Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Feb 8, 2012
Commits on Oct 29, 2011
Commits on Apr 23, 2011
  1. Migrated to happstack-6.

    API changes:
    * Removed withInput.
    * Replace fileContents with filePath in Params.
    * uploadForm.js:  Remove prefix with path when populating wikiname field.
Commits on Apr 13, 2011
  1. @gwern
Commits on Apr 6, 2011
  1. Use base-url to set rpx token_url.

    This fixes a problem we previously had with authentication-method=rpx
    and authentication-required=read.  Now base-url must be set in config
    if you plan to use RPX authentication.
Commits on Apr 1, 2011
  1. Added RPX support again, using stripped-down module.

    Note: wget must be in the system path, as it is used to make the
    http request.
  2. Added Network.Gitit.Rpxnow.

    This is modified from Michael Snoyman's authenticate-0.0.1 and
Commits on Mar 30, 2011
  1. Removed RPX athentication option.

    This brought in too many external dependencies, including
    some not satisfiable with the latest Haskell Platform.
    It would be great if someone could write a lightweight RPX
    module with few dependencies.
  2. Added authentication-required field.

    * If set to 'modify', authentication is required to modify the wiki.
    * If set to 'read', atuhentication is required to view the wiki.
    * If set to 'none', authentication is never required, and pages can
      be edited anonymously.
    API changes:
    * currentUser moved to Authentication module
    * requireAuthentication added to Config
    * Added AuthenticationLevel type
    * requireUser renamed authenticate, parameter for AuthenticationLevel
      added; requireUserThat renamed authenticateUserThat
Commits on Mar 29, 2011
  1. Added 'rpx' as authentication-method, 'rpx-domain' & 'rpx-key' config.

    You can now use RPXNow authentication by setting authentication-method
    to rpx and setting rpx-domain and rpx-key appropriately.
Commits on Mar 8, 2010
Commits on Oct 4, 2009
  1. Display informative message on authentication failure.

    John MacFarlane authored
    Resolves Issue #69.
Commits on Aug 16, 2009
Commits on Aug 1, 2009
  1. Proper _login and _logout for HTTP authentication.

    If you want to make a wiki read-only accessible to everyone,
    but writable only to those who authenticate, you can put your
    /_login URL only under authentication.
    The /_logout method here is untested and probably won't work.
  2. Major architectural revision of authentication system.

    + Now the currently logged in user is taken from the
      REMOTE_USER request header.
    + This can be set externally (as by mod_auth_cas) or
      by a gitit filter that runs before the other wiki handlers.
    + This gitit filter, withUser, is set in config and will
      differ depending on whether we're using form authentication
      (in which case the user will be extracted from a session)
      or http authentication (in which case it will be extracted
      from the "authorization" request header).  (When we're
      using gitit with an external system that sets REMOTE_USER,
      we can set this to id.)
    + Config also specifies authHandler, which includes handlers
      for urls like _login and _logout.  This can be set to use
      the form-based authentication handlers or a pared-down
      logout handler for HTTP authentication.
    + The requireUser combinator checks that a user is logged
      in before running a handler; if not, we divert to the _login
      page with a 'destination' parameter with the URL to return to.
      This replaces the old ifLoggedIn.
    + A GET parameter is now used for 'destination', rather than a
      cookie.  Also, we try not to rely on 'referer' except as a
Commits on Jul 20, 2009
  1. Changed config to take user handlers rather than AuthenticationMethod.

    + Config sets these appropriately.
    + They can be specified in a calling program.
    + The login/out box is now no longer hidden when non-form authentication
      is used.
Commits on Jul 13, 2009
  1. Renamed AppState -> GititState.

Commits on Jul 11, 2009
  1. Simplified formattedPage.

    + Removed ctxPageName from Context (since we now have pgPageName in
    + Removed params and page parameters from formattedPage, since
      these are now in PageLayout.
Commits on Jul 10, 2009
  1. Fixed security issue with change password.

    Gitit did not verify that a change password request is genuine
    when it receives the final POST.  It has been changed to
    re-verify the reset code, otherwise an attacker could simply steal
    anyone's account by spoofing a POST request.
    Thanks to Robin Green for the patch.
Commits on Jun 25, 2009
  1. Set tabindex on access question input.

    Resolves Issue #56.
Commits on Jun 16, 2009
  1. Fixed getWikiBase.

Commits on Jun 15, 2009
  1. Added CustomAuth option, w/ a custom getLoggedInUser function.

    This is useful for wikis embedded in applications that have
    their own user handling.
  2. Moved Gitit under Network namespace.

    Gitit.Happstack is now Network.Gitit.
    Gitit.X is now Network.Gitit.X.
    The main program is now gitit.hs.
Something went wrong with that request. Please try again.