Review Request: Patch for "FTP ioslave unnecessarily asks for password"

Dawit Alemayehu adawit at kde.org
Sun Mar 20 04:58:01 GMT 2011 


> On March 18, 2011, 11:22 p.m., David Faure wrote:
> > Hmm, this whole block is inside "if (failedAuth>0)", so this means kio_ftp tried to log in, but without using the cached credentials?
> > Ah, probably because it tries anonymous first. Which kind of sucks on sites where you have recorded a password into kwallet...
> > 
> > So I'm not objecting this patch, feel free to commit, but I actually think a better fix would be "if cached credentials, then use them for the first attempt" (like kio_sftp does, I think). And then the code you touched (handling of failed auth) doesn't have to change.
> 
> Dawit Alemayehu wrote:
>     Ah yes, you are right. What I did is completely wrong! Dunno what I was thinking, but I guess I saw an openPasswordDialog without cacheCachedAuthentication and thought... Well you get the point. Anyhow, I will change the code as you suggested here because it is exactly what I meant to accomplish with my patch.
>     
>     Another thing that would even be more cool, and not just to this ioslave, is if cacheCachedAuthentication prompts the user to select which credential to use when there are mutiple stored for a given site. I guess I just added another item to my own TODO list! :)

Actually I take it back. The original patch I posted with some minor modification is the correct patch.

1. The majority use case of the ftp ioslave is to access public ftp sites with anonymous login and as such the ioslave should always be optimized for that use case. To me it should not waste time looking up for cached credentials.

2. The user can circumvent the default optimization above by simply including a username when entering the ftp url. In that case, kio_ftp will never attempt the anonymous login. Instead it should lookup for any cached password or prompt and prompt the end user when it could not find one.

So in general here is what would/should happen:

1.) If the user types a ftp url without a username and the ftp server allows anonymous login, login anonymously.
2.) If the user types a ftp url without a username and the ftp server does not allows anonymous login, prompt the user.
3.) If the user types a ftp url with a username and the ftp server either allows or does not allow anonymous login, use cached authentication if available ; prompt the user otherwise.

Other rare scenarios such as what to do in the presence of multiple logins for a site when the url is specified without a username, is something each individual ioslave should not have to deal with IMHO. Instead as I suggested in my prior response, it should be handled at the kpasswordserver level when checkCachedAuthentication is invoked. Perhaps by prompting the user to choose one from a list of cached usernames ?? Anyhow, if there are no objections to this approach, I will repost the original patch with few modifications to take care of additional login related bugs.


- Dawit


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
http://git.reviewboard.kde.org/r/100873/#review2040
-----------------------------------------------------------


On March 19, 2011, 4:37 a.m., Dawit Alemayehu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> http://git.reviewboard.kde.org/r/100873/
> -----------------------------------------------------------
> 
> (Updated March 19, 2011, 4:37 a.m.)
> 
> 
> Review request for kdelibs.
> 
> 
> Summary
> -------
> 
> The attached patch forces kio_ftp to first look up for cached password before showing the user a prompt to enter password information. This addresses the issue mentioned in 143488 and makes kio_ftp's behavior consistent with the other ioslaves.
> 
> 
> This addresses bugs 124675 and 143488.
>     http://bugs.kde.org/show_bug.cgi?id=124675
>     http://bugs.kde.org/show_bug.cgi?id=143488
> 
> 
> Diffs
> -----
> 
>   kioslave/ftp/ftp.cpp 95c4450 
> 
> Diff: http://git.reviewboard.kde.org/r/100873/diff
> 
> 
> Testing
> -------
> 
> Login to an ftp site, save the password and visit the same site again. No prompt.
> 
> 
> Thanks,
> 
> Dawit
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20110320/30493e56/attachment.htm>

More information about the kde-core-devel mailing list