Description

A user profile with empty password will not be able to login again.

Step to reproduce:

1. Create a user profile with empty password
2. Move to another browser, or another machine, or just delete your Moin cookie.
3. Try to login with your name and empty password
4. You get an "Unknown user name or password." error.

Example

Reproducable on:

• http://wikifeatures.wiki.taoriver.net/ - Confirmed by NirSoffer

• http://wiki.taoriver.net/

• http://wikinodes.wiki.taoriver.net/

• http://intcomm.wiki.taoriver.net/

Details

Discussion

The current 1.2.3 release version and later doesn't allow creation of a user account with empty password. So there is no problem with that.

Accounts must have a valid email and a non-empty password to be able to recover when you lose your cookie or when you want to log in from another computer. Usage of the (hard to remember) userid for that purpose is painful and deprecated. The need for a valid email and password is documented.

Logging in with no password, by just saying "it is really me, ThomasWaldmann", without having to give a password, is pointless because it is just to easy to impersonate anybody. This is kind of incompatible with having ACLs, of course.

Moin is still open for edits with no login, the default settings allow anonymous edits without having an account at all.

(To discuss changing the above behavior, e.g allowing empty password, try MoinMoinIdeas)

Workaround

Ask the wiki administrator to delete the problem profile and register again with a non empty password.

• If you forget your password, you can get it later by clicking the "mail me my account data", but you must enter a valid email address to enable this.

Plan

• Priority:
• Assigned to:
• Status: fixed in 1.2.3

CategoryMoinMoinBugFixed