• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item5302: Inconsistent user mapping api

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine   Normal No Action Required   n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


The user mappings are for mapping users. Why is there a password related API (checkPassword, setPassword, ...) in there? These calls are delegated to the PasswordManager anyway if it is called at all. Most of the time the user mappers password API is not used at all and the password manager is called directly.

-- TWiki:Main/MichaelDaum - 30 Jan 2008

at least 2 reasons

In TWikiUserMapping, the password system is used for emails, and for the no-login-name is the usermapping. And in the general case, the Password manager is often specific to a user mapper - in which case the feedback I got from people implementing the full suite, was that it was a waste to define a password manager class - they rather just implement that code in the user mapper.

As a concrete example - in the Joomla case, the usermapper implements the passoword verification, as the password lookup is pretty much the same as a user information lookup.

where the password manager is called directly, I would call that a bug - are there many?

-- TWiki:Main.SvenDowideit - 30 Jan 2008

shame that the commit is to do with the aggregator perltidy, and not the user mapping code - wish we could re-attribute commits

-- TWiki:Main.SvenDowideit - 30 Jan 2008

Sven, please look at all calls to checkPassword. You will soon see that most calls go to the password manager directly and don't use the redundant api in the user mapper.

-- TWiki:Main.MichaelDaum - 31 Jan 2008

that would be a bug - unless you are talking mostly about calls in the rego code, which is also somewhat TWikiUserMapping specific (ie has yet to be cleaned up)

-- TWiki:Main.SvenDowideit - 31 Mar 2008

Um, Micha, when I do a grep for checkPassword I don't see any calls that break the abstraction by accessing the password manager directly. They all seem to go through TWiki::Users like they are supposed to.

sven@quad:~/src/twiki/twiki/trunk/core/lib$ rgrep checkPassword *
TWiki/UserMapping.pm:---++ ObjectMethod checkPassword( $userName, $passwordU ) -> $boolean
TWiki/UserMapping.pm:sub checkPassword {
TWiki/Users/HtPasswdUser.pm:            return 0 unless $this->checkPassword( $login, $oldUserPassword );
TWiki/Users/HtPasswdUser.pm:sub checkPassword {
TWiki/Users/BaseUserMapping.pm:---++ ObjectMethod checkPassword( $userName, $passwordU ) -> $boolean
TWiki/Users/BaseUserMapping.pm:sub checkPassword {
TWiki/Users/ApacheHtpasswdUser.pm:sub checkPassword {
TWiki/Users/Password.pm:---++ ObjectMethod checkPassword( $login, $passwordU ) -> $boolean
TWiki/Users/Password.pm:sub checkPassword {
TWiki/Users/TWikiUserMapping.pm:        unless( $this->{passwords}->checkPassword( $login, $password )) {
TWiki/Users/TWikiUserMapping.pm:---++ ObjectMethod checkPassword( $userName, $passwordU ) -> $boolean
TWiki/Users/TWikiUserMapping.pm:sub checkPassword {
TWiki/Users/TWikiUserMapping.pm:    return $this->{passwords}->checkPassword( $userName, $pw );
TWiki/Users.pm:---++ ObjectMethod checkPassword( $userName, $passwordU ) -> $boolean
TWiki/Users.pm:sub checkPassword {
TWiki/Users.pm:      ->checkPassword( $userName, $pw );
TWiki/UI/Manage.pm:    unless( $users->checkPassword($user, $password)) {
TWiki/UI/Register.pm:              $users->checkPassword( $user, $oldpassword)) {
TWiki/LoginManager/TemplateLogin.pm:        my $validation = $users->checkPassword( $loginName, $loginPass );

and Thus, your bug report is aparently not a bug in TWiki 4.2 and beyond.

-- SvenDowideit - 03 Apr 2008

Summary Inconsistent user mapping api
ReportedBy TWiki:Main.MichaelDaum

SVN Range TWiki-5.0.0, Wed, 23 Jan 2008, build 16283
AppliesTo Engine

Priority Normal
CurrentState No Action Required

Checkins TWikirev:16314
TargetRelease n/a

Edit | Attach | Watch | Print version | History: r6 < r5 < r4 < r3 < r2 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r6 - 2008-04-03 - SvenDowideit
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback