[dokuwiki] Too many issues with auth plugins

  • From: Anika Henke <anika@xxxxxxxxxxxxxxx>
  • To: DokuWiki Mailinglist <dokuwiki@xxxxxxxxxxxxx>
  • Date: Mon, 27 May 2013 19:15:21 +0100

Hi all,

I wonder if it makes sense to have a new release.
There are several issues with auth plugins in Weatherwax. Although none of them are critical, the sheer amount makes it really annoying and makes us look unprofessional.
1. There are *two typos* [1][2] in the message displayed to users urging them to change the authtype. Those wrong instructions mean users will never succeed with that exact change.
2. There is the general issue with this alert message that it seems to imply there is only one change to make and that it is very easy. But both are not true. a) In case your auth plugin has settings, you will lose all of them, unless you know what you're doing. b) Most of the auth plugins are not easy to switch to for anyone unfamiliar with the changes as it's not properly documented anywhere. Well, it is a bit documented [3], but it's not as prominent as it should be and a few clicks away. In the past we had plugins to help those kind of transitions (like safefnrecode, importoldchangelog and importoldindex). We could have a plugin importoldauth!?
3. Two config options are automatically set (after each save) [4] which means that a) the TableToLock option [5] of the mysql auth plugin would be emptied (I don't exactly know what it does, can that have a negative side effect?) b) the ldap auth plugin would have *debug switched on*, which could be a potential *security issue?*
4. The documentation for the mysql auth plugin states that you should rename conf/mysql.conf.php.example and adjust for your main mysql config [6]. But that file is full of the old style config options [7]. Not very user-friendly... 

5. We have several bug reports about the AD auth not working properly. [8]
I am not very familiar with the auth plugins, so there is a chance not everything I wrote is correct. (Please correct me if that is the case.) I am also not sure how much of an issue all of this is?
I've put this on the agenda for our next IRC meetup. So, ideas are welcome on this thread, but the proper decisions will probably only be made in that meetup. 

Cheers,
Anika
[1] https://github.com/splitbrain/dokuwiki/commit/98e31f853f43d94c5bd1d3ab79388c44ce29ce0a [2] https://github.com/splitbrain/dokuwiki/commit/a91f1103e66d9f28375fc94de05ebbcde454950d [3] https://www.dokuwiki.org/devel:auth_plugins#handling_of_old_auth_backends 
[4] https://bugs.dokuwiki.org/index.php?do=details&task_id=2789
[5] https://www.dokuwiki.org/plugin:authmysql#option_tablestolock
[6] https://www.dokuwiki.org/plugin:authmysql#how_to_configure_authmysql_plugin [7] https://github.com/splitbrain/dokuwiki/commit/01fb97e278338569ebf861059b81adff5f4a55c6 
[8] https://bugs.dokuwiki.org/index.php?do=details&task_id=2781
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist

Other related posts:

  1. Home
  2. dokuwiki
  3. Archive
  4. 05-2013