New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
You are here: Foswiki>Tasks Web>Item652 (11 Apr 2012, GeorgeClark)Edit Attach

Item652: Register can fail midway and leave the registration half done making re-registration impossible.

Priority: Normal
Current State: Closed
Released In: 1.1.5
Target Release: patch
Applies To: Engine
Component: FoswikiUIRegister, TopicUserMappingContrib
Branches: Release01x01 trunk
Reported By: Foswiki:Main.CarlinhosCecconi
Waiting For:
Last Change By: GeorgeClark
The registration process is not storing username and password in .htpasswd.

There is the following entry in the file warnXXXX.txt :
| 2009-01-03 - 18:19 | Unknown callback: 'authname'. (user|auth|language|pass)

-- Foswiki:Main.CarlinhosCecconi

what are you configure settings related to this?

-- WillNorris - 03 Jan 2009

Default of instalation:
$Foswiki::cfg{LoginManager} = 'Foswiki::LoginManager::TemplateLogin';
$Foswiki::cfg{Register}{EnableNewUserRegistration} = 1; 
$Foswiki::cfg{Register}{HidePasswd} = 1; 
$Foswiki::cfg{Register}{RegistrationAgentWikiName} = 'RegistrationAgent'; 
$Foswiki::cfg{PasswordManager} = 'Foswiki::Users::HtPasswdUser'; 
$Foswiki::cfg{MinPasswordLength} = 1; 
$Foswiki::cfg{Htpasswd}{FileName} = '/srv/www/htdocs/foswiki/data/.htpasswd'; 
$Foswiki::cfg{Htpasswd}{Encoding} = 'crypt';

-- CarlinhosCecconi - 03 Jan 2009

I had similar experience last night. It worked only when I installed sendmail so I figured it was my own fault. With different settings in configure the User topic was created and the user was added to the users topic but no entry in .htpasswd as mentioned here. I shall try to test again.

Yup, I think there was a bug at some time that if the registration failed for any reason (could not write to .htaccess due to permissions, sendmail error, perl error, ...) the engine would abort with registration half-completed, which prevented the same registraton to be redone. Sounds that the same bug.

I do not have sendmail installed. And even hoped that send e-mail. The user topic was created without entry into .htpasswd. The register script returned the following message:
Thank you for registering 
 Your personal Foswiki topic CarlosCecconi has been created 
 Warning: Could not send confirmation email 
 Mail could not be sent - please ask your %WIKIWEBMASTER% to look at the Foswiki warning log. Too many failures sending mail

-- CarlinhosCecconi - 03 Jan 2009

Default this happens and maybe it could be imprved. Without mail disabled or setting it right registration fails. The SimpleInstallGuide point 11 talks about mail setup. I think it should be disabled by default and then admins have to enable it at the same time they use correct settings.

I have changed the bug title to reflect the generic issue which is that when the registration fails - the registration completes half way and then dies.

This is not in itself a release blocker. If some mail related setup is wrong the admin will need to fix it under all circumstances. if you do not have sendmail installed and have not provided the needed configure settings for the perl SMTP to work sending email will fail.

What is missing is either some roll back mechanism that removes the half way done registration OR we should simply change the sequence of events so the email is sent before creating Users topic and adding to WikiUsers. This way the most common issue - email problems - will fail first.

The rest can also fail though typically because of wrong access rights to the .htaccess file or to the data directory tree.

Do not attempt to create a roll back feature in 1.0.0. It is a risky affair to get right.

I would like to understand from Carlinhos - what had you defined in configure for email feature?

The relevant settings are

  • $Foswiki::cfg{WebMasterEmail}
  • $Foswiki::cfg{WebMasterName}
  • $Foswiki::cfg{MailProgram}
  • $Foswiki::cfg{SMTP}{MAILHOST}
  • $Foswiki::cfg{SMTP}{SENDERHOST}
  • $Foswiki::cfg{SMTP}{Username}
  • $Foswiki::cfg{SMTP}{Password}

For the SMTP username and password naturally I am not asking for actual values. Just - did you specify valid data for these?

The server that is installed Foswik-i1.0-beta3 a home server that use for my tests. I do not have an MTA configured. So Failure happens. In fact the register script return the message: Mail could not be sent - please ask your %WIKIWEBMASTER% to look at the Foswiki warning log. Too many failures sending mail. But still I think so strange the creation of user topic without the entry into .htpasswd .

I understand the report now

It is true that during the registration the code walks through all the steps - like (order not correct)

  • Add to WikiUsers topic
  • Add to .htpasswd
  • Create users topic
  • Send email

If one of them fail the previous are not rolled back.

It would be a big extra code work to add this roll back. Another less severe thing could be to look at the sequence. But then again. Do you want to send an email that registration has happened if the topics and password files failed?

The most likely to fail are

  • Not able to write to local files during installation. Here roll back is only important until the site runs.
  • Not able to send email. If you have an intranet site and someone registers and the email is nothing else but information then I prefer that registration succeed but email fails.

So I prefer the email errors do not roll back registration.

But then there is the case of verification turned on. Here we can do nothing until the user has received the email and has verified the registration.

Any fix to this must be done with great care.

I am putting this low as it is only an installation thing when the server is not correctly setup

-- KennethLavrsen - 09 Jan 2010

Bumping this up and will work on a partial fix for Foswiki 1.1.5. For sites fighting SPAM registrations with AntiWikiSpamPlugin, save of the user topic can be blocked. But by that time, the user has been partially registered. TopicUserMapping has a function removeUser. But it doesn't completely remove the user. It doesn't touch the WikiUsers topic. removeUser should reverse the actions taken by addUser. Note that it does NOT remove the User topic.

-- GeorgeClark - 02 Mar 2012

ItemTemplate edit

Summary Register can fail midway and leave the registration half done making re-registration impossible.
ReportedBy Foswiki:Main.CarlinhosCecconi
Codebase 1.1.4, 1.1.3, 1.1.2, 1.1.1, 1.1.0, 1.0.10, 1.0.0 beta3, trunk
SVN Range
AppliesTo Engine
Component FoswikiUIRegister, TopicUserMappingContrib
Priority Normal
CurrentState Closed
Checkins distro:facec089504d distro:286f3dabe43b distro:bc6c66e15e81 distro:ec6da40cb4b7
TargetRelease patch
ReleasedIn 1.1.5
CheckinsOnBranches Release01x01 trunk
trunkCheckins distro:facec089504d distro:bc6c66e15e81
Release01x01Checkins distro:286f3dabe43b distro:ec6da40cb4b7
Topic revision: r22 - 11 Apr 2012, GeorgeClark - This page was cached on 19 Sep 2018 - 03:21.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy