Item4819: viewauth redirect loops to death when Main and TWiki webs both are view denied for TWikiGuest

Something is broken in the redirect code which works fine in 4.1.2

• The TWiki is authenticated by simple Apache authentication (could be .htpasswd file or LDAP auth).
• No password manager is used.
• ApacheLogin is used.
• /bin/view is not authenticated. This is important because with LDAP auth each authentication can take 1-4 seconds so we only authenticate viewauth
• The TWiki must have no view access unless authenticated

The last bullet is handled in our Motorola TWiki simply by having Set DENYWEBVIEW = %USERSWEB/TWikiGuest in all webs.

However when you do this in 4.2.0 the browser is forwarded to

http://merlin.lavrsen.dk/twiki42/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome

And fails

In the apache access log I get

192.168.1.9 - - [14/Oct/2007:23:15:15 +0200] "GET /twiki/bin/view/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:16 +0200] "GET /twiki/bin/viewauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:17 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:18 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:19 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:20 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"
192.168.1.9 - - [14/Oct/2007:23:15:21 +0200] "GET /twiki/bin/viewauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauthauth/Main/WebHome HTTP/1.1" 302 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.7) Gecko/20070914 Firefox/2.0.0.7"

So something is rotten with the redirect. I never get to authenticate.

To reproduce setup a TWiki for

• $TWiki::cfg{LoginManager} = 'TWiki::LoginManager::ApacheLogin';
• $TWiki::cfg{UserMappingManager} = 'TWiki::Users::TWikiUserMapping';
• $TWiki::cfg{PasswordManager} = 'none';
• In Main WebPreferences: Set DENYWEBVIEW = TWikiGuest
• In TWiki WebPreferences: Set DENYWEBVIEW = TWikiGuest

With a fresh new browser try to look up Main.WebHome

This is another showstopper that prevents me to even try a beta at Motorola. Urgent bug.

-- TWiki:Main/KennethLavrsen - 14 Oct 2007

I was about to set this to "Waiting for Feedback" because I failed to reproduce, but then... The clue is that you're probably using your own httpd.conf: You are redirecting 401 status codes to /twiki/bin/view/TWiki/TWikiRegistration, but the TWiki web isn't allowed for TWikiGuest. It is now too late to go into details, but an empty =* Set DENYTOPICVIEW = = in TWiki.TWikiRegistration will cure the thing, redirecting you to the registration page. But in your case maybe a redirection to login would have been more appropriate?

Still setting to "Waiting for Feedback" because I can reproduce it, but I doubt that 4.1 was different in this case. Or was it?

-- TWiki:Main.HaraldJoerg - 14 Oct 2007

How silly of me.

Naturally that was the problem. I redirect to a static HTML on my current 4.1.2 Motorola installation. So I created an endless loop myself. Nothing wrong in the twiki code. I guess others could get in that situation so I will take an action we actually agreed at a release meeting. I will do this right away.

-- TWiki:Main.KennethLavrsen - 15 Oct 2007

I have checked in updated httpd and .htaccess files with an extra help comment to put attention to this special case.

I also updated the TWiki:TWiki.ApacheConfigGenerator so you can choose the default Apache 401 (no ErrorDocument directive)

-- TWiki:Main.KennethLavrsen - 15 Oct 2007

Cleaned "WaitingFor" field.

-- TWiki:Main.GilmarSantosJr - 10 Aug 2008