Item14169: Verification for {FeatureAccess}{Configure} in configure fails to handle login names.

pencil
Priority: Normal
Current State: Closed
Released In: 2.1.3
Target Release: patch
Applies To: Extension
Component: Configure
Branches: Release02x01 master Item13897 Item14152
Reported By: TestUser333
Waiting For:
Last Change By: GeorgeClark
Condition: Authentication using Kerberos with "MyWikiUser -- unixuser"

First case: {FeatureAccess}{Configure} is set to 'MyWikiUser'.

Result: The user can access configure. But an error message is written: "Current user not in this list, and is locked out, If you save the configuration, you'll lose access to configure!"

Second case: {FeatureAccess}{Configure} is set to 'unixuser'.

Result: The user cannot access configure, but no error message is written.

-- TestUser333 - 05 Sep 2016

Problem in the checker: lib/Foswiki/Configure/Checkers/FeatureAccess/Configure.pm

in line 56: $curuser equals to the unixuser not the WikiUser

-- TestUser333 - 05 Sep 2016

Adding this second line did not help: my $curuser = Foswiki::Func::getCanonicalUserID(); $curuser = Foswiki::Func::getWikiName($curuser);

-- TestUser333 - 05 Sep 2016

Further note: When setting {FeatureAccess}{Configure} to 'AdminGroup' while 'MyWikiUser' was a member of AdminGroup, this did not work, i.e. MyWikiUser could not access configure anymore! When setting it to '' (empty) MyWikiUser could access configure again.

-- TestUser333 - 05 Sep 2016

I've got a possible fix, but I'm concerned that it is incomplete. The issue is that it assumes that users always have wiki names, which may not be true when using external authentication.
diff --git a/core/lib/Foswiki/Configure/Checkers/FeatureAccess/Configure.pm b/core/lib/Foswiki/Configure/Checkers/FeatureAccess/Configure.pm
index 7eb04ef..dc46bab 100644
--- a/core/lib/Foswiki/Configure/Checkers/FeatureAccess/Configure.pm
+++ b/core/lib/Foswiki/Configure/Checkers/FeatureAccess/Configure.pm
@@ -50,20 +50,21 @@ You should either set the _internal admin_ password, or add users to this list w
     my $passed = '';   # Set to true if current user is allowed to use configure
 
     my $curuser = Foswiki::Func::getCanonicalUserID();
+    $curuser = Foswiki::Func::getWikiName($curuser);
 
     unless ( $Foswiki::cfg{isBOOTSTRAPPING}
         || !$Foswiki::cfg{FeatureAccess}{Configure}
         || ( $curuser eq 'BaseUserMapping_333' ) )
     {
         foreach my $user (@Authorized) {
-            if ( $user eq Foswiki::Func::getCanonicalUserID() ) {
+            if ( $user eq $curuser ) {
                 $passed = 1;
                 last;
             }
         }
         $reporter->ERROR(
-"Current user not in this list, and is locked out, If you save the configuration, you'll lose access to configure!"
-        ) unless ( $passed || $curuser eq 'BaseUserMapping_333' );
+"Current user $curuser  not in this list, and is locked out, If you save the configuration, you'll lose access to configure!"
+        ) unless ( $passed || $curuser eq $Foswiki::cfg{AdminUserWikiName} );
     }
 
 }

-- GeorgeClark - 05 Sep 2016
 

ItemTemplate edit

Summary Verification for {FeatureAccess}{Configure} in configure fails to handle login names.
ReportedBy TestUser333
Codebase 2.1.2
SVN Range
AppliesTo Extension
Component Configure
Priority Normal
CurrentState Closed
WaitingFor
Checkins distro:6f724c6d7f55 distro:b225bf79e21c
TargetRelease patch
ReleasedIn 2.1.3
CheckinsOnBranches Release02x01 master Item13897 Item14152
trunkCheckins
masterCheckins distro:6f724c6d7f55 distro:b225bf79e21c
ItemBranchCheckins distro:6f724c6d7f55 distro:b225bf79e21c
Release02x01Checkins distro:6f724c6d7f55
Release02x00Checkins
Release01x01Checkins
Topic revision: r7 - 18 Feb 2017, GeorgeClark - This page was cached on 24 Sep 2017 - 07:29.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License