[pmwiki-users] authentication problems (built-in and authuser)

Bronwyn Boltwood arndis at gmail.com
Thu Nov 24 23:33:24 CST 2005


On 11/24/05, Patrick R. Michaud <pmichaud at pobox.com> wrote:
>
> On Thu, Nov 24, 2005 at 11:05:42AM -0500, Bronwyn Boltwood wrote:
> >    4. tried to log in as gerry.  no welcome message or logout stuff in
> >    sidebar.  reload page -- same.  went to homepage, and now I can see
> that
> >    I'm logged in as gerry.
>
> This is actually correct behavior, although as things are set up it's not
> instantly obvious why.  The "gerry" account doesn't have edit permission
> to the Site.* pages, because of the edit password set in
> Site.GroupAttributes.
> So, (:if auth edit:) isn't true for "gerry" on any of the pages in the
> Site group.  Using (:if authid:) is a much better test to determine
> if someone is authenticated.


This does make sense.  I forgot because I had cleared that password back
when I was first setting up my dev wiki, and most of my other wikis have
only ever had one password.  I humbly suggest that the authtable add-on get
turned into a recipe or be added to the core? :)

I've fixed up the conditional markup in my dev wiki now.  Since I'd never
used authuser before -- I tried it out in hopes of fixing the login bugs! --
it didn't occur to me to check for something more suitable.

>    6. hit edit.  was asked for name and password.  gave gerry's
> credentials,
> >    submitted, page reloads still wanting credentials.  tried bronwyn
> account
> >    just in case.  same thing.  tried webmaster and pat accounts; same.
>
> Aha!  This is the same problem as PITS #00551, which I also couldn't
> resolve until now.  The problem turns out to be that after any
> unsuccessful login, the system always continued to use the first username
> that was entered even if a new one was entered.  This bug will be fixed
> for 2.1.beta4, and should resolve a lot of the oddities you've been
> seeing.


It does!  I've been putting in nonsense credentials followed by valid ones,
and it works nicely now.   So not only do I get my problem fixed, I've
actually been of service to the community! :)

>    I wonder how hard it is to have error messages for "bad password and
> >    username combination" and "insufficient rights".  They'd be helpful.
>
> I'm working on this for the updated authuser script.  Unsuccessful
> authentications will probably display "incorrect username/password
> combination", while unsuccessful authorizations will display
> something like "(read|edit|attr|admin) privileges required by
> (site|group|page)".  Although I haven't figured out a good way to
> i18n that yet.  :-|


It'll be a handy upgrade; might have kept me from crawling quite as far up
the wall as I did. :)  Um...what about getting translations for the entire
phrases
- incorrect username/password combination
- privileges required by

And word-by-word for
- read
- edit
- diff or history
- upload
- attr
- admin
- site
- group
- page

> > PmWiki 2.1 will have ?action=login available, which will display
> > > Site.AuthForm under the current url.  I think I'll do this for
> > > 2.1.beta4.
> >
> > Cool.  Not too far away then.  Hopefully before I need to give my "how
> to
> > edit" tutorial?  :)
>
> Well, 2.1.beta4 (just released) contains the bugfix for the previous
> item, so hopefully 2.1.beta5.  Depends on how much work I get done
> this evening... :-)


Now I can't decide whether to tell you to take a well-earned break, or crack
the whip on you. ;)  The read-protected login page now works nicely, but the
login recipe does not -- just reloads the page; no form. Maybe it's not
compatible with 2.1 betas?  Of course, there's some sense to just going with
the read-protected Site.Login -- it will be one more reassurance that they
did login successfully and that it has their name right.

In any case, thank you!

Bronwyn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20051125/e41bb241/attachment.html 


More information about the pmwiki-users mailing list