Tags:
create new tag
, view all tags

Bug: If you use read-restricted webs (i.e. ALLOWWEBVIEV ist set to XY in WebPreferences) diff won't work

Reported by ChristianKohl:

If you use read-restricted webs (i.e. ALLOWWEBVIEV ist set to XY in WebPreferences) diff won't work. Although authenticated you always get a "view access denied" error. This bug(?) has already been described in DiffsFunctionDoesNotAuthenticateProperly for Bejing release. The patch supplied there is not applicable to Cairo release since the code has moved from bin/rdiff to lib/TWiki/UI/Rdiff.pm and has been significantly changed as well. -- ChristianKohl - 06 Sep 2004

Test case

  1. Make sure you are using basic authentication - set $doRememberRemoteUser = 0 in TWiki.cfg and disable all authenticating plugins (SiteMinderPlugin, SessionPlugin, SmartSessionPlugin, LoginNameAliasesPlugin etc)
  2. Create a new web and set a restrictive ALLOWWEBVIEV in its WebPreferences
  3. Try to diff any page (you can use one of the default pages, WebNotify for instance)

Environment

TWiki version: TWikiRelease01Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Debian 3.11
Web server: Apache 1.3.31
Perl version: 5.8
Client OS: All
Web Browser: All

-- SteffenPoulsen - 06 Sep 2004

Follow up

I have no problems with diff in authenticated webs. I am using SmartSessionPlugin, but perhaps just enabling $doRememberRemoteUser in TWiki.cfg will make diff work?

-- SteffenPoulsen - 06 Sep 2004

Since most of our users are using dynamic IPs remembering the remote user won't help us much. The SmartSessionPlugin is not installed at our site.

-- ChristianKohl - 07 Sep 2004

I tried to describe a testcase above, but haven't checked the procedure myself.

-- SteffenPoulsen - 07 Sep 2004

Yes, the testcase above mirrors our installation.

-- ChristianKohl - 07 Sep 2004

Support.AcessDeniedInPerlScripts is a support request for this issue.

If you are using SpeedyCGI, you can't authenticate rdiff as long as this bug is not solved. SmartSessionPlugin apparently can't pass the authentication parameters to rdiff.

So in other words, if you would like to be able to rdiff in authenticated webs, it looks like $doRememberRemoteUser = 1 in TWiki.cfg or the workaround at this page (authenticating all diffs) are two ways to proceed at present.

-- SteffenPoulsen - 19 Sep 2004

Workaround

Add an entry for rdiff in bin/.htaccess:

<Files "rdiff">
   require valid-user
</Files>

-- ArthurClemens - 19 Sep 2004

This workaround will make rdiff work in authenticated webs, as it will require authentication any time a user requests rdiff (i.e. in public webs too).

-- SteffenPoulsen - 19 Sep 2004

I think it has to be included in the installation documentation.

-- AndrzejGoralczyk - 19 Sep 2004

Thanks Arthur! This workaround does the trick. Looks like the Upgrade script did not copy the rdiff-entry ... .

-- ChristianKohl - 20 Sep 2004

Fix record

Edit | Attach | Watch | Print version | History: r10 < r9 < r8 < r7 < r6 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r10 - 2004-09-20 - ChristianKohl
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.