Bug: Duplicated WikiName in .htpasswd Entry
When registering a new user, a new line is appended in file /twiki/data/.htpasswd . However, The user's name is duplicated. For example, the new user QwertyQwerty gets a line like the following:
QwertyQwerty:QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
where it should have been like the following:
QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
By using the first (incorrect) version, the user can't login, while if .htpasswd is corrected, with the second version, the user can login.
Test case
Enable authentication for file editing (with .htaccess). Register a new user. Attempt to edit a page. A login prompt appears. Attempt to login. It fails, even though you give the correct user name and password
Environment
--
GiorgosAkrivas - 17 Mar 2004
Follow up
The problem seems to stem from twiki/twiki/lib/TWiki/User/HtPasswdUser.pm. In sub _htpasswdGeneratePasswd, when processing "sha1" encodings, the user name is prepended to the final string. The username is already prepended in AddUserPassword, hence the duplication. I apologize for not submitting a diff but I've only just begun with TWiki and haven't had a chance to read the official patch how-to section yet.
--
IngoPeters - 28 May 2004
Fix record
Thanks Ingo.
This is now fixed and in
TWikiAlphaRelease. I do not have the environment to test, could someone help?
Change:
Index: HtPasswdUser.pm
===================================================================
--- HtPasswdUser.pm (revision 1527)
+++ HtPasswdUser.pm (working copy)
@@ -99,7 +99,7 @@
if( 'sha1' eq $TWiki::htpasswdEncoding ) {
- $encodedPassword = $user . ':{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
+ $encodedPassword = '{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
chomp $encodedPassword;
} elsif ( 'crypt' eq $TWiki::htpasswdEncoding ) {
--
PeterThoeny - 30 May 2004