Bug: Duplicated WikiName in .htpasswd Entry
When registering a new user, a new line is appended in file /twiki/data/.htpasswd . However, The user's name is duplicated. For example, the new user QwertyQwerty gets a line like the following:
QwertyQwerty:QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
where it should have been like the following:
QwertyQwerty:{SHA}sbN3OgXA7QF2eHpPFXT/AHX3Uh4
By using the first (incorrect) version, the user can't login, while if .htpasswd is corrected, with the second version, the user can login.
Test case
Enable authentication for file editing (with .htaccess). Register a new user. Attempt to edit a page. A login prompt appears. Attempt to login. It fails, even though you give the correct user name and passwordEnvironment
| TWiki version: | TWikiBetaRelease |
| TWiki plugins: | DefaultPlugin, EmptyPlugin, InterwikiPlugin |
| Server OS: | Windows XP |
| Web server: | Apache 1.3.29 |
| Perl version: | perl 5.8.2 |
| Client OS: | Windows XP |
| Web Browser: | Mozilla 1.5 |
Follow up
The problem seems to stem from twiki/twiki/lib/TWiki/User/HtPasswdUser.pm. In sub _htpasswdGeneratePasswd, when processing "sha1" encodings, the user name is prepended to the final string. The username is already prepended in AddUserPassword, hence the duplication. I apologize for not submitting a diff but I've only just begun with TWiki and haven't had a chance to read the official patch how-to section yet. -- IngoPeters - 28 May 2004Fix record
Thanks Ingo. This is now fixed and in TWikiAlphaRelease. I do not have the environment to test, could someone help? Change:
Index: HtPasswdUser.pm
===================================================================
--- HtPasswdUser.pm (revision 1527)
+++ HtPasswdUser.pm (working copy)
@@ -99,7 +99,7 @@
if( 'sha1' eq $TWiki::htpasswdEncoding ) {
- $encodedPassword = $user . ':{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
+ $encodedPassword = '{SHA}' . MIME::Base64::encode_base64( Digest::SHA1::sha1( $passwd ) );
chomp $encodedPassword;
} elsif ( 'crypt' eq $TWiki::htpasswdEncoding ) {
-- PeterThoeny - 30 May 2004 | WebForm | |
|---|---|
| TopicClassification | BugResolved |
| TopicSummary | Duplicated Wiki name in .htpasswd entry for sha1 encoding |
| InterestedParties | |
| AssignedTo | |
| AssignedToCore | PeterThoeny |
| ScheduledFor | CairoRelease |
| RelatedTopics | |
| SpecProgress | 100% |
| ImplProgress | 100% |
| DocProgress | 100% |
Topic revision: r6 - 31 May 2004 - 00:04:50 - PeterThoeny
Codev.DuplicatedWikiNameInHtpasswdEntry moved from Codev.TWikiRegistration on 18 Mar 2004 - 06:24 by PeterThoeny - put it back
-
Codev Web
-
Readme first
-
Developers News
-
Changes
-
Major Only
- All Webs
-
RSS Feed
-
Search
- Advanced
-
Topics of interest
-
Categories
-
All tags? / My tags
Create New Topic
Georgetown
TWiki 4.2.2- TWiki community
- TWiki marketing
- TWiki advocacy
- TWiki deployment
- Dev questions
- TWiki competition
- Usability
- Security
- Community
- How you can help
- Community roles
-
Answer Support questions
- Community
- #twiki (IRC)
- — logs
- Meet others
- Webs
-
Blog
- Codev
- Main
- Plugins
- Sandbox
- Support
- TWiki
- TWiki01
- TWiki02
- TWiki03
- TWiki04
- TWiki04x01
- TWiki04x02
 |
|
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding TWiki? Send feedback