This question about Configuration, Authentication or Authorisation: Asked
authorization fails with restored passwords
I have upgraded our Foswiki
from 2.0.4 to 2.1.7. I did this by installing afresh and
copying the pub and data directories from earlier installation. Only change that I made in the process is changing minimum password length from 7 to 8.
The new installation does authenticate me with my username/password from earlier installation, but it denies even view access to the topics that I created with my same username earlier. Secondly, topics created by myself in earlier 2.0.4 have owner displayed as my Firstname.Lastname. Now when I create new topic in 2.1.7, the owner is just my username.
Is there some procedure that I missed out by copying data from 2.0.4 to 2.1.7?
Here is the response I get.
Access Denied
Attention
Access check on "private.SysadminNotes" failed.
Action "VIEW": access not allowed on topic by user <myusername>.
To login as another user please do so here
Contact wiki-admin@mydomain if you have any questions.
Related topics: WikiGroups, AccessControl
--
NagarajP - 23 Nov 2022
Before I delve into your question, we should check on your upgrade from 2.0.4. That's a pretty big jump. You should check over
UpgradeGuide, particularly in regards character encoding and the change in Foswiki's store implementation. That should all be squared away before looking at the points below.
Sounds as if there's some mis-match in your user data base. You need to check these three parts of the user setup:
- Password file in data directory. I'm assuming you copied over from your prior installation. Look for your entry in
- Check the WikiUsers topic and make sure your user name (login) is correctly listed there with your user topic and also make sure there're aren't 2 entries for same user name.
- Confirm that your user topic was carried over from prior installation.
- Finally, check your group membership and make sure the user you're logging in as in the correct groups (such as AdminGroup).
Hope this helps.
--
LynnwoodBrown - 23 Nov 2022
The problem persists. Before coming to that, I checked these as suggested by Lynnwood.
- double checked that there are no character coding issues, no store implementation mismatch. The script tools/configure on our old version (2.0.4) reported that there is no RCV files.
- I followed the UpgradeGuide, as also the very useful posts in https://foswiki.org/Support/Question1964
- The new site (2.1.7) displays topics and users list just as it was in 2.0.4 (I guess this means user topics have carried over correctly. Old passwords worked, for me and for another user. I also checked using "Forgot password", for my account (it is non-admin) - emails reached as expected.
- The group that was created appears correctly, along with user members
- There aren't two entries for my name, My name in WikiUsers list is
NagarajPanyam - nagaraj - 20 Nov 2015
which is correct.
However, these are some differences that I notice.
- everything is fine when I login with user admin, problems only when I login with my user account (which is not in AdminGroup)
- all old topics created by me (in 2.0.4) have owner display as = -- NagarajPanyam = .
- Topics that i created in 2.1.7 have owner displayed as = -- Main.nagaraj =
- I can view and edit some topics that I own , even though owner name is displayed differently as in above two bullet points
- I am still unable to view some topics that was owned by myself (as non . The error is = Access check on "private.SysadminNotes" failed. =
How do I get fowsiki to display my owner name exactly as before? and how do I repair the "access check failed" error?
--
NagarajP - 29 Nov 2022
Nagara - Good job for reviewing all that background stuff I suggested! I don't think I've run into a problems exactly like your describing and it's leaving me scratching my head. All I can think of suggesting right now is to double check some of the other related configuration settings. Since you are able to log in that would suggest that
{PasswordManager}
is correct. However, it seems that Foswiki is not able to connect your login to your user topic. Since you've already checked the WikiUsers topic, there are a couple more configure settings you might check. One is
{UserMappingManager}
which should be set to
Foswiki::Users::TopicUserMapping
. The behavior you describe would be consistent to if you had it set to
Foswiki::Users::BaseUserMapping
. The last thing I can think of is to make sure Foswiki has the right location for WikiUsers and your user topics. So check the
{UsersWebName}
setting (that identifies the web where user info is stored.
--
LynnwoodBrown - 29 Nov 2022
I think I have zeroed in on why just one topic is resulting in the error = "Access check on "INOprivate.SysadminNotes" failed =.
The clipping from the particular
WebHome.txt is below. That particular topic ("Sysadmin Notes") has a regular http URL link, whereas others are in the form of internal topics. I myself made this in v2.0.4, but I am not sure I can retrace the steps. How to I make the third item same as the other two?
---++++ [[ICAM.WebHome][ICAM]]
---++++ [[MiniIcamPvt.webHome][mini ICAM]]
---++++ <a href='https://www.snipsnip.in/wiki/IMOprivate/SysadminNotes' target='_self' title='System Administrator Notes'>Sysadmin Notes</a>
--
NagarajP - 30 Nov 2022
I risk sounding crazy reporting this!
In the new Foswiki installation, I notice that the message next to my login avatar keeps changing between "Hi, nagaraj" and "Hi, Nagaraj Panyam", as I switch between topics (public, private). I guess the latter is my wikiname with a space in between, because when I click on it, it opens my wiki account page.
I checked that this behaviour of Foswiki is there with another user, too. I am unable to find a pattern when it switches between username and wikiname.
Notably, when the display is "Hi, myWikiName", then the error about "access check failed" (I reported in my previous comment) is not there. Foswiki opens that topic, too.
Here are some relevant settings in
LocalSite.cfg
# grep AllowLoginName lib/LocalSite.cfg
'{Register}{AllowLoginName}',
$Foswiki::cfg{Register}{AllowLoginName} = 0;
# grep TopicUserMapping lib/LocalSite.cfg
'TWikiUserMappingContrib' => 'TopicUserMappingContrib',
$Foswiki::cfg{TopicUserMapping}{ForceManageEmails} = 0;
$Foswiki::cfg{UserMappingManager} = 'Foswiki::Users::TopicUserMapping';
--
NagarajP - 30 Nov 2022