FS#44 Recreating user login causes odd behaviour

New install of DokuWiki on Fedora Core 3, Apache 2.0, PHP 4.3.10.

I set up the ACLs the way I want (ie, anyone can read, but you need to be logged in to create/edit).

Discovered that when a user registers, a randomly generated password gets e-mailed. Preferred to use a password I can remember (something you know) and not a piece of paper (something you have).

Found the wiki:tipsandtricks:resetpassword page and applied all the changes there (except the very last one, ie, disabling e-mailing the password).

Now for the interesting behaviour.

First I removed my name by hand from users.auth then registered the same name as I was using before. Selected the password myself, and it was e-mailed to me. (Not sure if this was the desired behaviour.) Login after that was successful. Logged out.

Then I wondered what would happen if I tried to register the same username again, so I tried it. Even though I specified my same (memorable) password, it e-mailed me a new (random generated) password. Sure enough, when I tried to login with my chosen password, it failed, and when I tried the random one, it worked.

I checked users.auth just to verify that there was only one entry for my username, which there was.

Again I tried to register the same name while specifying my chosen password. Again it e-mailed me a random password.

Next I removed myself by hand from users.auth.

I tried again to register with a chosen password, and was successful (verified by receiving an e-mail with my chosen psasword and logging in).

I suspect the desired behaviour would be:

- if the user chooses a password, don't e-mail it, and don't change it to a random password
- if the user doesn't choose a password, e-mail a random one

I did take a look at wiki:tipsandtricks:allowusertosetpassword but felt it would be better to be able to reset it hence the choice of the other tip.

FS#44 Recreating user login causes odd behaviour

ACL & Authentication