[pmwiki-users] RFC -- POP3 to PmWiki

Patrick R. Michaud pmichaud at pobox.com
Thu Oct 5 13:31:14 CDT 2006 

On Thu, Oct 05, 2006 at 01:30:03PM -0400, Crisses wrote:
>    On Oct 5, 2006, at 12:30 PM, Patrick R. Michaud wrote:
>      I was thinking of using the existing API -- i.e., 
>      ?action=source and ?action=edit, or the upcoming ?action=insert.
>      I haven't seen a case where we'd need much in the way of additional
>      code on the receiving wiki -- am I forgetting something?  Or, put
>      another way, what pieces do the existing actions not provide?
> 
>    the biggie:
>    Remote authentication for edit-passworded pages
>    So I was thinking in terms of a specific action= that would handle
>    receiving authentication information of some type --

We can already do this with ?action=edit and ?action=insert,
just have the gateway send username and password using
'authpw' and 'authid' fields, same as browsers do now.

Then authors/administrators authorize the gateway to 
edit pages using the same authorization mechanisms that
are already built-in PmWiki.  Nice consistency, there.

See below for a detailed description.

Pm


Creating a '@gateway' authorization group:

In this approach, the person registering the mail-to-wiki
gateway provides the gateway with a password key it should use
when posting content to the wiki.  In the target site's local/config.php,
add something like:

  if (@$_POST['authpw'] == 'secret_key') 
    SessionAuth($pagename, array('authlist' => array('@gateway' => 1)));

Then authors and administrators can simply specify '@gateway'
wherever a password is normally stored to indicate that the
mail-to-wiki gateway is allowed to post.

When posting content to the recipient server, the gateway
simply passes 'secret_key' as an authpw control,  same as the
other controls in the post such as action, text, post, etc.

Of course, this isn't the only approach -- we can emulate any
of the authentication/authorization capabilities in PmWiki,
including authentication (i.e., "id:gateway") or simple
shared passwords ("set a group/page edit password to 'secret_key'").

More information about the pmwiki-users mailing list