[dokuwiki] Re: Tweaking authentication

Andreas Gohr wrote: 
Chris Smith writes:

Quick question.

If auth initialisation fails should:
- dokuwiki die immediately with some suitable error message
- carry on without auth, the user would be treated as not logged in, parts of dokuwiki which require auth would not be available[1]
- allow config to specify one or other of the above.

Hmm either the first or the second. I would tend to the second but with a error message ("Authentication currently not available") to let the user know why he can't log in.

Just for understanding: The auth backend could fail only for internal
reasons like the MySQL database being down or something, am I right? If the module it self is non existant or has errors (missing a method for example) I think dying is the correct method of making the admin aware of his wrong
config. 
the current situation, auth initialisation has three detected fail points:
1. auth php file missing
2. auth class missing after reading auth php file
3. auth class constructor sets $auth->success to false.

all three result in the message, "User authentication not possible. Please inform your wiki admin."

I'll change things so,
1 & 2 will die with a message "Bad authentication configuration, please inform your wiki admin."
3 will result in the following message, "User authentication temporarily unavailable. If this situation persists please contact your wiki admin." and the wiki will stay alive.

Cheers,

Chris




--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Other related posts: