Priority: Urgent
Current State: Closed
Released In: 2.0.0
Target Release: major
Applies To: Engine
Component: Configure
Branches: Release01x01 trunk
install fresh
goto configure
goto install extension, pick one, hit install
do
not set a pwd, or set any initial values.
you get'password not set', but not Ui to do so - you just get the normal enterpwd single input.
--
SvenDowideit - 24 Mar 2012
I don't get how the "Extensions" tab and button exist if you have not set the initial values. They are not rendered until the first save has been completed.
Unless someone is incorrectly shipping a pre-configured
LocalSite.cfg. In which case, the initial password should probably be shipped with a default, since you are forcing configure to run in a non-standard sequence.
--
GeorgeClark - 24 Mar 2012
I suspect the "right" way to fix this is to change configure to use CGI::Session and require a login before accessing any parameters. I'm poking at that a little bit. Added FOSWIKICFGSID cookie and trying to get the login before allowing any access to the configuration. But it will be a bit before I know if it looks safe enough for 1.1.5.
--
GeorgeClark - 24 Mar 2012
good point, yes, these do ship with localsite's with no pwd.
I do this so that I can pre-load different defaults as its safer and produces a working foswiki :/
I've been doing it this way since I first built installers in 2006 - so I'd love for it to be supported
later - actually, this situation can come about if someone resets the password by deleting it from the cfg - a standard response to 'I've forgotten the pwd' - so y, we do need to deal with it.
--
SvenDowideit - 24 Mar 2012
I've checked in a rather big change to fix this. It probably doesn't even belong in trunk without a feature proposal.
- Adds CGI::Session support to Configure
- Sets a default session life of 60 minutes since last access, and save authority 5 minutes since session created.
- Prompts for password up front in order to access configure (except on first iteration)
- Prompts for password on save / extend / test email only if save access is stale
- Adds a checkbox to permit password change even if nothing has changed.
Trunk only for now.
--
GeorgeClark - 25 Mar 2012
I've checked in a much smaller change for 1.1.5
- Add the checkbox to permit a password change without changes to the config
- Added a warning that the password is not set and must be set before anything else can be done.
--
GeorgeClark - 26 Mar 2012
Cloned this task to
Item11706 for Release 1.1.5. This task will be trunk only.
--
GeorgeClark - 30 Mar 2012
This is all moot, as configure has been completely rewritten. The session changes mentioned above are all discarded. Still waiting for release, but really no longer applies to 1.2.
--
GeorgeClark - 02 Nov 2014