From: <de...@de...> - 2008-08-08 03:33:00
|
Author: SvenDowideit Date: 2008-08-07 22:33:08 -0500 (Thu, 07 Aug 2008) New Revision: 17364 Trac url: http://develop.twiki.org/trac/changeset/17364 Modified: twiki/branches/TWikiRelease04x02/data/TWiki/TWikiUserAuthentication.txt twiki/branches/TWikiRelease04x02/lib/TWiki.spec twiki/branches/TWikiRelease04x02/lib/TWiki/LoginManager/TemplateLogin.pm twiki/branches/TWikiRelease04x02/templates/login.sudo.tmpl twiki/branches/TWikiRelease04x02/templates/login.tmpl twiki/branches/TWikiRelease04x02/twikiplugins/ClassicSkin/templates/login.classic.tmpl Log: Item5898: prevent the browser from saving passwords in template login Modified: twiki/branches/TWikiRelease04x02/data/TWiki/TWikiUserAuthentication.txt =================================================================== --- twiki/branches/TWikiRelease04x02/data/TWiki/TWikiUserAuthentication.txt 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/data/TWiki/TWikiUserAuthentication.txt 2008-08-08 03:33:08 UTC (rev 17364) @@ -69,6 +69,7 @@ 1 Use the [[%SCRIPTURLPATH{"configure"}%][configure]] interface to 1 select the =TWiki::Client::TemplateLogin= login manager (on the Security Settings pane). 1 select the appropriate password manager for your system, or provide your own. + 1 %H% there is also an EXPERT configure setting ={TemplateLogin}{PreventBrowserRememberingPassword}= that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage. 1 Register yourself in the TWikiRegistration topic. <br /> %H% Check that the password manager recognises the new user. If you are using =.htpasswd= files, check that a new line with the username and encrypted password is added to the =.htpasswd= file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file. 1 Create a new topic to check if authentication works. @@ -115,9 +116,9 @@ ---++++ Logons via bin/logon -Any time a user enters a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on. +Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on. -The ==bin/logon== script accomplishes this. The ==bin/logon== script must be setup in the ==bin/.htaccess== file to be a script which requires a =valid user=. However, once authenticated, it will simply redirect the user to the view URL for the page from which the =logon= script was linked. +The ==bin/logon== script enables this. If you are using Apache Login, the ==bin/logon== script must be setup in the ==bin/.htaccess== file to be a script which requires a =valid user=. Once authenticated, it will redirect the user to the view URL for the page from which the =logon= script was linked. #TrackSessions ---++ Sessions @@ -222,4 +223,4 @@ %STOPINCLUDE% __Related Topics:__ AdminDocumentationCategory, TWikiAccessControl, TWiki:TWiki.TWikiUserAuthenticationSupplement, TWiki:TWiki.SecuringTWikiSite --- __Contributors:__ TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie +-- __Contributors:__ TWiki:Main.PeterThoeny, TWiki:Main.MikeMannix, TWiki:Main.CrawfordCurrie, TWiki:Main.SvenDowideit Modified: twiki/branches/TWikiRelease04x02/lib/TWiki/LoginManager/TemplateLogin.pm =================================================================== --- twiki/branches/TWikiRelease04x02/lib/TWiki/LoginManager/TemplateLogin.pm 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/lib/TWiki/LoginManager/TemplateLogin.pm 2008-08-08 03:33:08 UTC (rev 17364) @@ -57,6 +57,9 @@ if ($TWiki::cfg{Sessions}{ExpireCookiesAfter}) { $session->enterContext( 'can_remember_login' ); } + if ($TWiki::cfg{TemplateLogin}{PreventBrowserRememberingPassword}) { + $session->enterContext( 'no_auto_complete_login' ); + } return $this; } Modified: twiki/branches/TWikiRelease04x02/lib/TWiki.spec =================================================================== --- twiki/branches/TWikiRelease04x02/lib/TWiki.spec 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/lib/TWiki.spec 2008-08-08 03:33:08 UTC (rev 17364) @@ -287,6 +287,12 @@ # </li></ol> $TWiki::cfg{LoginManager} = 'TWiki::LoginManager::TemplateLogin'; +# **BOOLEAN EXPERT** +# Browsers typically remember your login and passwords to make authentication +# more convenient for users. If your TWiki is used on public terminals, or other +# you can prevent this, forcing the user to enter the login and password every time. +$TWiki::cfg{TemplateLogin}{PreventBrowserRememberingPassword} = 0; + # **REGEX EXPERT** # The perl regular expression used to constrain user login names. Some # environments may require funny characters in login names, such as \. Modified: twiki/branches/TWikiRelease04x02/templates/login.sudo.tmpl =================================================================== --- twiki/branches/TWikiRelease04x02/templates/login.sudo.tmpl 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/templates/login.sudo.tmpl 2008-08-08 03:33:08 UTC (rev 17364) @@ -7,7 +7,7 @@ %TMPL:DEF{"title"}%---++ %MAKETEXT{"Please enter the TWiki admin password"}% %TMPL:END% -%TMPL:DEF{"usernamefield"}%<input tabindex='1' class="twikiInputField twikiFocus" type="text" size="40" name="username" value="%TWIKIADMINLOGIN%" />%TMPL:END% +%TMPL:DEF{"usernamefield"}%<input tabindex='1' class="twikiInputField twikiFocus" type="text" size="40" name="username" value="%TWIKIADMINLOGIN%" %TMPL:P{context="no_auto_complete_login" then="autocomplete_off"}% />%TMPL:END% %TMPL:DEF{"usernamenote"}%%TMPL:P{"authrealm"}%%TMPL:END% @@ -15,4 +15,4 @@ %TMPL:DEF{"loginasadministratorform"}%%TMPL:END% -%TMPL:DEF{"authrealm"}%<span class="twikiUnvisited">%MAKETEXT{"Enter the TWiki Administrator user or login as set in [_1]" args="[[%SCRIPTURL{configure}%][configure]]"}%</span>%TMPL:END% \ No newline at end of file +%TMPL:DEF{"authrealm"}%<span class="twikiUnvisited">%MAKETEXT{"Enter the TWiki Administrator user or login as set in [_1]" args="[[%SCRIPTURL{configure}%][configure]]"}%</span>%TMPL:END% Modified: twiki/branches/TWikiRelease04x02/templates/login.tmpl =================================================================== --- twiki/branches/TWikiRelease04x02/templates/login.tmpl 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/templates/login.tmpl 2008-08-08 03:33:08 UTC (rev 17364) @@ -36,7 +36,7 @@ %QUERYPARAMS{encoding="entity" format="<input type='hidden' name='$name' value='$value' />"}% </literal><input type="hidden" name="origurl" value="%ORIGURL%" /></form>%TMPL:END% -%TMPL:DEF{"usernamefield"}%<input tabindex='1' type='text' class='twikiInputField twikiFocus' size='40' name='username' value='%URLPARAM{"usernamestep"}%' />%TMPL:END% +%TMPL:DEF{"usernamefield"}%<input tabindex='1' type='text' class='twikiInputField twikiFocus' size='40' name='username' value='%URLPARAM{"usernamestep"}%' %TMPL:P{context="no_auto_complete_login" then="autocomplete_off"}% />%TMPL:END% %TMPL:DEF{"usernamestep"}%<div class="twikiFormStep"> ---+++ %MAKETEXT{"Username"}% @@ -49,8 +49,10 @@ %TMPL:DEF{"usernamefieldhelp"}%%TWISTY{mode="span" showlink="%MAKETEXT{"Help"}%" hidelink="%MAKETEXT{"Hide help"}%" remember="on"}% <div class="twikiHelp">%TMPL:P{"usernamenote"}%</div> %ENDTWISTY%%TMPL:END% -%TMPL:DEF{"passwordfield"}%<input tabindex='2' type='password' class='twikiInputField' size='40' name='password' value='' />%TMPL:END% +%TMPL:DEF{"passwordfield"}%<input tabindex='2' type='password' class='twikiInputField' size='40' name='password' value='' %TMPL:P{context="no_auto_complete_login" then="autocomplete_off"}% />%TMPL:END% +%TMPL:DEF{"autocomplete_off"}% autocomplete='off' %TMPL:END% + %TMPL:DEF{"passwordfieldnoteremember"}%%TMPL:P{"passwordfield"}% %TMPL:P{"passwordnote"}% %TMPL:P{context="can_remember_login" then="rememberbox"}%%TMPL:END% Modified: twiki/branches/TWikiRelease04x02/twikiplugins/ClassicSkin/templates/login.classic.tmpl =================================================================== --- twiki/branches/TWikiRelease04x02/twikiplugins/ClassicSkin/templates/login.classic.tmpl 2008-08-08 03:17:49 UTC (rev 17363) +++ twiki/branches/TWikiRelease04x02/twikiplugins/ClassicSkin/templates/login.classic.tmpl 2008-08-08 03:33:08 UTC (rev 17364) @@ -22,9 +22,9 @@ <form action='%SCRIPTURLPATH{"login"}%/%WEB%/%TOPIC%' method='post'> <table border='0'> <tr><th>Username</th><td> -<input type='text' size='30' name='username' value='%URLPARAM{"username"}%' /> +<input type='text' size='30' name='username' value='%URLPARAM{"username"}%' %TMPL:P{context="no_auto_complete_login" then="autocomplete_off"}% /> </td></tr><tr><th>Password</th><td> -<input type='password' size='30' name='password' value='' /> +<input type='password' size='30' name='password' value='' %TMPL:P{context="no_auto_complete_login" then="autocomplete_off"}% /> %TMPL:P{context="can_remember_login" then="rememberbox"}% </td></tr></table> <literal> @@ -37,6 +37,8 @@ <p /> %TMPL:END% +%TMPL:DEF{"autocomplete_off"}% autocomplete='off' %TMPL:END% + %TMPL:P{"htmldoctype"}% %TMPL:P{"head"}% %TMPL:P{"bodystart"}% |