• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.
This is with TemplateLogin and HtPasswdUser.

Found this in a 4.0.5 installation, apparently the same problem is with MAIN.

-- SP

I have just verified that this bug is NOT PRESENT.

I bet the problem is that you have mistakenly setup require valid user for the entire bin directory.

Discarding. Reopen if I am wrong.

KJL

You are probably right that this is due to one of the default settings that needs to be overridden locally.

The problem is easily reproducible right here at dto: http://develop.twiki.org/~twiki4/cgi-bin/view/TWiki/ResetPassword (iow: apparently the choice of login manager is not important).

I'm setting this normal / waiting for feedback, hoping for an explanation of why the default settings do not allow for the reset password operation.

-- SP

Apparently the user I was trying to reset was not listed in TWikiUsers, only in .htpassword.

As the reset procedure works ok under these circumstances if logged in, I think it would be reasonable if the reset also worked if requested from a non-authenticated state.

-- SP

Yes and no. If you use LDAP auth you can very well be authenticated and still you cannot reset the password.

We can continue the discussion on best behavour but at least it is not a release blocker issue. Setting to normal

KJL

That's alright, I think mostly large user bases where the twikiusers page has been split up/refactored (like twiki.org) is hit by this. Regular installations shouldn't pose a problem.

-- SP

Steffen, when you get a chance, could you test and see if this is still the case? There have been an awful lot of changes in this part of the code, and I suspect this problem has just "gone away".

Ta,

CC

Simple test: Trying to reset your password as TWikiGuest at http://develop.twiki.org/~twiki4/cgi-bin/view/TWiki/ResetPassword currently gives you a login prompt (r13779).

-- TWiki:Main.SteffenPoulsen - 17 May 2007

Sorry Stefffen, but no cigar; as you know, registration is blocked on d.t.o, and the apache config set up accordingly, so it's not really a representative test. And this platform is SNAFU at the moment as well, so if you could verify the issue on some other platform, that would be great, thanks.

-- CrawfordCurrie - 20 May 2007

Good point, I should have stated explicitly that the behavior I got locally was the same (and still is).

-- TWiki:Main.SteffenPoulsen - 20 May 2007

See also: Item3593 which is reporting the same problem.

I can't reproduce this problem on MAIN, even after deleting myself from TWikiUsers. Can anyone else?

CC

the re-write of this code from Item3954 so that AllowLoginName=off uses htpasswd, not twikiusers (as no mapping is needed) should have resolved this

Steffen, can you please goto RegisterTests.pm and add a unit test that reproduces this problem (by setting the necessary TWiki::cfg{} values??

otherwise, i'll close this, due to re-implementation and await a new report

-- SvenDowideit - 01 Jun 2007

No special settings necessary. Delete LocalSite.cfg and after a new default configure is run, just add

$TWiki::cfg{LoginManager} = 'TWiki::LoginManager::TemplateLogin';

to LocalSite.cfg and the problem is there (actually, r14023 won't allow a reset even if the user is in TWikiUsers, so I'm (temporarily?) raising this to Urgent).

When you try to reproduce this, please be sure you trigger ResetPassword as TWikiGuest (else the reset works OK).

I won't promise I can produce a testcase, but I will give it a try.

-- TWiki:Main.SteffenPoulsen - 03 Jun 2007

Tried out r14256 out today, in which this Item appears to have a new nature - while it is now possible to request a password reset, I get:

  • Template login: "Unrecognised user and/or password / Error: Invalid user/password" when I am trying to change it using TWiki.ChangePassword
  • Apache login: "Access check on TWiki.WebHome failed. Action "manage": authentication required."

-- TWiki:Main.SteffenPoulsen - 23 Jun 2007

ok, I've done what you say Stefen - in r14255, and reset and then change works - I've also added a unit test for this to RegisterTests.pm (its a new verify_ test, so it actually gets tested over several different cfg values)

please close this if you find it works on a fresh checkout for you, or use that fresh checkout to help me know what else i need to do to reproduce the issue.


Could it be that you are not logged in as TWikiGuest while you are trying to change the password? What I was trying to describe is behaviour in a non-authenticated stage.

If this is turning into a spec change for ChangePassword now, perhaps we should change it to request authentication up front?

-- TWiki:Main.SteffenPoulsen - 23 Jun 2007

I am definatly not logged in - ie, am TWikiGuest. as far as i can see, its not a spec change, I'm just unable to re-produce your problem. Thus, need more info from you.

-- TWiki:Main.SvenDowideit - 24 Jun 2007

I would like to have some feedback from others how their ChangePassword reacts atm? It can't say it is not related to my setup, I'm seing some I18N behaviour at the moment I cannot understand, this might affect this Item.

-- TWiki:Main.SteffenPoulsen - 24 Jun 2007

sadly, for each test system i have setup, (currently only linux and osx, though i'm working on windows and solaris soonish) it works fine frown and the test I wrote to replicate your issue also works.

I18N is not something you mentioned previously, so It means you need to give much more precise, and much more accurate information of how you are set up.

-- TWiki:Main.SvenDowideit - 24 Jun 2007

I'm putting this on hold, hopefully I will have some time to return to it next weekend and understand it more fully / make a better report.

-- TWiki:Main.SteffenPoulsen - 25 Jun 2007

While waiting for me to figure out a way to not have this problem show up in my setup, feel free to try and change your password using ChangePassword here at dto - it shows the same behaviour.

I know it is said that dto setup can't be trusted etc etc, but during the timeline of this bug it has behaved exactly like my setup with regard to reset and change (and still does). Please give it a try (as TWikiGuest).

-- TWiki:Main.SteffenPoulsen - 03 Jul 2007

Darn, seems I had a few extra /templates which is no longer in SVN - cleaning up those made both the reset password and the I18N trouble disappear. Probably the same issue exists here at dto.

Sorry for the fuss on this one :-/

-- TWiki:Main.SteffenPoulsen - 06 Jul 2007

Cleaned "WaitingFor" field.

-- TWiki:Main.GilmarSantosJr - 10 Aug 2008

ItemTemplate
Summary TWiki.ResetPassword fails with "cannot find user" if not authenticated and user not in Main.TWikiUsers
ReportedBy TWiki:Main.SteffenPoulsen
Codebase

SVN Range TWiki-4.1.0, Thu, 04 Jan 2007, build 12435
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins TWikirev:14255
TargetRelease minor
ReleasedIn 4.2.0
Edit | Attach | Watch | Print version | History: r28 < r27 < r26 < r25 < r24 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r28 - 2008-08-10 - GilmarSantosJr
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback