The system currently allows an authenticated user to login under maintenance mode, but then never shows them anything other than the default maintenance message. I think that a user without proper authorization (administer site configuration) should be denied login for two reasons:
1. the user is not truly logged in and the system should reflect that. A simple example is that if an admin is testing with a user account, the session gets updated with the uid and no way to "logout". Similarly, any reporting done (watchdog, etc) should reflect that only properly credentialed users are active.
2. from an end-user perspective, they have no way of knowing whether their login was accepted or rejected, or more importantly why. I can imagine that less experienced users might then attempt to reset their password because they "couldn't get on". With the system under maintenance mode, they should really receive a message on the login form that site login is not possible right now.
// $Id: user.module,v 1.587 2006/02/21 18:46:54 dries Exp $
//==== line901
if (!$user->uid) {
form_set_error('login', t('Sorry. Unrecognized username or password.') .' '. l(t('Have you forgotten your password?'), 'user/password'));
watchdog('user', t('Login attempt failed for %user.', array('%user' => theme('placeholder', $form_values['name']))));
}
+ if (variable_get('site_offline', 0)) {
+ if (!user_access('administer site configuration', $user)) {
+ form_set_error('login', t('Sorry. Site login is not possible at the moment.'));
+ unset($GLOBALS['user']);
+ }
+ }
Comment | File | Size | Author |
---|---|---|---|
#24 | maint_logout.patch | 2.92 KB | chx |
#22 | maint_logout.patch | 2.91 KB | chx |
#20 | maint_logout.patch | 2.29 KB | chx |
#19 | maint_logout.patch | 2.28 KB | chx |
#12 | maint_logout.patch | 3.24 KB | chx |
Comments
Comment #1
john.money CreditAttribution: john.money commentedStatus => code review
Comment #2
john.money CreditAttribution: john.money commentedHmmm... the fix stopped working today. Here is a correction.
Comment #3
ebruts CreditAttribution: ebruts commentedIndeed this is a good point. Please provide a real patch.
Comment #4
ebruts CreditAttribution: ebruts commentedI have submitted your patch (replaced if with else if) so this can be reviewed.
Comment #5
john.money CreditAttribution: john.money commentedThank you eberts... wasn't that I was ignoring the request to make a diff, just didn't have time to get CVS setup on this machine. Thanks again.
Comment #6
Jaza CreditAttribution: Jaza commentedThis is still a problem in Drupal 5. The fact that non-admin users can log in under maintenance mode, but cannot log out, and are given no indication of their login/logout status, IMHO makes this clearly a bug. This should be fixed for Drupal 6, and backported to Drupal 5.
Comment #7
Jody LynnI tested the patch and rerolled it for head. I also changed the error message to be the same as the usual offline text so that it won't be a post-string-freeze issue. This is definitely a bug worth fixing because currently if you login as an authenticated user you will not even be able to logout in order to login again as an administrator.
Comment #8
Gábor HojtsyI don't think this message is right, we don't say 'Drupal' in a public facing message, and people suggested we even remove the default site name as Drupal, remove all Drupal path instances and replace them with other references of the concept, etc. IMHO what we can basically do is to not allow login for the user and redirect him to the frontpage, where an appropriate message will show. (Not that that message is a site setting and is themeable even, so it can be anything). We cannot make assumptions here about what message to display to the user.
Comment #9
chx CreditAttribution: chx commentedHere we come. Note that despite I changed the return values of
_menu_site_is_offline
it's really not expected that anyone else would see the newlogout
value (as the user is logged out immediately) but even if it does unless there is a check for a literalTRUE
nothing changes. I simplified the code a tiny bit while there and written copious amounts of comments and doxygen. Note that even before my patch, the doxygen was incorrect.Note: the patch was written from Gabor's instructions and have nothing to do with earlier attempts.
Comment #10
chx CreditAttribution: chx commentedUm. Why do we run
drupal_get_normal_path
in here when menu.inc is only included in a full bootstrap, way past the path bootstrap phase which does it anyways?Comment #11
chx CreditAttribution: chx commentedI can't stop fixing this function, it has so many bugs... this version will allow
user/login
not justuser
. Also code underwent further simplification.Comment #12
chx CreditAttribution: chx commentedThe nonrepeating message breaks encapsulation and bloats the code, because the same in
drupal_set_message
is shorter and as a side effect its reusable in a BC way. Poor_menu_site_is_offline
, not much remained :) I believe the speed impact is nil with just a plusif
ran for every message call, which are quite rare anyways (debating this is microoptimization anyways).Comment #13
JirkaRybka CreditAttribution: JirkaRybka commentedThis seems like kicking out the already-logged-in users too, which is NICE :) Unsure about the drupal_set_message() change this late, though.
Comment #14
chx CreditAttribution: chx commentedThe DSM changes are, deliberately, backwards compatible, as already noted. It'd make more sense to change the logic --ie make nonrepeated default-- but that'd be a too big change this late. And yes, I am kicking already logged in users too.
Comment #15
PanchoJaza wrote in #6:
This makes this a critical bug which clearly has to be backported.
Comment #16
dmitrig01 CreditAttribution: dmitrig01 commented@Pancho - this bug doesn't exist in Drupal 5, because the menu system is totally different
Comment #17
Pancho@dmitrig01: Oops, okay... ;) Missed that. But still it's critical for D6.
Comment #18
Dries CreditAttribution: Dries commented1. I don't like the additional parameter to drupal_set_message(). Can we remove that again? Why would we ever want to repeat a message?
2.
if ($return = _menu_site_is_offline()) {
-- $return is a bad variable name. How about $offline instead?3. I don't like that fact that _menu_site_is_offline() returns TRUE, FALSE or 'logout'. The function should return TRUE or FALSE -- anything else is a bit of a hack.
While this patch fixes a bug, it degrades the quality of the code.
Comment #19
chx CreditAttribution: chx commentedWhy we would want to repeat a message? I have no idea, I was just keeping current behaviour. If changing that is fine, I am happier. The new patch does an external redirect instead of an internal getting rid of the 'logout' return value.
Comment #20
chx CreditAttribution: chx commentedThis actually works here.
Comment #21
Gábor HojtsyDries: one reason I can imagine to display the same message multiple times is for debugging purposes. When you have PHP errors, it is possible that the same error message pops up for the same line (same byte sequence == same message text) but you have an error with a different data set (ie. you run a loop though the same code with five non-nodes, and you get errors, you should get them five times). Also, developer modules have drupal set message helpers, which set debugging info as messages. If you have different drupal set message codes and not all of them output your message (because they are the same object dumped for example), you might be a bit misdirected there.
I cannot think of any purpose for user facing duplicate messages though. Maybe it is worth moving developer messages to a 'debug' message type, instead of reusing the 'warning' core message type for example, and duplication should be possible there. This last code version rules out all possible duplication with messages.
chx: What does a drupal_goto('logout'); do in offline mode, when there is no access to that path for unprivileged users anyway? This looks like an infinite HTTP redirection recursion to me. Or do I miss something here?
Comment #22
chx CreditAttribution: chx commentedNext attempt. Back to repeatable messages. New trick: we call user_logout directly.
Comment #23
catchAfter saving the maintenance mode form:
Comment #24
chx CreditAttribution: chx commentedComment #25
catchOK so I when I try to log in as a user with no privileges, it chucks me back to the "maintenance mode" index and logs me out again. Looks like the dsm was taken out on purpose in previous iterations, that's fine with me - we're in maintenance mode, it says so right here, no need for an extra message.
user/1 and a user with administer site configuration get in as expected.
Logs say "session opened", "session closed" right next to each other for the user who's been chucked out -again, that's what's actually happening so seems fine to me.
so on that basis, rtbc.
Comment #26
Gábor HojtsyI think we should not change message recording behavior now (ie. always disallow repeating messages), so this little API extension looks better. It also helps fix bugs elsewhere (http://drupal.org/node/194010), so committed this one. Thanks.
Comment #27
Gábor HojtsyBetter issue link: http://drupal.org/node/194010#comment-657958
Comment #28
(not verified) CreditAttribution: commentedAutomatically closed -- issue fixed for two weeks with no activity.