Item4544: Document special format used in .htpasswd for email addresses

Priority:	CurrentState:	AppliesTo:	Component:	WaitingFor:
Normal	Closed	Engine	Documentation, HtPasswdUser

[08:28:59] <Lavr> SteffenPoulsen. Remember when you advice people to use the htpasswd utility that it deletes all email addresses from .htpasswd
[08:29:22] <Lavr> Or at least from the entry to change
[08:30:13] <SteffenPoulsen> ah yep - forgot that, good point :-)
[08:30:17]
<Lavr> I usually run the htpasswd utility on a new password file
and then copy paste the result into the real one
[08:31:05] <SteffenPoulsen> yes, me too .. wonder if there's a topic I could have pointed to on the procedure
[08:32:07] <SvenDowideit> how about a commented out line that is added to the topof the .htpasswd file?
[08:32:55] * CDot has joined #twiki
[08:33:35] * marclaporte has joined #twiki
[08:34:15]
<Lavr> Yes when it is created. That would not be a bad idea. "Do
not use htpasswd utility on this file. See "URL to t.o FAQ topic"
[08:34:32] <SteffenPoulsen> pls go implement :-)
[08:35:25] <SvenDowideit> please add bug item
[08:35:42] <SvenDowideit> twikibot, make new bug?
[08:35:51] <SteffenPoulsen> :-)

-- TWiki:Main/SteffenPoulsen - 04 Sep 2007

Unsure about this, I don't think storing information directly in the .htpasswd file is an option (all entries are read and written on user updates, non-standard lines are lost in the process).

Perhaps a simple thing like this would be OK (create an additional .htpasswd.README file on creation time).

Index: lib/TWiki/Users/HtPasswdUser.pm
===================================================================
--- lib/TWiki/Users/HtPasswdUser.pm     (revision 14913)
+++ lib/TWiki/Users/HtPasswdUser.pm     (working copy)
@@ -123,6 +123,21 @@
 sub _savePasswd {
     my $db = shift;

+    unless (-e "$TWiki::cfg{Htpasswd}{FileName}" ) {
+        # Item4544: Add pointer to twiki.org topic on special format used in .htpasswd
+        umask( 077 );
+        open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}.README" ) ||
+          throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.
+                                 '.README open failed: '.$! );
+
+        print FILE "# TWiki uses a specially crafted .htpasswd file format that should not be\n";
+        print FILE "# manipulated using a standard htpasswd utility.\n";
+        print FILE "# (3rd-party utilities does not support the e-mail address format used).\n";
+        print FILE "# \n";
+        print FILE "# More information available at: http://twiki.org/cgi-bin/view/TWiki/HtPasswdFormat.\n";
+        close( FILE);
+    }
+
     umask( 077 );
     open( FILE, ">$TWiki::cfg{Htpasswd}{FileName}" ) ||
       throw Error::Simple( $TWiki::cfg{Htpasswd}{FileName}.

If it is enough for this item, only todo is to create the twiki.org topic linked to.

-- TWiki:Main.SteffenPoulsen - 17 Sep 2007

Confirmed, and applies to TWiki.org

CC

---

Added a warning to UserAuthentication? where it discusses sharing the .htpasswd file with other applications. Also updated HtPasswdUser to write the readme when creating a new .htpasswd file.

-- GeorgeClark - 25 Mar 2011