Item1953: Login manager generates an internal server error if the credentials can't be verified
Priority: Urgent
Current State: Closed
Released In: 1.1.0
Target Release: minor
Applies To: Engine
Component:
Branches:
Try an invalid login at
http://trunk.foswiki.org/bin/login/Main/WebHome?origurl=/Main/WebHome.
Here is a temporary patch that fixes it again:
--- lib/Foswiki/LoginManager.pm (revision 4700)
+++ lib/Foswiki/LoginManager.pm (working copy)
@@ -348,7 +348,8 @@
$sessionUser && $sessionUser eq $Foswiki::cfg{AdminUserLogin});
}
- if (!$authUser) {
+ if (0 && # FLAWED CODE BELOW
+ !$authUser) {
# if we couldn't get the login manager or the http session to tell
# us who the user is, check the username and password URI params.
@@ -377,6 +378,8 @@
}
}
+ $authUser ||= $defaultUser;
+
# We should have a user at this point; or $defaultUser if there
# was no better information available.
--
MichaelDaum - 21 Aug 2009
A better workaround, that doesn't cripple URL logins, should be:
Index: LoginManager.pm
===================================================================
--- LoginManager.pm (revision 4727)
+++ LoginManager.pm (working copy)
@@ -359,10 +359,11 @@
my $validation = $pwchecker->checkPassword( $login, $pass );
unless ($validation) {
my $res = $session->{response};
- $res->header( -type => 'text/html', -status => '401' );
+# $res->header( -type => 'text/html', -status => '401' );
my $err = "ERROR: (401) Can't login as $login";
- $res->print($err);
- throw Foswiki::EngineException( 401, $err, $res );
+# $res->print($err);
+# throw Foswiki::EngineException( 401, $err, $res );
+ undef $login;
}
$authUser = $login || $defaultUser;
_trace($this, "URI params say user is $authUser");
(untested)
--
CrawfordCurrie - 31 Aug 2009
confirmed. patch applied unmodified to trunk, and login works on my testbed again.
mucho ta - ifyou don't commit it asap, I will
--
SvenDowideit - 02 Sep 2009
Please do - my trunk is all bunged up.
--
CrawfordCurrie - 10 Sep 2009