Upgrading .htpasswd passwords from old Hackage

Max Bolingbroke batterseapower at hotmail.com
Tue Oct 18 19:15:06 CEST 2011


Hi Duncan,

Please find attached another patch for you to look at. (I'm pushing
smaller changes to the server without asking, but this is a larger
change you will probably want to think carefully about.)

This patch:
 1. Allows us to import users with .htpasswd password hashes into the
Hackage database
 2. Prompts users with such an "old-style" password to upgrade their
passwords when they first try to log in

Is this the right thing to do, in your opinion? Do you have any
comments about the implementation?

In the course of developing this I noticed that the "change password"
functionality seems to be broken for me: I can create a user just
fine, but attempting to *change* the password constantly fails with
"401 Unauthorized". (No, it is not the case that the password change
worked and it is just asking me to authenticate with new credentials).
Is this the experience of others as well? To reproduce this:

 1. Create a user (e.g. foo/foo) at http://localhost:8080/users/register
 2. Go to http://localhost:8080/users/register
 3. Authenticate as the new user in the box that pops up
 4. Attempt to change the password by a new password in the boxes (e.g. bar/bar)
 5. Enter the new credentials in the box (foo/bar). It should
authenticate you but it doesn't work. The old credentials (foo/foo)
don't work either. It's really weird!

Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: HtPasswdHashes.dpatch
Type: application/octet-stream
Size: 109972 bytes
Desc: not available
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20111018/7dc4161b/attachment-0001.obj>


More information about the cabal-devel mailing list