Authentication can fail when using Web Basic Authentication and Template User

[TheWitness]

Describe the bug

There are two issues related to basic authentication in Cacti 1.2.12. They are:

• Create user from Template is not function. You get an undefined function call in auth_login.php
• For some Single Signon environments, in conjunction with Basic Authentication like OpenIDT or SAML2, the redirect portion of the single sign on does not properly function if the redirect from the SSL provider goes to index.php.

To Reproduce

Steps to reproduce the behavior:

1. Enable OpenIDT on Apache

2. Point your OpenIDT configuration to Azure

3. Enable Web Basic

4. Setup a Template Account

5. Attempt to have a new user sign in who will not have console access.

6. Note that the redirect from the Auth provider does not follow Cacti rules, and instead the user receives a permission denied message.

Expected behavior

Permissions and default redirect should work as expected.

[TheWitness]

The first part of this was a regression from a user contribution. The second is a new bug observed putting Cacti into practice with the OpenIDT Apache Module.

[ddb4github]

2020/05/15 11:33:58 - CMDPHP PHP ERROR NOTICE Backtrace: (/index.php[25]:unknown(), /include/auth.php[169]:unknown(), /auth_login.php[372]:auth_login_redirect(), /lib/auth.php[2753]:CactiErrorHandler())
2020/05/15 11:33:58 - ERROR PHP NOTICE: Undefined variable: newtheme in file: /opt/IBM/cacti/lib/auth.php on line: 2753

--- cacti/auth_login.php   2020-05-12 18:56:08.000000000 +0800
+++ cacti/auth_login.php   2020-05-15 12:43:45.208648441 +0800
@@ -359,12 +359,6 @@
                        }
                }

-               $newtheme = false;
-               if (user_setting_exists('selected_theme', $_SESSION['sess_user_id']) && read_config_option('selected_theme') != read_user_setting('selected_theme')) {
-                       unset($_SESSION['selected_theme']);
-                       $newtheme = true;
-               }
-
                if (user_setting_exists('user_language', $_SESSION['sess_user_id'])) {
                        $_SESSION['sess_user_language'] = read_user_setting('user_language');
                }


diff -ruEbwB cacti/lib/auth.php cacti/lib/auth.php
--- cacti/lib/auth.php     2020-05-12 18:56:08.000000000 +0800
+++ cacti/lib/auth.php     2020-05-15 12:38:16.228015758 +0800
@@ -2715,6 +2715,12 @@
 function auth_login_redirect($login_opts = '') {
        global $config;

+       $newtheme = false;
+       if (user_setting_exists('selected_theme', $_SESSION['sess_user_id']) && read_config_option('selected_theme') != read_user_setting('selected_theme')) {
+               unset($_SESSION['selected_theme']);
+               $newtheme = true;
+       }
+
        if ($login_opts == '') {
                $login_opts = db_fetch_cell_prepared('SELECT login_opts
                        FROM user_auth

[netniV]

Does my fix work for you @ddb4github ?

[ddb4github]

Does my fix work for you @ddb4github ?

Yes, workable