Item5807: Topic edition without previous log in results in edition of log in screen (trunk TSA)

pencil
Priority: Urgent
Current State: Closed
Released In: 1.0.0
Target Release: patch
Applies To: Engine
Component: Log in
Branches:
Reported By: TWiki:Main.SebastianKlus
Waiting For:
Last Change By: KennethLavrsen
Trying to edit a topic without having logged in oneself before, leads automatically to the WYSIWYG editor, but editing the log in screen itself instead of the page one wanted to edit originally. I suppose it sounds a little confusing, so I will try to explain myself step by step:

  1. I am watching any TWiki topic without being logged in. So in the menu on the left side appears Log in or Register.
  2. I touch the Edit button or use the commando Raw edit.
  3. TWiki requests username and password.
  4. After entering my data, I should be forwarded to the editor, showing the page I want to edit. But instead I am forwarded to an editor showing the log in screen (see also attached image below).

  • HELP When I log in before trying to edit a page, everything works fine.

  • Screenshot of WYSIWYG editor with log in screen:
    screenshot.png

-- TWiki:Main/SebastianKlus - 23 Jul 2008

Are you using template or apache login?

What are the settings in configure related to security?

-- TWiki:Main.KennethLavrsen - 23 Jul 2008

Security settings are:
{SafeEnvPath} = /bin:/usr/bin
{UseClientSessions} enabled
{LoginManager} = TWiki::LoginManager::TemplateLogin
{UserMappingManager} = TWiki::Users::TWikiUserMapping
{Register}{AllowLoginName} disabled
{Register}{EnableNewUserRegistration} enabled
{Register}{NeedVerification} disabled
{PasswordManager} = TWiki::Users::HtPasswdUser
{MinPasswordLength} = 1
{Htpasswd}{FileName} = /var/www/svn/twiki/core/data/.htpasswd
{Htpasswd}{Encoding} = crypt

Basically standard svn configuration.

-- TWiki:Main.SebastianKlus - 24 Jul 2008

I have tried to reproduce this

I have used the same security settings. I do not see this problem.

Did you recently change from Apache to Template login?

One major difference between the two is that with Template login only the configure script needs to be protected by a httpd config file or .htaccess file. With Apache login you authenticate a list of scripts in the bin directory.

When you change from Apache to Template it is easy to forget to remove the lines from the apache config that authenticates the bin files and then you end up with a strange double authentication.

Also what version of TWiki is this in? 4.2.0? 4.2.1 SVN code? Or trunk checked out from SVN?

-- TWiki:Main.KennethLavrsen - 24 Jul 2008

Sorry for the lacking details.

First of all, I am checking out the trunk from SVN.

I just went through the various revisions and the problem seems starting to occur with revision 17070. I cannot exactly figure out in what revision, as around rev. 17070 there seem to be some software errors (at least this is what appears as error message in my browser), but I can confirm that after that rev. the described problem is persistent.

Just to avoid any missunderstandings and to make sure I explained myself well:
The problem is not the login. The problem is that after the login (which is successful), the editor shows the login screen again, as if I wanted to edit it. That means that instead of the topic I am originally coming from and that I want to edit, the login screen as it can be seen in the attached image shows up within the edit box.

Following the URLs that are shown in my browser:
  • URL of starting topic: http://localhost/svn/twiki/core/bin/view/Sandbox/PruebaSandbox
  • URL when clicking on the [Edit] button: http://localhost/svn/twiki/core/bin/login/Sandbox/PruebaSandbox?origurl=/svn/twiki/core/bin/edit/Sandbox/PruebaSandbox%3ft%3d1216958377;t=1216958377
    • Here I am redirected to the login screen, which is fine because I have not logged in at that time.
  • URL after login: http://localhost/svn/twiki/core/bin/edit/Sandbox/PruebaSandbox?twiki_redirect_cache=0a4b41b959dd851887c60ed0cbf89105
    • This is when the login screen appears again but within the edit box!

Another curiosity by the way: The title of the edit screen shows WebHome (edit) (see also image above) although it should say PruebaSandbox (edit).

And just to make it perfectly confusing wink All of this does not happen, when I log in before trying to edit the PruebaSandbox topic.

-- TWiki:Main.SebastianKlus - 25 Jul 2008

That makes a big difference.

There will be many bugs related to the stand alone rewrite in trunk.

Right now I focus 100% on getting 4.2.1 out and each time a new urgent bug blocks the release I am all over it.

So please everyone make sure you write clearly that it is a trunk only bug.

I actually took the time to try template login in trunk editing a page without being logged in first. And I do not see your problem.

When you svn updated the trunk did you remember to delete viewauth and svn update? In the "old days" you would have a copy of view called viewauth but it was not one you checked out of svn. Gilmar added the viewauth script as part of his changes.

There is also some code changes related to localhost. Do you have same problem if you access your server with real domain name instead of localhost?

-- TWiki:Main.KennethLavrsen - 25 Jul 2008

Sorry for causing you nearly a nervous breakdown, Kenneth smile

I'll check into the items you mentioned when I am back at my PC tonight and inform you about any result. Just two questions: I have never heard something of having to delete viewauth, but I will do so before doing the next svn update as I have not done so. Regarding testing with a real domain: I am running TWiki on a local test environment. But maybe I will have the chance to upload it to our company server and then I will come back to you on that.

-- TWiki:Main.SebastianKlus - 25 Jul 2008

You do not need to make a dramatic step like uploading to a company server to play with a real URL.

Just invent some domain like mymachine.mycompany.com and define it two places.

In the {DefaultUrlHost} in TWiki configure and in the /etc/hosts file of the machine pointing to the IP address of the machine or simply 127.0.0.1.

Then the browser will be told by the computer that that domain is itself.

-- TWiki:Main.KennethLavrsen - 25 Jul 2008

If you believe it or not, but the problem remains. I deleted authview, I reconfigured the URL, I even deleted everything and build up the svn install from scratch - no changes, everything the same.

In addition to that I can confirm, that when e.g. creating a new topic in Sandbox (let's call it TestTopic) without previous login, I get to the same result: The login screen is shown inside the WYSIWYG editor instead of the new, still empty topic.

Here an extract of the access.log - maybe it is of any help:
#1 - Creating TestTopic without previous login:
127.0.0.1 - - [26/Jul/2008:12:37:02 -0600] "GET /svn/twiki/core/bin/edit/Sandbox/?topic=TestTopic&onlywikiname=on&onlynewtopic=on HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/view/Sandbox/WebHome" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:37:02 -0600] "GET /svn/twiki/core/bin/login/Sandbox/TestTopic?topic=TestTopic;onlynewtopic=on;origurl=/svn/twiki/core/bin/edit/Sandbox/%3ftopic%3dTestTopic%26onlywikiname%3don%26onlynewtopic%3don;onlywikiname=on HTTP/1.1" 200 8197 "http://twiki.home/svn/twiki/core/bin/view/Sandbox/WebHome" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:37:07 -0600] "POST /svn/twiki/core/bin/login/Sandbox/TestTopic HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/login/Sandbox/TestTopic?topic=TestTopic;onlynewtopic=on;origurl=/svn/twiki/core/bin/edit/Sandbox/%3ftopic%3dTestTopic%26onlywikiname%3don%26onlynewtopic%3don;onlywikiname=on" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:37:08 -0600] "GET /svn/twiki/core/bin/edit/Sandbox/?twiki_redirect_cache=09437e50021fb21727b53283f9e1aef7 HTTP/1.1" 200 24026 "http://twiki.home/svn/twiki/core/bin/login/Sandbox/TestTopic?topic=TestTopic;onlynewtopic=on;origurl=/svn/twiki/core/bin/edit/Sandbox/%3ftopic%3dTestTopic%26onlywikiname%3don%26onlynewtopic%3don;onlywikiname=on" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:37:09 -0600] "POST /svn/twiki/core/bin/rest/WysiwygPlugin/tml2html HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/edit/Sandbox/?twiki_redirect_cache=09437e50021fb21727b53283f9e1aef7" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:37:10 -0600] "GET /svn/twiki/core/bin/login/Main/TestTopic?twiki_redirect_cache=bb053387ef472131bcb7b60c64310d32 HTTP/1.1" 200 8157 "http://twiki.home/svn/twiki/core/bin/edit/Sandbox/?twiki_redirect_cache=09437e50021fb21727b53283f9e1aef7" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"

#2 - Editing the existing TestTopic without previous login:
127.0.0.1 - - [26/Jul/2008:12:48:12 -0600] "GET /svn/twiki/core/bin/edit/Sandbox/TestTopic?t=1217098023 HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/view/Sandbox/TestTopic" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:48:13 -0600] "GET /svn/twiki/core/bin/login/Sandbox/TestTopic?origurl=/svn/twiki/core/bin/edit/Sandbox/TestTopic%3ft%3d1217098023;t=1217098023 HTTP/1.1" 200 8050 "http://twiki.home/svn/twiki/core/bin/view/Sandbox/TestTopic" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:48:18 -0600] "POST /svn/twiki/core/bin/login/Sandbox/TestTopic HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/login/Sandbox/TestTopic?origurl=/svn/twiki/core/bin/edit/Sandbox/TestTopic%3ft%3d1217098023;t=1217098023" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:48:19 -0600] "GET /svn/twiki/core/bin/edit/Sandbox/TestTopic?twiki_redirect_cache=96934d9b336fc8b2a6309883b6f95244 HTTP/1.1" 200 26011 "http://twiki.home/svn/twiki/core/bin/login/Sandbox/TestTopic?origurl=/svn/twiki/core/bin/edit/Sandbox/TestTopic%3ft%3d1217098023;t=1217098023" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:48:20 -0600] "POST /svn/twiki/core/bin/rest/WysiwygPlugin/tml2html HTTP/1.1" 302 - "http://twiki.home/svn/twiki/core/bin/edit/Sandbox/TestTopic?twiki_redirect_cache=96934d9b336fc8b2a6309883b6f95244" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"
127.0.0.1 - - [26/Jul/2008:12:48:21 -0600] "GET /svn/twiki/core/bin/login/Main/WebHome?twiki_redirect_cache=d4a551eff1db2105749ac87eb1d78dab HTTP/1.1" 200 10135 "http://twiki.home/svn/twiki/core/bin/edit/Sandbox/TestTopic?twiki_redirect_cache=96934d9b336fc8b2a6309883b6f95244" "Mozilla/5.0 (X11; U; Linux x86_64; de; rv:1.9.0.1) Gecko/2008071717 Firefox/3.0.1"

And to complete the record:

Operating system: Ubuntu 8.04
Webserver: Apache 2.2.8
Perl: 5.8.8
Browser: Firefox 3.0.1

-- TWiki:Main.SebastianKlus - 26 Jul 2008

What about the localhost vs using a domain name in the URL?

Also can we see the TWiki apache.conf you are using? (attach it)

-- TWiki:Main.KennethLavrsen - 27 Jul 2008

I could reproduce the problem. I already found the cause and will fix soon.

-- TWiki:Main.GilmarSantosJr - 27 Jul 2008

ItemTemplate edit

Summary Topic edition without previous log in results in edition of log in screen (trunk TSA)
ReportedBy TWiki:Main.SebastianKlus
Codebase
SVN Range TWiki-5.0.0, Tue, 22 Jul 2008, build 17070-17112
AppliesTo Engine
Component Log in
Priority Urgent
CurrentState Closed
WaitingFor
Checkins TWikirev:17381
TargetRelease patch
ReleasedIn 1.0.0
I Attachment Action Size Date Who Comment
screenshot.pngpng screenshot.png manage 106 K 23 Jul 2008 - 05:26 SebastianKlus Screenshot of WYSIWYG editor with log in screen
Topic revision: r16 - 26 Dec 2008, KennethLavrsen
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy