Feature Proposal: Would be nice if managing emails in HtPasswdUser.pm was configurable

Motivation

See Support.Question1111. Some sites, particularly if behind a firewall, want email addresses to be purely public information. The documentation suggests that if the email is missing from the .htpasswd file, the address in the user topic will be used, however this is incorrect. If the password manager claims to manage email addresses, then that is the only source of the address.

Description and Documentation

Allow HtPasswdUser::isManagingEmails() to be configurable.

Examples

Impact

WhatDoesItAffect:

%WHATDOESITAFFECT%

edit

Implementation

diff --git a/core/lib/Foswiki.spec b/core/lib/Foswiki.spec
index fba9b85..f5674a3 100644
--- a/core/lib/Foswiki.spec
+++ b/core/lib/Foswiki.spec
@@ -544,6 +544,15 @@ $Foswiki::cfg{PasswordManager} = 'Foswiki::Users::HtPasswdUser';
 # If you want to allow null passwords, set this to 0.
 $Foswiki::cfg{MinPasswordLength} = 7;
 
+# **BOOLEAN EXPERT DISPLAY_IF {PasswordManager}=="Foswiki::Users::HtPasswdUser"**
+# Disable this parameter to prevent HtPasswdUser from managing user email addresses.
+# When disabled, the UserMapper is responsible for managing email addresses. TopicUserMapping
+# will store addresses in the user topics.<br />
+# Default is enabled.  The PasswordManager will be responsible for storing email addresses.<br />
+# Note: This settins is currently only applicable to <tt>HtPasswdUser</tt>.  See the documentation
+# of other Password Managers to determine how they handle e-mail addresses.
+$Foswiki::cfg{Htpasswd}{ManageEmails} = $TRUE;
+
 # **PATH DISPLAY_IF /htpasswd/i.test({PasswordManager})**
 # Path to the file that stores passwords, for the Foswiki::Users::HtPasswdUser
 # password manager. You can use the <tt>htpasswd</tt> Apache program to create a new
@@ -834,9 +843,12 @@ $Foswiki::cfg{AntiSpam}{EmailPadding} = '';
 # Normally Foswiki stores the user's sensitive information (such as their e-mail
 # address) in a database out of public view. This is to help prevent e-mail
 # spam and identity fraud.<br />
-# If that is not a risk for you (e.g. you are behind a firewall) and you
+# This setting controls whether or not the <code>%USERINFO%</code> macro will
+# reveal details about users other than the current logged in user.  It does not
+# control how Foswiki actually stores email addresses.<br />
+# If disclosure of emails is not a risk for you (e.g. you are behind a firewall) and you
 # are happy for e-mails to be made public to all Foswiki users,
-# then you can set this option.<br />
+# then you can disable this option.<br />
 # Note that if this option is set, then the <code>user</code> parameter to
 # <code>%USERINFO</code> is ignored.
 $Foswiki::cfg{AntiSpam}{HideUserDetails} = $TRUE;
diff --git a/core/lib/Foswiki/Users/HtPasswdUser.pm b/core/lib/Foswiki/Users/HtPasswdUser.pm
index 4ef7eb0..a8b684d 100644
--- a/core/lib/Foswiki/Users/HtPasswdUser.pm
+++ b/core/lib/Foswiki/Users/HtPasswdUser.pm
@@ -718,7 +718,7 @@ sub checkPassword {
 }
 
 sub isManagingEmails {
-    return 1;
+    return (defined $Foswiki::cfg{Htpasswd}{ManageEmails} ) ? $Foswiki::cfg{Htpasswd}{ManageEmails} : 1;
 }
 
 sub getEmails {

-- Contributors: GeorgeClark - 09 Aug 2012

Discussion

There was some IRC discussions that this should really be a feature of TopicUserMapping. Choose whether the password manager should manage emails instead of having the PasswordManager refuse to manage emails:

gac410   Ah... I have a pending feature request with stashed code. Make isManagingEmails a configurable option for HtpasswdUser, so users who *really* want emails in the user topic.
can have it.    [04:33]
SvenDowideit   so you're putting back a compatibility feature we removed huh
no wait, isn't that still there...
as you're talking about a topicusermapper option    [04:33]
gac410   Yeah. The docs claim that if a password is not found in the .htpasswd file, it will be read from the topic, but it lies.
TopicUserMapper asks PasswordManager "Can you manage emails" and if it says yes, well there you have it.    [04:34]
SvenDowideit   y, and for a while, twiki had an option in that if in the mapper
but we removed after deprecation
because its inherantly insane (i mean insecure)
of course, we still have the form field
so its still just as busted
so thats another thing that using the apachehtpasswd module can give you
please add your stashed change to that proposal :)
it will be neccessary if we were to remove the crufty one    [04:35]
gac410   It started as a support question. Enterprise wiki where emails were public knowledge, behind fw, had no reason to hide them.    [04:37]
SvenDowideit   y, i agree
except for the reality of phishing scams
that enterprises prefer to ignore :)    [04:37]
gac410   mumble mumble. where was that question. My answer was to modify HtpasswdUser to return 0 to the managing emails method, and user was very happy.    [04:38]
SvenDowideit   whereas the real fix is to put it in topicusermapper
excellent :)
oh wow.
apachepwd also says its managing email
this is insane 

Based on that I'll change this to accepted proposal, and plan to implement it in the TopicUserMapping instead of PasswordManager.

-- GeorgeClark - 09 Oct 2012

Modified to implement this as a configuration parameter in of TopicUserMapping. It will work with any password manager. Added unit test.

-- GeorgeClark - 13 Oct 2012

Commenting is disabled while not logged in