New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
LDAP authentication saves password hash to database #4755
Comments
If you configured a mapping for the field plainTextPassword that might be true. That's the only place where LDAP attributes are hydrated: |
I am currently checking on this, it seems to happen somewhere after this line is executed. |
I don't have an LDAP on hand, so I can't debug end-to-end right now. Search for the methods setPlainPassword or setPassword on src/Entity/User.php |
I made a small setup with The After successful authentication, the After this call, the newly hashed password will be saved to the database. I don't know, where this badge comes from except some deep code inside |
It seems to be fixed when I add a small check inside the public function upgradePassword(PasswordAuthenticatedUserInterface $user, string $newHashedPassword): void
{
if (!($user instanceof User)) {
return;
}
if($user->getAuth() != User::AUTH_INTERNAL) {
return;
}
try {
$user->setPassword($newHashedPassword);
$this->saveUser($user);
} catch (\Exception $ex) {
// happens during login: if it fails, ignore it!
}
}
|
Wow, how super weird. Probably resetting the password on every login, what do you think? |
No problem, sounds great! This would work and also removes the possibility for this to happen somewhere else, but it also reduces the chance of noticing bugs around this. Maybe with a db-migration as a one-time-fix you could also clean current LDAP-users? |
Next release will stop saving the hashed password. |
Describe the issue
The documentation states, that kimai does not save the password when using LDAP authentication. After a look into the database I noticed, that it does save the password hash to the database when logging in using LDAP.
When I clear the hashes and simply login using my LDAP-account, it saves the hash again. I also checked the hash with my password, it is indeed derived from my password. Also if I delete my LDAP-settings, login with the password hash is possible.
I don't know if there is something wrong with my setup or a database migration not working, the ldap user has the following attributes on
kimai2_users
-table:LDAP config
local.yaml
:#4182 someone mentions, that there are no hashes on the database. So it must be a quite new bug.
I already tried
Kimai version
2.14.0
How do you run Kimai?
Docker
Which PHP version are you using?
8.2
Logfile
No response
Screenshots
No response
The text was updated successfully, but these errors were encountered: