You are here: Foswiki>Tasks Web>Item1953 (04 Oct 2010, KennethLavrsen)Edit Attach

Item1953: Login manager generates an internal server error if the credentials can't be verified

pencil
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Reported By: MichaelDaum
Waiting For:
Last Change By: KennethLavrsen
Try an invalid login at http://trunk.foswiki.org/bin/login/Main/WebHome?origurl=/Main/WebHome.

Here is a temporary patch that fixes it again: 
--- lib/Foswiki/LoginManager.pm (revision 4700)
+++ lib/Foswiki/LoginManager.pm (working copy)
@@ -348,7 +348,8 @@
              $sessionUser && $sessionUser eq $Foswiki::cfg{AdminUserLogin});
     }

-    if (!$authUser) {
+    if (0 && # FLAWED CODE BELOW
+        !$authUser) {

         # if we couldn't get the login manager or the http session to tell
         # us who the user is, check the username and password URI params.
@@ -377,6 +378,8 @@
         }
     }

+    $authUser ||= $defaultUser;
+
     # We should have a user at this point; or $defaultUser if there
     # was no better information available.

-- MichaelDaum - 21 Aug 2009

A better workaround, that doesn't cripple URL logins, should be: 
Index: LoginManager.pm
===================================================================
--- LoginManager.pm   (revision 4727)
+++ LoginManager.pm   (working copy)
@@ -359,10 +359,11 @@
             my $validation = $pwchecker->checkPassword( $login, $pass );
             unless ($validation) {
                 my $res = $session->{response};
-                $res->header( -type => 'text/html', -status => '401' );
+#                $res->header( -type => 'text/html', -status => '401' );
                 my $err = "ERROR: (401) Can't login as $login";
-                $res->print($err);
-                throw Foswiki::EngineException( 401, $err, $res );
+#                $res->print($err);
+#                throw Foswiki::EngineException( 401, $err, $res );
+                undef $login;
             }
             $authUser = $login || $defaultUser;
             _trace($this, "URI params say user is $authUser");
(untested)

-- CrawfordCurrie - 31 Aug 2009

confirmed. patch applied unmodified to trunk, and login works on my testbed again.

mucho ta - ifyou don't commit it asap, I will smile

-- SvenDowideit - 02 Sep 2009

Please do - my trunk is all bunged up.

-- CrawfordCurrie - 10 Sep 2009

ItemTemplate edit

Summary Login manager generates an internal server error if the credentials can't be verified
ReportedBy MichaelDaum
Codebase
SVN Range Foswiki-1.0.0, Thu, 08 Jan 2009, build 1878
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor
Checkins distro:89740ef877a5 distro:b1993d7ca7ee
TargetRelease minor
ReleasedIn 1.1.0
Edit  | Attach | Print version | History: r11 < r10 < r9 < r8 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r11 - 04 Oct 2010, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy