Item11693: configure lets you install an extension before you set admin pwd, then fails.

install fresh

goto configure

goto install extension, pick one, hit install

do not set a pwd, or set any initial values.

you get'password not set', but not Ui to do so - you just get the normal enterpwd single input.

-- SvenDowideit - 24 Mar 2012

I don't get how the "Extensions" tab and button exist if you have not set the initial values. They are not rendered until the first save has been completed.

Unless someone is incorrectly shipping a pre-configured LocalSite.cfg. In which case, the initial password should probably be shipped with a default, since you are forcing configure to run in a non-standard sequence.

-- GeorgeClark - 24 Mar 2012

I suspect the "right" way to fix this is to change configure to use CGI::Session and require a login before accessing any parameters. I'm poking at that a little bit. Added FOSWIKICFGSID cookie and trying to get the login before allowing any access to the configuration. But it will be a bit before I know if it looks safe enough for 1.1.5.

-- GeorgeClark - 24 Mar 2012

good point, yes, these do ship with localsite's with no pwd.

I do this so that I can pre-load different defaults as its safer and produces a working foswiki :/

I've been doing it this way since I first built installers in 2006 - so I'd love for it to be supported

later - actually, this situation can come about if someone resets the password by deleting it from the cfg - a standard response to 'I've forgotten the pwd' - so y, we do need to deal with it.

-- SvenDowideit - 24 Mar 2012

I've checked in a rather big change to fix this. It probably doesn't even belong in trunk without a feature proposal.

• Adds CGI::Session support to Configure
• Sets a default session life of 60 minutes since last access, and save authority 5 minutes since session created.
• Prompts for password up front in order to access configure (except on first iteration)
• Prompts for password on save / extend / test email only if save access is stale
• Adds a checkbox to permit password change even if nothing has changed.

Trunk only for now.

-- GeorgeClark - 25 Mar 2012

I've checked in a much smaller change for 1.1.5

• Add the checkbox to permit a password change without changes to the config
• Added a warning that the password is not set and must be set before anything else can be done.

-- GeorgeClark - 26 Mar 2012

Cloned this task to Item11706 for Release 1.1.5. This task will be trunk only.

-- GeorgeClark - 30 Mar 2012

This is all moot, as configure has been completely rewritten. The session changes mentioned above are all discarded. Still waiting for release, but really no longer applies to 1.2.

-- GeorgeClark - 02 Nov 2014

Commenting is disabled while not logged in