suggested edits from PR#2292

Alex-Jordan · Feb 14, 2024 · d9bf525 · d9bf525
1 parent 9f47d43
commit d9bf525
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 21 deletions.
diff --git a/conf/authen_CAS.conf.dist b/conf/authen_CAS.conf.dist
@@ -16,16 +16,7 @@ $authen{user_module} = {
 # This should be a non-empty sublist of whatever is in $authen{user_module}.
 # Since the admin course provides overall power to add/delete courses, access
 # to this course should be protected by the best possible authentication you
-# have available to you.  The current default is
-# WeBWorK::Authen::Basic_TheLastOption which is simple password based
-# authentication for a password locally stored in your WeBWorK server's
-# database.  On one hand, this is necessary as the initial setting, as it is the
-# only option available when a new server is being installed.  However, since
-# this option does not make use of multi-factor authentication or provide any
-# capabilities to prevent dictionary attacks, etc.  At the very least you should
-# use a very strong password.  If you have the option to use a more secure
-# authentication approach to the admin course (one which you are confident
-# cannot be spoofed) that is preferable.
+# have available to you.
 $authen{admin_module} = [
 	'WeBWorK::Authen::CAS'
 ];

diff --git a/conf/authen_ldap.conf.dist b/conf/authen_ldap.conf.dist
@@ -16,16 +16,7 @@ $authen{user_module} = {
 # This should be a non-empty sublist of whatever is in $authen{user_module}.
 # Since the admin course provides overall power to add/delete courses, access
 # to this course should be protected by the best possible authentication you
-# have available to you.  The current default is
-# WeBWorK::Authen::Basic_TheLastOption which is simple password based
-# authentication for a password locally stored in your WeBWorK server's
-# database.  On one hand, this is necessary as the initial setting, as it is the
-# only option available when a new server is being installed.  However, since
-# this option does not make use of multi-factor authentication or provide any
-# capabilities to prevent dictionary attacks, etc.  At the very least you should
-# use a very strong password.  If you have the option to use a more secure
-# authentication approach to the admin course (one which you are confident
-# cannot be spoofed) that is preferable.
+# have available to you.
 $authen{admin_module} = [
 	'WeBWorK::Authen::LDAP'
 ];

diff --git a/lib/WeBWorK/Authen.pm b/lib/WeBWorK/Authen.pm
@@ -191,7 +191,12 @@ sub verify {
 
 	my $authen_ref = ref($c->authen);
 	if ($c->ce->{courseName} eq 'admin' && !(grep(/^$authen_ref$/, @{ $c->ce->{authen}{admin_module} }))) {
-		$c->stash(authen_error => maketext("Cannot authenticate into admin course using $authen_ref."));
+		$self->write_log_entry("Cannot authenticate into admin course using $authen_ref.");
+		$c->stash(
+			authen_error => $c->maketext(
+				'There was an error during the login process.  Please speak to your instructor or system administrator.'
+			)
+		);
 		return ($self->call_next_authen_method());
 	}