Description
- belongs only to DesktopEdition
If one has for try out installed a DesktopEdition with many users on a multiuser system and did setup superuser to one user name then all people of access to that DesktopEdition wiki could login without to know the username or password. Choosing login shows 
Because of DE was developed to setup a private wiki with one user and no additional configuration to setup the wiki instance the superuser staff is internal defined differently. Otherwise it would be impossible / difficult to install language packages for the DE/wiki. -- ReimarBauer 2006-02-18 14:22:27
see MoinMoinChat/Logs/moin-dev/2006-02-17 and MoinMoinChat/Logs/moin-dev/2006-02-05
Until this configuration wizard described above is not finished don't use supervisor var yourself in wikiconfig.py of DesktopEdition. -- ReimarBauer 2006-02-18 14:22:27
Steps to reproduce
- do this...
Example
Details
MoinMoin Version |
|
OS and Version |
|
Python Version |
|
Server Setup |
|
Server Details |
|
Discussion
As I said in the logs, this is not true. -- AlexanderSchremmer 2006-02-18 14:27:22
I tried this now the fourth time with always a new DE installation it is everytime the same behaviour
My steps:
- ./moin.py
- user creation in the DE instance
- no login
- killing the moin.py process
editing of wikiconfig.py
# -*- coding: iso-8859-1 -*- "MoinMoin - Configuration" from MoinMoin.multiconfig import DefaultConfig class Config(DefaultConfig): superuser = u'ReimarBauer' acl_rights_after = acl_rights_default = u"All:read,write,delete,revert,admin"- ./moin.py
http://localhost:8080/UserPreferences shows now my username to select
- select this name and then you are logged in
You are using the attribute incorrectly as stated in the logs. We have 2 problems on our side here - incorrect naming of the attribute (singular) and no security check. -- AlexanderSchremmer 2006-02-18 14:44:44
Ahh some light in the darkness I was not aware that it will give a failure if it is used this way. Now it is clear. I don't know why I have not used [] in DE while in all the other wiki's I did. Probably it was because there is only one user ... -- ReimarBauer 2006-02-18 15:03:49
the var superuser must be set right as superuser = [u'ReimarBauer',] to get it right working ALWAYS!
This is not a bug, just a wrong configuration.
If people delete correct configuration from sample configs and then add wrong configuration, and don't read the docs that clearly state that this has to be a list, we can't do much about that (in general).
In this special case, I will add some user.valid check to avoid the check user in cfg.superuser being True for user == '' and a wrong configuration (not using a list as documented).
Of course this is a bug, as I pointed out above. -- AlexanderSchremmer 2006-02-18 15:30:00
Is somewhere else a parameter check for wikiconfig already discussed. Somethink like apache2 -t to run syntax tests for configuration files only? -- ReimarBauer 2006-02-18 15:54:28
- No, but some checks are done and one is missing here obviously.
Plan
- Priority:
- Assigned to:
- Status: Mitigated by checking the data type.