which case the user will be extracted from a session)
      or http authentication (in which case it will be extracted
      from the "authorization" request header).  (When we're
      using gitit with an external system that sets REMOTE_USER,
      we can set this to id.)
    
    + Config also specifies authHandler, which includes handlers
      for urls like _login and _logout.  This can be set to use
      the form-based authentication handlers or a pared-down
      logout handler for HTTP authentication.
    
    + The requireUser combinator checks that a user is logged
      in before running a handler; if not, we divert to the _login
      page with a 'destination' parameter with the URL to return to.
      This replaces the old ifLoggedIn.
    
    + A GET parameter is now used for 'destination', rather than a
      cookie.  Also, we try not to rely on 'referer' except as a
      fallback.
Commits on Jul 20, 2009
  1. Changed config to take user handlers rather than AuthenticationMethod.

    authored
    + Config sets these appropriately.
    + They can be specified in a calling program.
    + The login/out box is now no longer hidden when non-form authentication
      is used.
Commits on Jul 13, 2009
  1. Renamed AppState -> GititState.

    authored
Commits on Jul 11, 2009
  1. Simplified formattedPage.

    authored
    + Removed ctxPageName from Context (since we now have pgPageName in
      PageLayout).
    
    + Removed params and page parameters from formattedPage, since
      these are now in PageLayout.
Commits on Jul 10, 2009
  1. Fixed security issue with change password.

    authored
    Gitit did not verify that a change password request is genuine
    when it receives the final POST.  It has been changed to
    re-verify the reset code, otherwise an attacker could simply steal
    anyone's account by spoofing a POST request.
    
    Thanks to Robin Green for the patch.
Commits on Jun 25, 2009
  1. Set tabindex on access question input.

    authored
    Resolves Issue #56.
Commits on Jun 16, 2009
  1. Fixed getWikiBase.

    authored
Commits on Jun 15, 2009
  1. Added CustomAuth option, w/ a custom getLoggedInUser function.

    authored
    This is useful for wikis embedded in applications that have
    their own user handling.
  2. Moved Gitit under Network namespace.

    authored
    Gitit.Happstack is now Network.Gitit.
    Gitit.X is now Network.Gitit.X.
    The main program is now gitit.hs.
Something went wrong with that request. Please try again.