View Issue Details

This bug affects 1 person(s).
 8
IDProjectCategoryView StatusLast Update
17654Bug reportsPluginspublic2021-12-06 20:18
Reporterprigaux Assigned ToDenisChenu  
PrioritynoneSeverityminor 
Status assignedResolutionopen 
Product Version5.x 
Summary17654: spurious error "Incorrect username and/or password!" on auth_webserver autocreating user
DescriptionOn auth_webserver login with autocreation, it displays a spurious error "Incorrect username and/or password!"

Here is why:

When autocreating a user, Authwebserver::newUserSession:
- calls Permission::setPermissions which dispatch a new event
  => which modify $this->event
- calls $this->setAuthSuccess ... which modifies "beforeHasPermission" event instead of modifying "newUserSession" event
LSUserIdentity::authenticate which dispatched "newUserSession" event checks $authEvent->get('result') which is still null and sets $result as error.

Steps To ReproduceSteps to reproduce
------------------------------
ensure user is not a "users" db, then access /admin page

Expected result
-------------------------
no warning

Actual result
-----------------
it alerts "Incorrect username and/or password!"

TagsNo tags attached.
Bug heat8
Complete LimeSurvey version number (& build)5.1.14 & 210927
I will donate to the project if issue is resolvedNo
Browser
Database type & versionmysql myisam
Server OS (if known)Debian 10
Webserver software & version (if known)
PHP VersionPHP 7.3

Users monitoring this issue

User List DenisChenu, prigaux

Activities

prigaux

prigaux

2021-10-07 14:36

reporter   ~66796

Suggested fix: https://github.com/LimeSurvey/LimeSurvey/pull/2087
DenisChenu

DenisChenu

2021-11-26 16:26

developer   ~67594

Last edited: 2021-11-27 08:49

My opinion : must fix auth_webserver plugin and not try to fix all events with potential risk.

Add $Authwebserver = $this at line 99 : https://github.com/LimeSurvey/LimeSurvey/blob/8a093fdcfe1a27ea44db9a3cc0e5ccb05a0460a6/application/core/plugins/Authwebserver/Authwebserver.php#L99
is a quick start
(and replace all this after ;) )
DenisChenu

DenisChenu

2021-11-27 10:24

developer   ~67599

Checked the suggested fix, currently don't find a way to really broke plugin : system is better .

Except if some plugin dev use the broken system …

https://github.com/Shnoulle/CheckIssue17654Fix

Need other plugin dev advice here …
DenisChenu

DenisChenu

2021-12-06 20:18

developer   ~67718

@prigaux : Can you check with https://github.com/LimeSurvey/LimeSurvey/pull/2170 ? Please

Else: i think your fix is great, but broke API then need to be done for develop

Issue History

Date Modified Username Field Change
2021-10-07 14:33 prigaux New Issue
2021-10-07 14:35 prigaux Issue Monitored: prigaux
2021-10-07 14:35 prigaux Bug heat 0 => 2
2021-10-07 14:36 prigaux Note Added: 66796
2021-10-07 14:36 prigaux Bug heat 2 => 4
2021-10-07 16:02 DenisChenu Issue Monitored: DenisChenu
2021-10-07 16:02 DenisChenu Bug heat 4 => 6
2021-10-08 17:07 galads Assigned To => galads
2021-10-08 17:07 galads Status new => confirmed
2021-10-08 17:07 galads Assigned To galads => gabrieljenik
2021-10-08 17:07 galads Status confirmed => assigned
2021-11-26 16:26 DenisChenu Note Added: 67594
2021-11-26 16:26 DenisChenu Bug heat 6 => 8
2021-11-27 08:49 DenisChenu Assigned To gabrieljenik => DenisChenu
2021-11-27 10:24 DenisChenu Note Added: 67599
2021-12-06 20:18 DenisChenu Note Added: 67718