Changeset 13796

Timestamp:

01/23/12 19:00:19 (4 weeks ago)

Author:

CrawfordCurrie

Message:

Item11458: simplify and streamline handling of password file; it now must exist for Foswiki to run, and will be created by =configure= if not. This lets us do enhanced checking in =configure= while reducing the runtime burden.

Location:

trunk

Files:

• UnitTestContrib/test/unit/FoswikiFnTestCase.pm (modified) (1 diff)
• UnitTestContrib/test/unit/RegisterTests.pm (modified) (1 diff)
• core/lib/Foswiki/Configure/Checkers/Htpasswd/FileName.pm (modified) (1 diff)
• core/lib/Foswiki/Contrib/core/MANIFEST (modified) (1 diff)
• core/lib/Foswiki/UI/Register.pm (modified) (4 diffs)
• core/lib/Foswiki/Users/ApacheHtpasswdUser.pm (modified) (1 diff)
• core/lib/Foswiki/Users/HtPasswdUser.pm (modified) (1 diff)
• core/lib/Foswiki/Users/Password.pm (modified) (1 diff)
• core/templates/messages.tmpl (modified) (1 diff)

trunk/UnitTestContrib/test/unit/FoswikiFnTestCase.pm

@@ -66 +66 @@
     $Foswiki::cfg{RCS}{AutoAttachPubFiles}  = 0;
     $Foswiki::cfg{Register}{AllowLoginName} = 1;
-    $Foswiki::cfg{Htpasswd}{FileName}    = "$Foswiki::cfg{WorkingDir}/htpasswd";
-    $Foswiki::cfg{PasswordManager}       = 'Foswiki::Users::HtPasswdUser';
+    $Foswiki::cfg{Htpasswd}{FileName} = "$Foswiki::cfg{WorkingDir}/htpasswd";
+    unless (-e $Foswiki::cfg{Htpasswd}{FileName} ) {
+        my $fh;
+        open($fh, ">", $Foswiki::cfg{Htpasswd}{FileName}) || die $!;
+        close($fh) || die $!;
+    }
+    $Foswiki::cfg{PasswordManager}    = 'Foswiki::Users::HtPasswdUser';
     $Foswiki::cfg{Htpasswd}{GlobalCache} = 0;
-    $Foswiki::cfg{UserMappingManager}    = 'Foswiki::Users::TopicUserMapping';
-    $Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::TemplateLogin';
+    $Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::TopicUserMapping';
+    $Foswiki::cfg{LoginManager}       = 'Foswiki::LoginManager::TemplateLogin';
     $Foswiki::cfg{Register}{EnableNewUserRegistration} = 1;
     $Foswiki::cfg{RenderLoggedInButUnknownUsers} = 0;

trunk/UnitTestContrib/test/unit/RegisterTests.pm

@@ -1246 +1246 @@
 
     $query->path_info( '/' . $this->{users_web} . '/WebHome' );
-    unlink $Foswiki::cfg{Htpasswd}{FileName};
+    my $fh;
+    open($fh, ">", $Foswiki::cfg{Htpasswd}{FileName}) || die $!;
+    close($fh) || die $!;
 
     $this->createNewFoswikiSession( $Foswiki::cfg{DefaultUserLogin}, $query );

trunk/core/lib/Foswiki/Configure/Checkers/Htpasswd/FileName.pm

@@ -24 +24 @@
     Foswiki::Configure::Load::expandValue($f);
 
-    return $e
-      . $this->WARN(
-"file $f is not found.  This may be normal for a new installation.  it will be created when the first user registers to the site"
-      ) unless ( -f $f );
-
-    return $e
-      . $this->ERROR(
-"$f is not writable.  User registration will be disabled until this is corrected."
-      ) unless ( -w $f );
+    unless ( -e $f ) {
+        # password file does not exist; check it can be created
+        my $fh;
+        if (!open($fh, ">", $f) || !close($fh)) {
+            return $e . $this->ERROR("Password file $f does not exist and could not be created: $!");
+        } else {
+            $e .= $this->NOTE("A new password file $f has been created.");
+            unless (chmod(0600, $f)) {
+                $e .= $this->WARN("Permissions could not be changed on the new password file $f")
+            }
+        }
+    } elsif ( !( -f $f && -w $f )) {
+        # password file exists but is not writable
+        return $e
+            . $this->ERROR(
+            "$f is not a writable plain file. "
+            . "User registration will be disabled until this is corrected.")
+    }
 
     return $e;

trunk/core/lib/Foswiki/Contrib/core/MANIFEST

@@ -483 +483 @@
 lib/Foswiki/Configure/Checkers/Htpasswd/Encoding.pm 0444
 lib/Foswiki/Configure/Checkers/Htpasswd/FileName.pm 0444
+lib/Foswiki/Configure/Checkers/Htpasswd/LockFileName.pm 0444
 lib/Foswiki/Configure/Checkers/HttpCompress.pm 0444
 lib/Foswiki/Configure/Checkers/Introduction.pm 0444

trunk/core/lib/Foswiki/UI/Register.pm

@@ -101 +101 @@
     }
     elsif ( $action eq 'resetPassword' ) {
+        if ( !$session->inContext("passwords_modifyable") ) {
+            throw Foswiki::OopsException(
+                'attention',
+                web   => $session->{webName},
+                topic => $session->{topicName},
+                def   => 'passwords_disabled'
+            );
+        }
         require Foswiki::UI::Passwords;
         Foswiki::UI::Passwords::resetpasswd($session);
@@ -287 +295 @@
         my $cUID = $users->addUser(
             $row->{LoginName}, $row->{WikiName},
-            $row->{Password},  $row->{Email}
+            $session->inContext("passwords_modifyable") ? $row->{Password} : undef,
+            $row->{Email}
         );
         $log .=
@@ -837 +846 @@
     my $users = $session->{users};
     try {
-        unless ( defined( $data->{Password} ) ) {
+        unless ( !$session->inContext("passwords_modifyable") ||
+                 defined( $data->{Password} ) ) {
 
             # SMELL: should give consideration to disabling
@@ -855 +865 @@
         my $cUID = $users->addUser(
             $data->{LoginName}, $data->{WikiName},
-            $data->{Password},  $data->{Email}
+            $session->inContext("passwords_modifyable") ? $data->{Password} : undef,
+            $data->{Email}
         );
         my $log = _createUserTopic( $session, $data );

trunk/core/lib/Foswiki/Users/ApacheHtpasswdUser.pm

@@ -121 +121 @@
     my $path = $Foswiki::cfg{Htpasswd}{FileName};
 
-    #TODO: what if the data dir is also read only?
-    if ( ( !-e $path ) || ( -e $path && -r $path && !-d $path && -w $path ) ) {
-        $this->{session}->enterContext('passwords_modifyable');
-        return 0;
-    }
+    # We expect the path to exist and be writable.
+    return 0 if ( -e $path && -f $path && -w $path );
+
+    # Otherwise, log a problem.
+    $this->{session}->logger->log(
+        'warning',
+        'The password file does not exist or cannot be written.' .
+        'Run =configure= and check the setting of {Htpasswd}{FileName}.' .
+        ' New user registration has been disabled until this is corrected.');
+    # And disable registration (and password changes)
+    $Foswiki::cfg{Register}{EnableNewUserRegistration} = 0;
     return 1;
 }

trunk/core/lib/Foswiki/Users/HtPasswdUser.pm

@@ -162 +162 @@
     my $path = $Foswiki::cfg{Htpasswd}{FileName};
 
-    #TODO: what if the data dir is also read only?
-    if ( ( !-e $path ) || ( -e $path && -r $path && !-d $path && -w $path ) ) {
-        $this->{session}->enterContext('passwords_modifyable');
-        return 0;
-    }
+    # We expect the path to exist and be writable.
+    return 0 if ( -e $path && -f $path && -w $path );
+
+    # Otherwise, log a problem.
+    $this->{session}->logger->log(
+        'warning',
+        'The password file does not exist or cannot be written.' .
+        'Run =configure= and check the setting of {Htpasswd}{FileName}.' .
+        ' New user registration has been disabled until this is corrected.');
+    # And disable registration (which will also disable password changes)
+    $Foswiki::cfg{Register}{EnableNewUserRegistration} = 0;
+
     return 1;
 }

trunk/core/lib/Foswiki/Users/Password.pm

@@ -57 +57 @@
 
 returns true if the password database is not currently modifyable
-also needs to call
-$this->{session}->enter_context('passwords_modifyable');
+also needs to set $this->{session}->enter_context('passwords_modifyable');
 if you want to be able to use the existing TopicUserMappingContrib ChangePassword topics
 

trunk/core/templates/messages.tmpl

@@ -170 +170 @@
 
 %MAKETEXT{"You have *not* been registered."}%
+%TMPL:END%
+%TMPL:DEF{"passwords_disabled"}%
+---+++ %MAKETEXT{"Passwords disabled"}%
+
+%MAKETEXT{"The Administrator has disabled password changes."}%
+
+%MAKETEXT{"Please contact [_1]." args="%WIKIWEBMASTER%"}%
+
+%MAKETEXT{"Your password has not been changed."}%
 %TMPL:END%
 %TMPL:DEF{"thanks"}%