[pmwiki-users] authentication problems (built-in and authuser)
Bronwyn Boltwood
arndis at gmail.com
Thu Nov 24 23:33:24 CST 2005
On 11/24/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> On Thu, Nov 24, 2005 at 11:05:42AM -0500, Bronwyn Boltwood wrote:
> > 4. tried to log in as gerry. no welcome message or logout stuff in
> > sidebar. reload page -- same. went to homepage, and now I can see
> that
> > I'm logged in as gerry.
>
> This is actually correct behavior, although as things are set up it's not
> instantly obvious why. The "gerry" account doesn't have edit permission
> to the Site.* pages, because of the edit password set in
> Site.GroupAttributes.
> So, (:if auth edit:) isn't true for "gerry" on any of the pages in the
> Site group. Using (:if authid:) is a much better test to determine
> if someone is authenticated.
This does make sense. I forgot because I had cleared that password back
when I was first setting up my dev wiki, and most of my other wikis have
only ever had one password. I humbly suggest that the authtable add-on get
turned into a recipe or be added to the core? :)
I've fixed up the conditional markup in my dev wiki now. Since I'd never
used authuser before -- I tried it out in hopes of fixing the login bugs! --
it didn't occur to me to check for something more suitable.
> 6. hit edit. was asked for name and password. gave gerry's
> credentials,
> > submitted, page reloads still wanting credentials. tried bronwyn
> account
> > just in case. same thing. tried webmaster and pat accounts; same.
>
> Aha! This is the same problem as PITS #00551, which I also couldn't
> resolve until now. The problem turns out to be that after any
> unsuccessful login, the system always continued to use the first username
> that was entered even if a new one was entered. This bug will be fixed
> for 2.1.beta4, and should resolve a lot of the oddities you've been
> seeing.
It does! I've been putting in nonsense credentials followed by valid ones,
and it works nicely now. So not only do I get my problem fixed, I've
actually been of service to the community! :)
> I wonder how hard it is to have error messages for "bad password and
> > username combination" and "insufficient rights". They'd be helpful.
>
> I'm working on this for the updated authuser script. Unsuccessful
> authentications will probably display "incorrect username/password
> combination", while unsuccessful authorizations will display
> something like "(read|edit|attr|admin) privileges required by
> (site|group|page)". Although I haven't figured out a good way to
> i18n that yet. :-|
It'll be a handy upgrade; might have kept me from crawling quite as far up
the wall as I did. :) Um...what about getting translations for the entire
phrases
- incorrect username/password combination
- privileges required by
And word-by-word for
- read
- edit
- diff or history
- upload
- attr
- admin
- site
- group
- page
> > PmWiki 2.1 will have ?action=login available, which will display
> > > Site.AuthForm under the current url. I think I'll do this for
> > > 2.1.beta4.
> >
> > Cool. Not too far away then. Hopefully before I need to give my "how
> to
> > edit" tutorial? :)
>
> Well, 2.1.beta4 (just released) contains the bugfix for the previous
> item, so hopefully 2.1.beta5. Depends on how much work I get done
> this evening... :-)
Now I can't decide whether to tell you to take a well-earned break, or crack
the whip on you. ;) The read-protected login page now works nicely, but the
login recipe does not -- just reloads the page; no form. Maybe it's not
compatible with 2.1 betas? Of course, there's some sense to just going with
the read-protected Site.Login -- it will be one more reassurance that they
did login successfully and that it has their name right.
In any case, thank you!
Bronwyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20051125/e41bb241/attachment.html
More information about the pmwiki-users
mailing list