Tags:
create new tag
view all tags

Unknown REMOTE_USER should resolve to TWikiGuest

I have a TWiki site which is authenticated by our corporate (proprietary) apache auth module. This module sets REMOTE_USER with our intranet name. I would like to prohibit editing of topics within a web by setting DENYWEBCHANGE = TWikiGuest. What I would like to happen is when someone is authenticated but has not registered, %WIKIUSERNAME% would be set to TWikiGuest. Instead, what happens is it is set to Main.<REMOTE_USER>. This breaks the DENYWEBCHANGE setting.

The fix seems trivial. Here is the inlined Diff: 

*** /homes/mbigby/TWiki.pm      Fri Nov  7 19:00:00 2003
--- lib/TWiki.pm        Fri Nov  7 18:08:22 2003
***************
*** 720,725 ****
--- 720,727 ----
      $remoteUser =~ /(.*)/;
      $remoteUser = $1;  # untaint variable

+     $remoteUser = $defaultUserName unless defined $userToWikiList{$remoteUser};
+
      my $remoteAddr = $ENV{'REMOTE_ADDR'} || "";

      if( ( ! $doRememberRemoteUser ) || ( ! $remoteAddr ) ) {

TWiki version: TWikiRelease01Feb2003
TWiki plugins: DefaultPlugin, EmptyPlugin, InterwikiPlugin
Server OS: FreeBSD
Web server: apache
Perl version: 5.005
Client OS:  
Web Browser:  

-- MichaelBigby - 08 Nov 2003

Thanks for posting this. I changed it from a BugReport to a FeatureEnhancementRequest since this is the current spec.

Before your patch can be applied we need to investigate if it works at a site like TWiki.org where users are authenticated by their WikiName.

That probably needs to be configurable. At my work we have the policy to allow only authenticated posts; we have a TWikiApplication where we get feedback from employees and we do not request them to be registered TWiki users.

-- PeterThoeny - 08 Nov 2003

I think this ought to be default. I have for a long, long while (until today) wondered why my logs show bogus non-wikiname entries. (Perhaps the logs can be made to show the remote user as well - this is useful information).

-- MartinCleaver - 08 Nov 2003

the option to use the non-wiki name corresponds with the option to use the $remoteusername (see RemoteUserPasswords)

-- SvenDowideit - 01 Jan 2004

If I do the legwork to make this a configurable option, can I get a commitment to get feature into a scheduled release? DakarRelease perhaps?

-- MichaelBigby - 17 Feb 2004

WebForm
TopicClassification FeatureEnhancementRequest
TopicSummary

InterestedParties SvenDowideit, MichaelBigby, WillNorris
AssignedTo

AssignedToCore

ScheduledFor

RelatedTopics TWikiAuthenticationDev, RemoteUserPasswords
SpecProgress

ImplProgress

DocProgress

Edit | Attach | Watch | Print version | History: r9 < r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r9 - 2004-05-20 - PeterThoeny
 
  • Learn about TWiki  
  • Download TWiki
This site is powered by the TWiki collaboration platform Powered by Perl Hosted by OICcam.com Ideas, requests, problems regarding TWiki? Send feedback. Ask community in the support forum.
Copyright © 1999-2026 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.