SID-01538: Change Password page not work

Status:	Answered	TWiki version:	5.1.1	Perl version:	v5.14.2
Category:	CategoryAuthentication	Server OS:	Ubuntu Server 12.04.1 LTS	Last update:	13 years ago

I have twiki5.0 setup on ubuntu9 and twiki5.1 on openbsd5.0 and it works. I start new project with ubuntu server12 and twiki5.1.1. I had install all environment so /bin/configure was without any error and I start to testing. I logged in as "admin" with "configure" password and create first user. then I log off and login with that user and proceed to "Reset password". I typed twikiname of my user and check email with system generated password. I log out and login again with that pass and hit to the "Change Password" page, where I type temporary password and new password twice. then click button "Change Password" and .. nothing, just the same page. complete log from /var/www/data:

192.168.5.1 - - [20/Sep/2012:17:57:52 +0200] "GET /bin/view/Main/PavPot HTTP/1.1" 200 8312
192.168.5.1 - - [20/Sep/2012:17:57:55 +0200] "GET /bin/login/Main/PavPot?origurl=/bin/view/Main/PavPot HTTP/1.1" 200 2822
192.168.5.1 - - [20/Sep/2012:17:58:03 +0200] "POST /bin/login/Main/PavPot HTTP/1.1" 302 429
192.168.5.1 - - [20/Sep/2012:17:58:03 +0200] "GET /bin/view/Main/PavPot?twiki_redirect_cache=4fc493337ed2ba8a7778e9a06161c431 HTTP/1.1" 302 8645
192.168.5.1 - - [20/Sep/2012:17:58:04 +0200] "GET /bin/view/TWiki/ChangePassword?username=PavPot;mcp=1 HTTP/1.1" 200 7009
192.168.5.1 - - [20/Sep/2012:17:58:17 +0200] "POST /bin/manage/TWiki/WebHome HTTP/1.1" 302 10163
192.168.5.1 - - [20/Sep/2012:17:58:17 +0200] "GET /bin/view/TWiki/ChangePassword?username=PavPot;mcp=1 HTTP/1.1" 200 7006

also I'm confuse when "configure" make such change that I never seen: 6 configuration items were changed {AccessibleENV} {UploadFilter} {LoginNameFilterIn} {MailerContrib}{EmailFilterIn} {NameFilter} {RCS}{asciiFileSuffixes}

$TWiki::cfg{LoginNameFilterIn} = qr/(?^:(?^:(?^:(?^:(?^:^[^\s\*?~^\$@%`"'&;|<>\x00-\x1f]+$)))))/; 
$TWiki::cfg{UploadFilter} = qr/(?^:(?^:(?^:(?^:(?^:^(\.htaccess|.*\.(?i)(?:php[0-9s]?(\..*)?|[sp]htm[l]?(\..*)?|pl|py|cgi))$)))))/; 

and other. when I did compare LocalSite.cfg with another my twiki *.cfg I was in shock, because that lines are present like:

$TWiki::cfg{LoginNameFilterIn} = '^[^\\s\\*?~^\\$@%`"\'&;|<>\\x00-\\x1f]+$';

$TWiki::cfg{LoginNameFilterIn} = qr/(?^:(?^:(?^:(?^:(?^:^[^\s\*?~^\$@%`"'&;|<>\x00-\x1f]+$)))))/;

please help to understand my trouble. thanks.

-- PavelPatcheptsov - 2012-09-20

Discussion and Answer

You can't change/reset the password of the "amin" user. Remove the $TWiki::cfg{Password} line in twiki/lib/LocalSite.cfg, then run configure to set the password.

-- PeterThoeny - 2012-09-20

no. I create twiki user. make place him to twikiadmingroup. and now I login as first twiki user with name PavPot with full admin right. but when I test "I forgot my password" from login screen I type "PavPot" and recieve mail with

Login name "PavPat" Your password has been changed to "b2TH0Nw0". Please visit http://192.168.2.55/bin/view/TWiki/ChangePassword to change your password to something more memorable for you.

I proceed, enter temporary pass, enter twice new password, press Change Password..and nothing changed. In another my twiki installs page with OK displayed.

-- PavelPatcheptsov - 2012-09-21

Not sure. Make sure the {Register}{AllowLoginName} configure setting if off if you use TWiki's internal password manager.

-- PeterThoeny - 2012-09-23

my setting {Register}{AllowLoginName} is off in "configure". I use TWiki::LoginManager::TemplateLogin and TWiki::Users::TWikiUserMapping and TWiki::Users::HtPasswdUser

-- PavelPatcheptsov - 2012-09-23

Sorry, I can't spend more free time to debug. If you get involved with the TWiki community you are more likely to get free support. Consider hiring a consultant if you need timely help.

-- PeterThoeny - 2012-09-24

resolved for me. I commented FilesMatch and it's helped.

<Directory "/var/www/twiki/bin">
    AllowOverride None
    Order Allow,Deny
    Allow from all
    Deny from env=blockAccess
    Options ExecCGI FollowSymLinks
    SetHandler cgi-script

    AuthUserFile /var/www/twiki/data/.htpasswd
    AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith)'
    AuthType Basic

    # File to return on access control error (e.g. wrong password)
    ErrorDocument 401 /bin/view/TWiki/TWikiRegistration

    <FilesMatch "^(configure)$">
        SetHandler cgi-script
        Order Deny,Allow
        Deny from all
#        Allow from 192.168.5.1
#        Require user admin
#        Satisfy Any
    </FilesMatch>

#    <FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
#        Require valid-user
#    </FilesMatch>
</Directory>

-- PavelPatcheptsov - 2012-09-25

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.