Item6000: Changes tracked by loginname not wikiname

I have just upgraded from 4.2.1 (i think) to TWiki-4.2.3, Wed, 06 Aug 2008, build 17396

My twiki is set up to use apache logins (all connections are restricted to valid user in .htaccess) and users should register before editing pages.

Registered users seem to be tracked ok, at least it prints my name in the top left and my signature has my wikiname, however edits on the page are showing up with a derivation of my loginname (email address with html escaped entities) e.g. Main.anton40piatek_2eco_2euk

This seems to be only on the top/bottom of pages, as the list of changed pages shows wikinames next to them.

This used to work in 4.2.0/4.2.1

-- TWiki:Main/AntonPiatek - 17 Sep 2008

Thinking back, this used to behave differently - As an unregistered user it used to think I was "antonpiatekcouk" as it stripped the @ and.'s our of my loginid (they were removed from the allowed login regex in the config). Now it seems to be trying to convert them...

-- TWiki:Main.AntonPiatek - 17 Sep 2008

Registering a new user works the same as above - The user is recognised and greeted by their wikiname, but edits are stored in the page as their email address with @ replaced with _40 and . replaced with _2e Is this related to Item4771 which seemed to put in a fix to make this situation work better? (though I had it working before somehow, but I am using the RequireRegistration plugin to make sure all users were recognised)

-- TWiki:Main.AntonPiatek - 17 Sep 2008

There was a bug in 4.2.0 related to the translation of login names with non A-Za-z0-9 chars.

This caused both problems and was a security risk (different logins could be translated to the same Wikiname)

We had to fix this. And for those that had installed 4.2.0 and registered users this causes a small problem. But we had no choice. We had to fix the problem.

The behavior you have now is the same as Cairo, 4.0, 4.1 etc with respect to how unregistered users are shown.

For those that are registered with the strange logins you will have to hack the files if it hurts too much.

You probably upgraded from 4.2.0 and not 4.2.1 because nothing changed after 4.2.1.

I am no actioning this because we know the problem but cannot do anything about it without re-introducing the problem in 4.2.0.

-- TWiki:Main.KennethLavrsen - 18 Sep 2008

The list of changed pages shows peoples wiki names though - Is it possible to change the view template perhaps to lookup the loginname and convert it to wikiname?

-- TWiki:Main.AntonPiatek - 18 Sep 2008

It should be the same thing. The login name is converted to a Canonical ID which again is converted to a Wikiname based on the TWikiUsers topic. And depending on the login ID some may be translated right and some may not depending on what special characters were in the login ID.

-- TWiki:Main.KennethLavrsen - 18 Sep 2008

You are on to something - If I change my loginID to be the converted ID that is printed at the top/bottom of a changed page then it shows up as me who edited the page, however now the sidebar says "hello antonpiatek.com" (the @ has been dropped, not escaped and the .'s are left as is) Why is the sidebar doing a different resolution to the view template? The macro generated list of changed pages now also shows the pages I edited as being edited by Main.antonpiatek.com The wiki does not know who I am, because I am redirected to the register page by the RequireRegistration plugin. I think the view template is doing a wrong lookup, or saving the wrong ID - The rest of the wiki manages to find me fine with my normal email address as my loginid - just the ID written to the header of the pages seems to be different

-- TWiki:Main.AntonPiatek - 19 Sep 2008

If I edit the raw .txt of a page and change the last edit tag at the top to my email address (unescaped) then the top of the page shows my wikiname as the editor, but the recent changes page shows my email address with @ stripped. This really sounds like the view template is not converting the UID correctly - perhaps it needs to find the user by loginid instead of UID? Can you point me to the code to play with? I am still trying to learn about the internals of TWiki...

-- TWiki:Main.AntonPiatek - 19 Sep 2008

Can you give some examples of exact login names and some topics that show the problem.

Reopening. But normal priority.

-- KennethLavrsen - 23 Sep 2008

I log in with "anton@piatek.co.uk", this is stored in the TWikiUsers page I edit a page in the sandbox, and the top of the page shows the edit was done by Main.anton_40piatek_2eco_2euk The sandbox WebChanges page however shows the edit was done by AntonPiatek (my wikiname). The raw .txt of the edited topic has the following line

The same happens for every topic. The WebChanges shows correct wikinames, the sidebar shows my personal WebLeftBar page, greets me with my name etc. It is only the header/footer of a topic that shows my escaped email address (The edit history also shows the escaped email address) I can set up a copy of the wiki to hack some code if you have any suggestions - Unfortunately it is behind a firewall so I cannot give you a url to the pages

-- TWiki:Main.AntonPiatek - 23 Sep 2008

I log in with "anton@piatek.co.uk", this is stored in the TWikiUsers page.
I edit a page in the sandbox, and the top of the page shows the edit was done by Main.anton_40piatek_2eco_2euk The sandbox WebChanges page however shows the edit was done by AntonPiatek (my wikiname). The raw .txt of the edited topic has the following line

%META:TOPICINFO{author="anton_40piatek_2eco_2euk" date="1222156596" format="1.1" version="1.6"}%

The same happens for every topic. The WebChanges shows correct wikinames, the sidebar shows my personal WebLeftBar page, greets me with my name etc. It is only the header/footer of a topic that shows my escaped email address (The edit history also shows the escaped email address) I can set up a copy of the wiki to hack some code if you have any suggestions - Unfortunately it is behind a firewall so I cannot give you a url to the pages

-- TWiki:Main.AntonPiatek - 23 Sep 2008

Following a discussion with CrawfordCurrie in IRC at 2008-11-08-1939 AEST it seems the issue is in the function renderRevisionInfo in Render.pm. This function is used by various templates in rendering of the topic's signature. The code around line 1567 puts the author from getRevisionInfo() into $user. This author is the canonical user id (at least for non-legacy topics).

Later on at line 1588 the code passes $user to getCanonicalUserID, presumably assuming its a WikiName or login name. This returns a cUID that is double-escaped, and finally a login name that is still the canonical user id. When rendered, it doesn't get converted into a WikiName which is the symptoms that TWiki:Main.AntonPiatek is describing. Note that in a previous life getCanonicalUserID accepted and return cUIDs unchanged.

$cUID = $user;

at line 1588 stops the issue, but without a in-depth knowledge of the code and its intentions, I'm concerned that this may break something else. A random thought was to check if the $user was already a cUID by using userExists, but there may be an issue with collisions between cUIDs and login names. CrawfordCurrie also mentioned that userExists can be expensive - may be an issue as renderRevisionInfo appears to be called several times per page.

Note that this bug only occurs when you have non-alphanum characters in the login name - such as when you are trying to implement a SSO environment and using NTLM logins, or as TWiki:Main.AntonPiatek described above.

CrawfordCurrie suggested that the method contained a mix of half-rewrite and legacy code from when cUIDs were implemented, and that something like the code at line 451 could be used instead.

A workaround for those using NTLM logins is to omit the domain name. It using mod_auth_sspi you can include

SSPIOmitDomain on

, which will remove the slash as well and just leave the username. This is not acceptable if you have multiple domains though.

Setting to Urgent and Confirmed at the request of CrawfordCurrie.

-- LeeRyman - 08 Nov 2008 - 10:34

I will probly look into this for v1.0.0

-- SvenDowideit - 10 Nov 2008 - 09:32

I've noticed a very similar problem in the Attachments table, caused by the same use of getCanonicalUserID($user). The Who fields for attachments are appearing as DOMAIN_5cuser in my case.

In Upload.pm at line 115 the template def %ATTACHTABLE% gets replaced with the value of $atext. This comes from the function formatVersions in Attach.pm. This further calls the function _expandAttrs which retrieves the user from getRevisionInfo and then tries to determine the canonical id using $cUID = $users->getCanonicalUserID($user) at line 245.

-- LeeRyman - 13 Nov 2008 - 00:52

Problem appears in search results too.

This appears to come from my $cUID = $users->getCanonicalUserID($ru); at line 761 of Search.pm.

The worrying aspect of the use of the function getCanonicalUserID() is that it always appears to return a result, even if its just the cUID escaped a second time around. However the code calling getCanonicalUserID() often immediately checks to see if $cUID has been defined as a way of determining if the cUID represents a valid registered user. This is an incorrect assumption and doesn't work. For example, see the lines following line 761 of Search.pm. The code would work by calling getLoginName if getCanonicalUserID returned undef.

I'm still trying to learn more about the current design of WikiNames, login names and canonical user ids and how it works, but it looks like there are some incorrect and potentially dangerous assumptions being made. It seems to be there is a mix up between verifying/identifying users by mapping between their different names, and purely generating one name from the other. I will look into it more and hopefully get back to you with an idea or two.

-- LeeRyman - 13 Nov 2008 - 22:29

Sven are you closing this the next days. It is an old release blocker.

-- KennethLavrsen - 16 Dec 2008

yes, I have a number of failing unit tests that how some of the issues - and am slowly working through things.

Its actually possible that I have resolved this bug - but I doubt that we'll know until someone helps write more unit tests, or there's alot of testing :/

• SvenDowideit - 20-22 Dec 2008

hi there, in which version has this bug been solved? im using "Foswiki-1.0.0, Wed, 07 Jan 2009, build 1876" and have the same problems with our ntlm usernames. they look like this: "domain+username" the + is replaced by _2b when i change a topic.

-- FlurinRindisbacher - 10 Mar 2009

This bug report was fixed in 1.0.0 as tickmarked below in the form.

So please open a new bug report with more details.

-- KennethLavrsen - 10 Mar 2009