7 files changed, 164 insertions, 0 deletions
diff --git a/README b/README
index 217e6bf..99daef1 100644
--- a/README
+++ b/README
@@ -204,6 +204,7 @@ Besides the builtin variables you can also define your own ones and use them in
   - `cookie_handler`
   - `new_window`: handler to execute to invoke new uzbl window (TODO better name)
   - `scheme_handler`: handler to execute for each URI navigated to - the navigation request will be ignored if handler prints "USED\n"
+  - `authentication_handler`: command that handles http authentication
   - `fifo_dir`: location to store fifo's
   - `socket_dir`: location to store sockets
   - `print_events`: show events on stdout
@@ -395,6 +396,12 @@ The script specific arguments are this:
 
     $8 URI of the page to be navigated to
 
+* authentication handler:
+
+    $8 authentication zone unique identifier
+    $9 domain part of URL that requests authentication
+    $10 authentication realm
+    $11 FALSE if this is the first attempt to authenticate, TRUE otherwise
 
 Custom, userdefined scripts (`spawn foo bar`) get first the arguments as specified in the config and then the above 7 are added at the end.
 
@@ -411,6 +418,31 @@ Currently, the `Uzbl` object provides only one function:
        * `Uzbl.run("spawn insert_bookmark.sh")`
        * `uri = Uzbl.run("print @uri")` (see variable expansion below)
 
+### AUTHENTICATION ###
+
+If authentication_handler variable is not set, http authentication is handled internally by WebKit. If you want to use custom script for http authentication, set authentication_handler. For example:
+
+  set authentication_handler = sync_spawn /patch/to/your/script
+
+Script will be executed on each authentication request. It will receive four auth-related parameters:
+    
+    $8 authentication zone unique identifier (may be used as hash key in passwords database)
+    $9 domain part of URL that requests authentication
+    $10 authentication realm
+    $11 FALSE if this is the first attempt to authenticate, TRUE otherwise
+
+Script is expected to print exactly two lines of text on stdout (that means its output must contain exactly two '\n' bytes). The first line contains username, the second one - password.
+If authentication fail, script will be executed again (with $11 = TRUE). Non-interactive scripts should handle this case and do not try to authenticate again to avoid loops.
+If number of '\n' characters in scripts output does not equal 2, authentication will fail. That means 401 error will be displayed and uzbl won't try to authenticate anymore.
+
+The simplest example of authentication handler script is:
+
+#!/bin/sh
+[ "$11" == "TRUE ] && exit
+echo alice
+echo wonderland
+
+This script tries to authenticate as user alice with password wonderland once and never retries authentication. See examples for more sofisticated, interactive authentication handler.
 
 ### EVENTS ###
 
diff --git a/examples/config/config b/examples/config/config
index eb17813..91ef872 100644
--- a/examples/config/config
+++ b/examples/config/config
@@ -45,6 +45,7 @@ set jsh = js var run=Uzbl.run; function get(k){return run("print \\\@"+k)}; func
 # support events that can wait for a response from a script.
 set cookie_handler      = talk_to_socket $XDG_CACHE_HOME/uzbl/cookie_daemon_socket
 set scheme_handler      = sync_spawn @scripts_dir/scheme.py
+set authentication_handler = sync_spawn @scripts_dir/auth.py
 
 # Open in the same window.
 #set new_window         = sh 'echo uri "$8" > $4'
diff --git a/examples/data/scripts/auth.py b/examples/data/scripts/auth.py
new file mode 100644
index 0000000..4feb90b
--- /dev/null
+++ b/examples/data/scripts/auth.py
@@ -0,0 +1,53 @@
+#!/usr/bin/python
+
+import gtk
+import sys
+
+def responseToDialog(entry, dialog, response):
+	dialog.response(response)
+
+def getText(authInfo, authHost, authRealm):
+	dialog = gtk.MessageDialog(
+		None,
+		gtk.DIALOG_MODAL | gtk.DIALOG_DESTROY_WITH_PARENT,
+		gtk.MESSAGE_QUESTION,
+		gtk.BUTTONS_OK_CANCEL,
+		None)
+	dialog.set_markup('%s at %s' % (authRealm, authHost))
+
+	login = gtk.Entry()
+	password = gtk.Entry()
+	password.set_visibility(False)
+
+	login.connect("activate", responseToDialog, dialog, gtk.RESPONSE_OK)
+	password.connect("activate", responseToDialog, dialog, gtk.RESPONSE_OK)
+
+	hbox = gtk.HBox();
+
+	vbox_entries = gtk.VBox();
+	vbox_labels = gtk.VBox();
+
+	vbox_labels.pack_start(gtk.Label("Login:"), False, 5, 5)
+	vbox_labels.pack_end(gtk.Label("Password:"), False, 5, 5)
+
+	vbox_entries.pack_start(login)
+	vbox_entries.pack_end(password)
+
+	dialog.format_secondary_markup("Please enter username and password:")
+	hbox.pack_start(vbox_labels, True, True, 0)
+	hbox.pack_end(vbox_entries, True, True, 0)
+
+	dialog.vbox.pack_start(hbox)
+	dialog.show_all()
+	rv = dialog.run()
+
+	output = login.get_text() + "\n" + password.get_text()
+	dialog.destroy()
+	return rv, output
+
+if __name__ == '__main__':
+	rv, output = getText(sys.argv[8], sys.argv[9], sys.argv[10])
+	if (rv == gtk.RESPONSE_OK):
+	        print output;
+	else:
+		exit(1)
diff --git a/src/callbacks.c b/src/callbacks.c
index dab92c1..b2f05cf 100644
--- a/src/callbacks.c
+++ b/src/callbacks.c
@@ -27,6 +27,17 @@ set_proxy_url() {
 }
 
 void
+set_authentication_handler() {
+    if (uzbl.behave.authentication_handler)
+        soup_session_remove_feature_by_type
+            (uzbl.net.soup_session, (GType) WEBKIT_TYPE_SOUP_AUTH_DIALOG);
+    else
+        soup_session_add_feature_by_type
+            (uzbl.net.soup_session, (GType) WEBKIT_TYPE_SOUP_AUTH_DIALOG);
+    return;
+}
+
+void
 set_icon() {
     if(file_exists(uzbl.gui.icon)) {
         if (uzbl.gui.main_window)
diff --git a/src/callbacks.h b/src/callbacks.h
index 3f318f2..7fe5c19 100644
--- a/src/callbacks.h
+++ b/src/callbacks.h
@@ -13,6 +13,9 @@ void
 set_proxy_url();
 
 void
+set_authentication_handler();
+
+void
 set_icon();
 
 void
diff --git a/src/uzbl-core.c b/src/uzbl-core.c
index 8a053f6..cd907f4 100644
--- a/src/uzbl-core.c
+++ b/src/uzbl-core.c
@@ -101,6 +101,7 @@ const struct var_name_to_ptr_t {
     { "forward_keys",           PTR_V_INT(uzbl.behave.forward_keys,             1,   NULL)},
     { "download_handler",       PTR_V_STR(uzbl.behave.download_handler,         1,   NULL)},
     { "cookie_handler",         PTR_V_STR(uzbl.behave.cookie_handler,           1,   NULL)},
+    { "authentication_handler", PTR_V_STR(uzbl.behave.authentication_handler,   1,   set_authentication_handler)},
     { "new_window",             PTR_V_STR(uzbl.behave.new_window,               1,   NULL)},
     { "scheme_handler",         PTR_V_STR(uzbl.behave.scheme_handler,           1,   NULL)},
     { "fifo_dir",               PTR_V_STR(uzbl.behave.fifo_dir,                 1,   cmd_fifo_dir)},
@@ -2316,6 +2317,61 @@ settings_init () {
         init_connect_socket();
 
     g_signal_connect_after(n->soup_session, "request-started", G_CALLBACK(handle_cookies), NULL);
+    g_signal_connect(n->soup_session, "authenticate", G_CALLBACK(handle_authentication), NULL);
+}
+
+void handle_authentication (SoupSession *session, SoupMessage *msg, SoupAuth *auth, gboolean retrying, gpointer user_data) {
+
+    (void) user_data;
+
+    if(uzbl.behave.authentication_handler) {
+        char  *username, *password;
+        gchar *info, *host, *realm;
+        int    number_of_endls=0;
+        gchar *p;
+
+        soup_session_pause_message(session, msg);
+
+        /* Sanitize strings */
+            info  = g_strdup(soup_auth_get_info(auth));
+            host  = g_strdup(soup_auth_get_host(auth));
+            realm = g_strdup(soup_auth_get_realm(auth));
+            for (p = info; *p; p++)  if (*p == '\'') *p = '\"';
+            for (p = host; *p; p++)  if (*p == '\'') *p = '\"';
+            for (p = realm; *p; p++) if (*p == '\'') *p = '\"';
+
+        GString *s = g_string_new ("");
+        g_string_printf(s, "'%s' '%s' '%s' '%s'",
+            info, host, realm, retrying?"TRUE":"FALSE");
+
+        run_handler(uzbl.behave.authentication_handler, s->str);
+
+        username = uzbl.comm.sync_stdout;
+
+        for (p = uzbl.comm.sync_stdout; *p; p++) {
+            if (*p == '\n') {
+                *p = '\0';
+                if (++number_of_endls == 1)
+                    password = p + 1;
+            }
+        }
+
+        /* If stdout was correct (contains exactly two lines of text) do
+         * authenticate. Otherwise fail. */
+        if (number_of_endls == 2) {
+            soup_auth_authenticate(auth, username, password);
+        } else {
+            g_free(username);
+            g_free(password);
+        }
+
+        soup_session_unpause_message(session, msg);
+
+        g_string_free(s, TRUE);
+        g_free(info);
+        g_free(host);
+        g_free(realm);
+    }
 }
 
 void handle_cookies (SoupSession *session, SoupMessage *msg, gpointer user_data){
diff --git a/src/uzbl-core.h b/src/uzbl-core.h
index df9eb1a..998ea1d 100644
--- a/src/uzbl-core.h
+++ b/src/uzbl-core.h
@@ -122,6 +122,7 @@ typedef struct {
     gchar*   socket_dir;
     gchar*   download_handler;
     gchar*   cookie_handler;
+    gchar*   authentication_handler;
     gchar*   new_window;
     gchar*   default_font_family;
     gchar*   monospace_font_family;
@@ -389,6 +390,13 @@ run_external_js (WebKitWebView * web_view, GArray *argv, GString *result);
 void
 eval_js(WebKitWebView * web_view, gchar *script, GString *result);
 
+void
+handle_authentication (SoupSession *session,
+                            SoupMessage *msg,
+                            SoupAuth    *auth,
+                            gboolean     retrying,
+                            gpointer     user_data);
+
 void handle_cookies (SoupSession *session,
                             SoupMessage *msg,
                             gpointer     user_data);