Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web Basic authentication not creating template user #4840

Closed
robwdwd opened this issue Jun 21, 2022 · 7 comments
Closed

Web Basic authentication not creating template user #4840

robwdwd opened this issue Jun 21, 2022 · 7 comments
Labels
authentication Authentication related issue/feature bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Milestone

Comments

@robwdwd
Copy link
Contributor

robwdwd commented Jun 21, 2022

Describe the bug

Currently on cacti 1.2.21 and this seems to have broken web basic authentication. When a user authenticates with web basic the template user is not used to copy the user because the auth method is being reset and cacti us treating it as a local user. This does not affect users logging in with an existing account.

To Reproduce

This happens every time a new user logs in without an existing account, that must be copied from the template user.

Expected behavior

User is created on first login from template user.

Additional context

I tracked the issue down to this bit of code in auth_login.php. $frv_realm is set here, but I am presuming since web basic auth won't have a form this will use the default 0.

$frv_realm     = get_nfilter_request_var('realm', 0); // The dropdown value for realm

It then hits this bit of code which resets $auth_method to local because $auth_method = 2 and $frv_realm = 0

if (get_nfilter_request_var('action') == 'login' || $auth_method == 2) {
  if ($auth_method >= 2 && $frv_realm <= 1) {
    // User picked 'local' from dropdown;
    $auth_method = 1;
  } else {
    $auth_method = read_config_option('auth_method');
  }

Looking into lib/auth.php and auth_get_username() if I set the realm here to 2 it fixes the issue.

  if ($auth_method == 2) {
    $username = get_basic_auth_username();

    /* Get the Web Basic Auth username and set action so we login right away */
    set_request_var('action', 'login');
    set_request_var('realm', 2);

  } elseif (get_nfilter_request_var('action') == 'login') {
    $username = get_nfilter_request_var('login_username');
  } else {
    $username = '';
@robwdwd robwdwd added bug Undesired behaviour unverified Some days we don't have a clue labels Jun 21, 2022
@robwdwd
Copy link
Contributor Author

robwdwd commented Jun 21, 2022

I think this needs to be changed to in auth_login.php. It needs to check for auth_method is 2 first otherwise when it created the template user it gets created as an LDAP user due to the if ($frv_realm == 2) changing realm to 3.

  // Compensate as the dropdown for LDAP is off by one
  if ($auth_method == 2) {
    $realm = $auth_method;
  } elseif ($frv_realm == 2) {
    $realm = 3;
  } else {
    $realm = $frv_realm;
  }

@TheWitness
Copy link
Member

@robwdwd first thanks for reporting. Is it just the first login problem and picking the template user to copy?

Before you make a pull request, pull the latest 1.2.x. There have already been some bugs reported.

@robwdwd
Copy link
Contributor Author

robwdwd commented Jun 21, 2022

@TheWitness I can't see any fixes for it but looking at the commits for auth_login.php I think it might have been introduced with the code re-write for #4578.

This seem to only happen when the web basic user has never logged in before. If the user exists or I create the user manually before hand this doesn't seem to cause issues.

@TheWitness
Copy link
Member

ea06704

@TheWitness
Copy link
Member

I'm thinking that this is wrong. Should be $auth_method > 2

if (get_nfilter_request_var('action') == 'login' || $auth_method == 2) {
  if ($auth_method >= 2 && $frv_realm <= 1) {
    // User picked 'local' from dropdown;
    $auth_method = 1;
  } else {
    $auth_method = read_config_option('auth_method');
  }

@TheWitness
Copy link
Member

Try that out and report back.

@robwdwd
Copy link
Contributor Author

robwdwd commented Jun 22, 2022

That works! :)

@TheWitness TheWitness added confirmed Bug is confirm by dev team authentication Authentication related issue/feature and removed unverified Some days we don't have a clue labels Jun 22, 2022
@TheWitness TheWitness added this to the v1.2.22 milestone Jun 22, 2022
TheWitness added a commit that referenced this issue Jun 22, 2022
Web Basic authentication not creating template user
@TheWitness TheWitness added the resolved A fixed issue label Jun 22, 2022
@github-actions github-actions bot locked and limited conversation to collaborators Nov 29, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
authentication Authentication related issue/feature bug Undesired behaviour confirmed Bug is confirm by dev team resolved A fixed issue
Projects
None yet
Development

No branches or pull requests

2 participants