Tags:
create new tag
view all tags

Bug: Duplicated WikiName in .htpasswd Entry

When registering a new user, a new line is appended in file /twiki/data/.htpasswd . However, The user's name is duplicated. For example, the new user QwertyQwerty gets a line like the following:

QwertyQwerty:QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
where it should have been like the following:
QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
By using the first (incorrect) version, the user can't login, while if .htpasswd is corrected, with the second version, the user can login.

Test case

Enable authentication for file editing (with .htaccess). Register a new user. Attempt to edit a page. A login prompt appears. Attempt to login. It fails, even though you give the correct user name and password

Environment

TWiki version: TWikiBetaRelease
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: Windows XP
Web server: Apache 1.3.29
Perl version: perl 5.8.2
Client OS: Windows XP
Web Browser: Mozilla 1.5

-- GiorgosAkrivas - 17 Mar 2004

Follow up

The problem seems to stem from twiki/twiki/lib/TWiki/User/HtPasswdUser.pm. In sub _htpasswdGeneratePasswd, when processing "sha1" encodings, the user name is prepended to the final string. The username is already prepended in AddUserPassword, hence the duplication. I apologize for not submitting a diff but I've only just begun with TWiki and haven't had a chance to read the official patch how-to section yet.

-- IngoPeters - 28 May 2004

Fix record

Thanks Ingo.

This is now fixed and in TWikiAlphaRelease. I do not have the environment to test, could someone help?

Change:

Index: HtPasswdUser.pm
===================================================================
--- HtPasswdUser.pm     (revision 1527)
+++ HtPasswdUser.pm     (working copy)
@@ -99,7 +99,7 @@

     if( 'sha1' eq $TWiki::htpasswdEncoding ) {

-        $encodedPassword = $user . ':{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
+        $encodedPassword = '{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
         chomp $encodedPassword;

     } elsif ( 'crypt' eq $TWiki::htpasswdEncoding ) {

-- PeterThoeny - 30 May 2004

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r6 - 2004-05-31 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.