From 2267cbcf894029290d97bd71b81cf95e1f8987b9 Mon Sep 17 00:00:00 2001
From: GeorgeClark
Session files are stored in the {WorkingDir}/tmp directory.
-#This setting is also used to set a lifetime for registration requests.
+#This setting is also used to set a lifetime for passthru redirect requests.
$Foswiki::cfg{Sessions}{ExpireAfter} = 21600; # **NUMBER FEEDBACK=AUTO EXPERT DISPLAY_IF {UseClientSessions} && {LoginManager}=='Foswiki::LoginManager::TemplateLogin'** @@ -719,6 +719,21 @@ $Foswiki::cfg{Register}{NeedApproval} = $FALSE; # administrator. $Foswiki::cfg{Register}{Approvers} = ''; +# **NUMBER FEEDBACK=AUTO 20 DISPLAY_IF {Register}{NeedVerification} || {Register}{NeedApproval}** +# Set the pending registration timeout, in seconds. The pending registration +# will be cleared after this amount of time. The default is 6 hours +# (21600 seconds). +# Note By default, registration expiry is done "on the fly" +# during the registration process. For best performance, you can set {Register}{ExpireAfter} +# to a negative number, which will mean that Foswiki won't try to clean +# up expired registrations durning registration. Instead you should use a cron +# job to clean up expired sessions. The standard maintenance cron script +# tools/tick_foswiki.pl includes this function. +#Note that if you are using registration approval by 3rd party reviewers, +# this timer should most likely be significantly increased. 24 hours = 86400, 3 days = 259200.
+#Pending registration requests are stored in the {WorkingDir}/registration_approvals directory.
+$Foswiki::cfg{Register}{ExpireAfter} = 21600; + # **BOOLEAN EXPERT** # Controls whether the user password has to be entered twice on the # registration page or not. The default is to require confirmation, in which diff --git a/core/lib/Foswiki/Configure/Checkers/Register/ExpireAfter.pm b/core/lib/Foswiki/Configure/Checkers/Register/ExpireAfter.pm new file mode 100644 index 0000000000..07e23ea2b6 --- /dev/null +++ b/core/lib/Foswiki/Configure/Checkers/Register/ExpireAfter.pm @@ -0,0 +1,55 @@ +# See bottom of file for license and copyright information +package Foswiki::Configure::Checkers::Register::ExpireAfter; + +use strict; +use warnings; + +require Foswiki::Configure::Checkers::NUMBER; +our @ISA = ('Foswiki::Configure::Checkers::NUMBER'); + +sub check { + my $this = shift; + + return '' + unless ( $Foswiki::cfg{Register}{NeedVerification} + || $Foswiki::cfg{Register}{NeedApproval} ); + + my $e = ''; + $e .= $this->SUPER::check(@_); + return $e if ( $e =~ /Error:/ ); + + if ( $Foswiki::cfg{Register}{ExpireAfter} < 0 ) { + $e .= $this->WARN(<<'MESSAGE'); +Foswiki will *not* clean up pending registrations automatically. Make sure you +have a cron job running the tools/tick_foswiki.pl script. +MESSAGE + } + return $e; +} + +1; +__END__ +Foswiki - The Free and Open Source Wiki, http://foswiki.org/ + +Copyright (C) 2008-2010 Foswiki Contributors. Foswiki Contributors +are listed in the AUTHORS file in the root of this distribution. +NOTE: Please extend that file, not this notice. + +Additional copyrights apply to some or all of the code in this +file as follows: + +Copyright (C) 2000-2006 TWiki Contributors. All Rights Reserved. +TWiki Contributors are listed in the AUTHORS file in the root +of this distribution. NOTE: Please extend that file, not this notice. + +This program is free software; you can redistribute it and/or +modify it under the terms of the GNU General Public License +as published by the Free Software Foundation; either version 2 +of the License, or (at your option) any later version. For +more details read LICENSE in the root of this distribution. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +As per the GPL, removal of this notice is prohibited. diff --git a/core/lib/Foswiki/Configure/Checkers/Sessions/ExpireAfter.pm b/core/lib/Foswiki/Configure/Checkers/Sessions/ExpireAfter.pm index 5377a26403..a50a667af4 100644 --- a/core/lib/Foswiki/Configure/Checkers/Sessions/ExpireAfter.pm +++ b/core/lib/Foswiki/Configure/Checkers/Sessions/ExpireAfter.pm @@ -19,7 +19,7 @@ sub check { if ( $Foswiki::cfg{Sessions}{ExpireAfter} < 0 ) { $e .= $this->WARN(<<'MESSAGE'); Foswiki will *not* clean up sessions automatically. Make sure you -have a cron job running. +have a cron job running the tools/tick_foswiki.pl script. MESSAGE } return $e; diff --git a/core/lib/Foswiki/Contrib/core/MANIFEST b/core/lib/Foswiki/Contrib/core/MANIFEST index 7c9b2e4f29..220d4ff999 100644 --- a/core/lib/Foswiki/Contrib/core/MANIFEST +++ b/core/lib/Foswiki/Contrib/core/MANIFEST @@ -588,6 +588,7 @@ lib/Foswiki/Configure/Checkers/RCS/unlockCmd.pm 0444 lib/Foswiki/Configure/Checkers/REGEX.pm 0444 lib/Foswiki/Configure/Checkers/Register/AllowLoginName.pm 0444 lib/Foswiki/Configure/Checkers/Register/EmailFilter.pm 0444 +lib/Foswiki/Configure/Checkers/Register/ExpireAfter.pm 0444 lib/Foswiki/Configure/Checkers/Register/NeedVerification.pm 0444 lib/Foswiki/Configure/Checkers/RegistrationApprovals.pm 0444 lib/Foswiki/Configure/Checkers/SMTP/MAILHOST.pm 0444 diff --git a/core/lib/Foswiki/UI/Register.pm b/core/lib/Foswiki/UI/Register.pm index 08e5df68b7..009aa173a3 100755 --- a/core/lib/Foswiki/UI/Register.pm +++ b/core/lib/Foswiki/UI/Register.pm @@ -1526,14 +1526,23 @@ sub _buildConfirmationEmail { sub _validateRegistration { my ( $session, $data, $requireForm ) = @_; + # Set the registration timeout. If it's not configured + # Use the session timeout, and if that's not configure + # then default to 10 hours. + my $exp = + ( defined $Foswiki::cfg{Register}{ExpireAfter} ) + ? $Foswiki::cfg{Register}{ExpireAfter} + : ( defined $Foswiki::cfg{Sessions}{ExpireAfter} ) + ? $Foswiki::cfg{Sessions}{ExpireAfter} + : 36000; # 10 hours + # Expire stale registrations, but if email addresses are being # checked for duplicate registrations, then let that code # read all the pending registration files. Don't do it twice. # Also don't do it if ExpireAfter is negative. Use tick_foswiki instead. unless ( $Foswiki::cfg{Register}{UniqueEmail} ) { - if ( $Foswiki::cfg{Sessions}{ExpireAfter} > 1 ) { - _checkPendingRegistrations( undef, - $Foswiki::cfg{Sessions}{ExpireAfter} ); + if ( $exp > 1 ) { + _checkPendingRegistrations( undef, $exp ); } } @@ -1736,9 +1745,7 @@ sub _validateRegistration { if ( $Foswiki::cfg{Register}{UniqueEmail} ) { my @existingNames = Foswiki::Func::emailToWikiNames( $data->{Email} ); if ( $Foswiki::cfg{Register}{NeedVerification} ) { - my @pending = - _checkPendingRegistrations( $data->{Email}, - $Foswiki::cfg{Sessions}{ExpireAfter} ); + my @pending = _checkPendingRegistrations( $data->{Email}, $exp ); push @existingNames, @pending if scalar @pending; } if ( scalar(@existingNames) ) { @@ -2044,7 +2051,12 @@ tick_foswiki to expire stale registrations. =cut sub expirePendingRegistrations { - my $exp = $Foswiki::cfg{Sessions}{ExpireAfter} || 36000; # 10 hours + my $exp = + ( defined $Foswiki::cfg{Register}{ExpireAfter} ) + ? $Foswiki::cfg{Register}{ExpireAfter} + : ( defined $Foswiki::cfg{Sessions}{ExpireAfter} ) + ? $Foswiki::cfg{Sessions}{ExpireAfter} + : 36000; # 10 hours $exp = -$exp if $exp < 0; _checkPendingRegistrations( undef, $exp ); diff --git a/core/tools/tick_foswiki.pl b/core/tools/tick_foswiki.pl index 18d239e4fd..ed3f821b46 100755 --- a/core/tools/tick_foswiki.pl +++ b/core/tools/tick_foswiki.pl @@ -40,7 +40,7 @@ BEGIN Foswiki::LoginManager::expireDeadSessions(); # This will expire pending registrations that have not been used for -# |{Sessions}{ExpireAfter}| seconds i.e. if you set {Sessions}{ExpireAfter} +# |{Register}{ExpireAfter}| seconds i.e. if you set {Register}{ExpireAfter} # to -36000 or 36000 it will expire registrations that have not been verified for # more than 10 hours,