Feedback on AuthPagePlugin

-- CrawfordCurrie - 24 March 2005

I realy would like to see this work with Dakar.

-- MichaelDaum - 26 Mar 2005

Thank you very much Crawford for contributing so much to the community, including this new Plugin

I made some minor edits to the Plugin topic. The Plugin topic stats not to edit it, but there are too many details to describe in detail, please see the debug diff. Changes are mainly on XHTML compliance, added required SHORTDESCRIPTION setting, fixing heading levels, adding more detail to the Plugin Info table (based on latest template).

How about measuring and documenting the PluginBenchmarks?

-- PeterThoeny - 27 Mar 2005

Oops, the topic fixes I did are gone now. This is the second time that it happended recently.

Shall we review the process for providing feedback on the topic text? Obviously it is not working...

-- PeterThoeny - 30 Mar 2005

Michael, I have it working with Dakar here, I will release shortly.

I thought the process was that feedback goes in the dev topic. That is why the plugin topic is clearly marked "do not edit this topic" in an HTML comment.

I use the BuildContrib to upload new plugin releases, so the topic on TWiki.org is just a copy of what is in CVS. Changes only get into CVS via this topic.

-- CrawfordCurrie - 30 Mar 2005

It is not practical to describe in the Dev topic in detail each change that is needed to the Plugins topic, the reason I posted the debug diff on 27 Mar. So this topic has a link to the proposed changes

-- PeterThoeny - 30 Mar 2005

As discussed over IM with Crawford, here is another try to help fix the Plugin topic text:

• Escaped links to itself (confusing for user)
• Removed extra link to AuthPagePluginDev topic
• Fixed heading levels
• Fixed some broken links
• Fixed XHTML issues in HTML table tags and image tags (page validates now)
• Fixed rendering issue of pre tag in bullets
• Added Appraisal link and Benchmark rows

See debug diff for details.

-- PeterThoeny - 31 Mar 2005

The latest svn changes on DEVELOP broke this plugin.

Other remarks:

1. there's a naming confusion between login and logon
2. there's no way to logout (un-authenticated) other than loggin in as guest
3. should there be any difference between "authenticated as guest" and "not authenticated"?
4. TWiki::Plugins::AuthPagePlugin::logon() should check for query->path_info() like

    if (!$origurl) {
      my $pathinfo = $query->path_info();
      if ($pathinfo =~ /\/(.*?)\/(.*)/) {
        $origurl = TWiki::Func::getViewUrl($1, $2);
      }
    }

-- MichaelDaum - 04 Apr 2005

1. Yes
2. Correct. Logout would require the cookie to be cleared/deleted, and there's no way to do this. It would be trivially simple to do, though.
3. If you create a TWikiGuest user, the only difference will be that the SESSION_IS_AUTHENTICATED etc tags will be set if the user is authenticated. If you don't create TWikiGuest as a user, then there can be no confusion, as TWikiGuest is always an unauthenticated user.
4. So you can .../login/Web/TopicName. Yes, probably a good idea, though I'm not sure exactly where you'd use it.

-- CrawfordCurrie - 06 Apr 2005

There is a substantial feature overlap with the ApplicationAuthenticationAddOn which also promises to secure attachments and allows to logout ...

-- MichaelDaum - 08 Apr 2005

So there is .... wish I'd seen it before I wrote this plugin!

-- CrawfordCurrie - 09 Apr 2005

I had an opportunity to install this and add an LDAP authentication Validator.. THANK YOU.. Exactly what I was looking for..

One tiny doc bug

the comments in AuthPagePlugin.pm says if Validator returns NON-ZERO it is an Error

If there is no username in the query or the username/password is invalid (validate returns non-zero) then it prompts again.

BUT the samples return the test STRING "SUCCESS" which is a NON-ZERO entity, and the code checks for non-zero as a POSITIVE result

my $validation =
              TWiki::Plugins::AuthPagePlugin::Validator::validate
                  ( $loginName, $loginPass, $twikiSession );
            if( $validation ) { <---- if true (non-zero)

my $validation =
              TWiki::Plugins::AuthPagePlugin::Validator::validate
                  ( $loginName, $loginPass, $twikiSession );
            if( !$validation ) {

I installed ApplicationAuthenticationAddOn as well, and its 'Logoff' function works here. AuthPagePlugin has the passive approach to protecting changes thru controlling access to the scripts, while ApplicationAuthenticationAddOn controls access to the content topics, and NOT the scripts, all at the Application level (not using server basic Auth)

-- SamDetweiler - 07 May 2005

Sam, does your setup work on DevelopBranch too? Could you provide a concise installation guide for less gifted admins like me?

-- FranzJosefSilli - 08 May 2005

Sorry Franz, what did you want? The logoff for use with AuthPagePlugin?

I just uploaded a zip file containing all the patches, mods, new files and instructions.

-- SamDetweiler - 08 May 2005

Uploaded an update to the instructions to fix the WebLeftBar template loading so that the login/off buttons work. From the ApplicationAuthAddOn project

-- SamDetweiler - 08 May 2005

Let's get this as-is into DakarPreview1, and target for the incorporation of the other features from the AddOn before Dakar's release.

The plethora of plugins and addons is unmanageble. Useful fixes of missing functionality like these should be in or as close to the core as possible.

-- MartinCleaver - 13 Jul 2005

Hi!

I make the login.globalFree2.tmpl and it is not used when I try to login by an web using the globalFree2 skin.

In the AuthPagePlugin.pm exist the logon sub. The readTemplate( $name, $skin ) need the skin on the $origurl to use de same interface. So... to use TWiki::Func::getSkin() is a wrong way.

I make this change to work:

   - my $tmpl = TWiki::Func::readTemplate( 'login', TWiki::Func::getSkin() );

   + $origurl =~ m{.*(view|edit|attach)[^/]*/([^/]+)};
   + my $skin = TWiki::Func::getPreferencesValue( 'SKIN', $2 ) || "";
   + my $tmpl = TWiki::Func::readTemplate( 'login', $skin );

And I don't understand this: "TODO: add JavaScript password encryption in the template to use a template" I can help, but... encryption?

-- AurelioAHeckert - 22 Jul 2005

Hi, i have installed twiki and i wont to add new users but in the registration form does not have the password field and re-enter password... What can i do to resolve this question!Can anybody help?Thanks...

-- JoaquimFerreira - 01 Aug 2005

I just installed this on my Unix account with my ISP. I needed it because the ISP requires cgi scripts to run in a designated folder, and for security, overrides any .htaccess files in that folder.

It works great, except I found a bug in login.tmpl due to the fact that my ISP also requires that all cgi scripts have a .cgi extension.

The url in the <form action> tag in login.tmpl needs to have the %SCRIPTSUFFIX% variable at the end ,or the login sends you off into the ether:

<form action='%SCRIPTURL%/login' method='POST'>

should instead be:

<form action='%SCRIPTURL%/login%SCRIPTSUFFIX%' method='POST'>

-- PeteDussin - 17 May 2006

Pete, I assume you are aware that the plugin is not required for TWiki version 4 and beyond? The functionality is now fully integrated into TWiki, as the TemplateLogin Manager.

-- CrawfordCurrie - 18 May 2006