Tags:
create new tag
, view all tags

Bug: Digest Authentication does not work

The User Handler not initialized properly if followed configuration instruction in TWiki.cfg

Test case

Setup Digest Authentication: $htpasswdFormatFamily = "htdigest"; I let the $htpasswdEncoding, and $htpasswdFilename to be decided based on the TWiki.cfg included logic. This end up in the following values: $htpasswdEncoding = "crypt"; $htpasswdFilename = "" The $htpasswdFilename is empty because of typo in inthe logic in the TWiki.cfg ("hdigest" shall be "htdigest" in the if statement) I modified it manuallt to "md5"

Then Register a new user give me error: Undefined subroutine &TWiki::User::NoPasswdUser::_htpasswdGeneratePasswd called at /var/www/twiki/lib/TWiki/User/NoPasswdUser.pm line 124.

Environment

TWiki version: TWikiRelease02Sep2004
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: RedHat Fedora
Web server: matuszak.dyndns.org
Perl version: 5.8.5
Client OS: Windows 2000
Web Browser: IE

-- MaciejMatuszak - 05 Mar 2005

Impact and Available Solutions

Follow up

Fix: The logic in TWiki.cfg need to be updated to reflect correct mappingbetween authentication type, password encodeing and file name.

As for the error it self I find that there is no case for "htdigest" in TWiki::User.initialize. This caused the user handler to be set to NoPasswdUser and the error as above. The following lines need to be added

elsif ( $TWiki::htpasswdFormatFamily eq "htdigest") { $UserImpl = "TWiki::User::HtPasswdUser"; }

This worked for me smile

-- MaciejMatuszak - 05 Mar 2005

I have to modify another script as the authentication mechanism require that the "realm" would be stored in .htdigest file as well. I believe the syntax of the .htdigest shall be: <user name>:<realm>:<encrypted password>

-- MaciejMatuszak - 07 Mar 2005

It would be really good if you could provide a patch against the Cairo release with all your changes. I can't quite work it out from your description.... frown

-- CrawfordCurrie - 07 Mar 2005

The code snippet above needs to go in lib/TWiki/User.pm under 'sub initialize' function:

sub initialize { %templateVars = (); if ( # (-e $TWiki::htpasswdFilename ) && #<<< maybe
( $TWiki::htpasswdFormatFamily eq "htpasswd" ) ) {
$UserImpl = "TWiki::User::HtPasswdUser";
} elsif ( $TWiki::htpasswdFormatFamily eq "htdigest" ) {
$UserImpl = "TWiki::User::HtPasswdUser";
} else {
$UserImpl = "TWiki::User::NoPasswdUser";
}
eval "use ".$UserImpl;
}

-- JustinCook - 22 Apr 2005

Thanks Justin. For those of you using DevelopBranch, this has been fixed for some time now. If anyone feels inclined to verify this (I only ran the unit tests) please feel free to do so! wink

-- CrawfordCurrie - 22 Apr 2005

Fix record

Discussion

Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r5 - 2005-04-22 - CrawfordCurrie
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.