Description
In a server setup with several auth methods, users that are authenticated by the second or later method will see irritiating error messages about invalid credentials. In the case of chained methods, no messages should be displayed when the login is successful. When the login fails, IMO only the message of the last method tried should be displayed.
Steps to reproduce
Set up Moin with 2 or more auth methods chained (e.g. [MoinAuth(), LDAPAuth()]).
- Let a user log in that is valid only in the 2nd method (e.g. no local account, just LDAP)
- Actual Result
- The login succeeds, but the user will see an error message "Invalid username or password", making him believe that the login failed.
- Expected result
- The user only sees error messages when the login ultimately fails.
Example
Component selection
- auth
Details
MoinMoin Version |
1.9.4 |
OS and Version |
Fedora 16 |
Python Version |
2.7.3 |
Server Setup |
nothing special except auth (see above) |
Server Details |
VM, 1G RAM, 1VCPU |
Language you are using the wiki in (set in the browser/UserPreferences) |
English |
Workaround
Some auth methods (in particular LDAPAuth) have options to avoid these messages. If these methods are put in front of the chain in wikiconfig.py, this problem will not occur.
Discussion
MGizzi(6/19/2012)-Put the example of what the method is. Add "report_invalid_credentials=False," to your ldap definition.
Plan
- Priority:
- Assigned to:
- Status: