Skip Menu |

This queue is for tickets about the Apache-AuthCookie CPAN distribution.

Report information
The Basics
Id: 75694
Status: resolved
Priority: 0/
Queue: Apache-AuthCookie

People
Owner: Nobody in particular
Requestors: ccolumbu [...] gmail.com
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: (no value)
Fixed in: (no value)



Subject: $ENV{'REDIRECT_AuthCookieReason'} value
When a user fails to login the $ENV{'REDIRECT_AuthCookieReason'} value is just "bad_credentials" so there is no way to tell the difference between different errors. (i.e. user does not exist vs wrong password) Is it possible to pass the error message from the log_error() call to that ENV var? Or to make it more descriptive in some way? We are using Apache2::AuthCookieDBI, one feature is an "active" field, and when a user signs up, but has not confirmed their account, or if they fail to make a payment we set their active flag to 0. When they go to login it tells them they have their username or password wrong because we can't tell the difference between active == 0 and bad login credentials. Thanks.
On Sun Mar 11 14:50:40 2012, ccolumbu wrote: Show quoted text
> When a user fails to login the $ENV{'REDIRECT_AuthCookieReason'} value > is just "bad_credentials" so there is no way to tell the difference > between different errors. (i.e. user does not exist vs wrong password)
This is the responsibility of your AuthCookie subclass, not AuthCookie itself. Authcookie simply calls: $self->authen_cred($r, @credentials) and if it does not get a session key returned back from that, it only knows that @credentials are not valid. It has no way of knowing which credential is invalid because AuthCookie itself doesn't check the credentials (your subclass does that). If you want to know which credential was not valid, you need to do something inside your authen_cred() implementation to make note of that, and save it in $r->subprocess_env() e.g.: $r->subprocess_env(MyBadCredential => 'credential_1') and then make use of that in your login_form handler the same way that you get at AuthCookieReason: $r->prev->subprocess_env('MyBadCredential') Regards, Michael Schout