• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item4819: viewauth redirect loops to death when Main and TWiki webs both are view denied for TWikiGuest

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal Closed   minor 4.2.0

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

Something is broken in the redirect code which works fine in 4.1.2
  • The TWiki is authenticated by simple Apache authentication (could be .htpasswd file or LDAP auth).
  • No password manager is used.
  • ApacheLogin is used.
  • /bin/view is not authenticated. This is important because with LDAP auth each authentication can take 1-4 seconds so we only authenticate viewauth
  • The TWiki must have no view access unless authenticated
The last bullet is handled in our Motorola TWiki simply by having Set DENYWEBVIEW = %USERSWEB/TWikiGuest in all webs.

However when you do this in 4.2.0 the browser is forwarded to

http://merlin.lavrsen.dk/twiki42/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome

And fails

In the apache access log I get

192.168.1.9 - - [14/Oct/2007:23:15:15 +0200] "GET /twiki/bin/view/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"

So something is rotten with the redirect. I never get to authenticate.

To reproduce setup a TWiki for

  • $TWiki::cfg{LoginManager} = 'TWiki::LoginManager::ApacheLogin';
  • $TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping';
  • $TWiki::cfg{PasswordManager} = 'none';
  • In Main WebPreferences: Set DENYWEBVIEW = TWikiGuest
  • In TWiki WebPreferences: Set DENYWEBVIEW = TWikiGuest
With a fresh new browser try to look up Main.WebHome

This is another showstopper that prevents me to even try a beta at Motorola. Urgent bug.

-- TWiki:Main/KennethLavrsen - 14 Oct 2007

I was about to set this to "Waiting for Feedback" because I failed to reproduce, but then... The clue is that you're probably using your own httpd.conf: You are redirecting 401 status codes to /twiki/bin/view/TWiki/TWikiRegistration, but the TWiki web isn't allowed for TWikiGuest. It is now too late to go into details, but an empty =* Set DENYTOPICVIEW = = in TWiki.TWikiRegistration will cure the thing, redirecting you to the registration page. But in your case maybe a redirection to login would have been more appropriate?

Still setting to "Waiting for Feedback" because I can reproduce it, but I doubt that 4.1 was different in this case. Or was it?

-- TWiki:Main.HaraldJoerg - 14 Oct 2007

How silly of me.

Naturally that was the problem. I redirect to a static HTML on my current 4.1.2 Motorola installation. So I created an endless loop myself. Nothing wrong in the twiki code. I guess others could get in that situation so I will take an action we actually agreed at a release meeting. I will do this right away.

-- TWiki:Main.KennethLavrsen - 15 Oct 2007

I have checked in updated httpd and .htaccess files with an extra help comment to put attention to this special case.

I also updated the TWiki:TWiki.ApacheConfigGenerator so you can choose the default Apache 401 (no ErrorDocument directive)

-- TWiki:Main.KennethLavrsen - 15 Oct 2007

Cleaned "WaitingFor" field.

-- TWiki:Main.GilmarSantosJr - 10 Aug 2008

ItemTemplate
Summary viewauth redirect loops to death when Main and TWiki webs both are view denied for TWikiGuest
ReportedBy TWiki:Main.KennethLavrsen
Codebase 4.2.0, ~twiki4
SVN Range TWiki-4.3.0, Fri, 12 Oct 2007, build 15261
AppliesTo Engine
Component

Priority Normal
CurrentState Closed
WaitingFor

Checkins TWikirev:15285 TWikirev:15286
TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r9 - 2008-08-10 - GilmarSantosJr
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback