Description

Moin HTTP auth fails when doing a POST in CGI, because REMOTE_USER isn't passed in the request environment.

Tested with Apache2 and Moin 1.5.2, workaround available (see below).

Unknown:

Does this bug occur with other server protocols like fastcgi and modpy?
Does it occur with Apache1?

Steps to reproduce

configure moin 1.5 for use with CGI (tested with apache2)
configure http as auth method
login
edit a page

Workaround

It's possible to add cookie to the chain of auth modules that is used. This way Moin will fall back to cookie auth for POSTs. The cookie will be set in GETs.

A change is required to the http auth function to set the cookie. Change the last lines to (or create a new auth function):

        if u and u.valid:
                request.user = u      # this line is new
                request.setCookie()   # this line is new
                return u, False
        else:
                return None, True

And change the auth line in your config to:

        auth = [myhttp, moin_cookie]

Discussion

Please add more detail (exact apache version, operating system, browser used).

Plan

Priority:
Assigned to:
Status: This looks like an apache bug. Please report it there.

CategoryMoinMoinNoBug

MoinMoin: MoinMoinBugs/HTTPAuthFailsForPOSTWithCGI (last edited 2007-10-29 19:21:45 by localhost)