LimeSurvey issue tracker
Registration

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
07021Bug reports[All Projects] Authenticationpublic2012-12-05 13:252012-12-11 14:48
ReporterpfpDave 
Assigned Toc_schmitz 
PriorityhighSeverityminor 
StatusclosedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07021: Web Server Auth Broken (again) in latest build
DescriptionIn the latest build Web Server auth is broken again but I'm struggling to trace where or why. Basically when I leave the login boxes blank and click login it just returns me to the login screen. I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?

Here's the console log from Firebug (NB: the failed_login_attempts table is empty):



Application Log

[12:19:33.449][trace][system.db.CDbConnection] Opening DB connection

login (line 154)

[12:19:33.453][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='settings_global', :schema='dbo'

login (line 155)

[12:19:33.458][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='settings_global'

login (line 156)

[12:19:33.459][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='settings_global' AND TABLE_SCHEMA='dbo'

login (line 157)

[12:19:33.460][trace][system.db.ar.CActiveRecord] Settings_global.findAll()

login (line 158)

[12:19:33.463][trace][system.db.CDbCommand] Querying SQL: SELECT * FROM [dbo].[settings_global] [t]

login (line 159)

[12:19:33.504][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 160)

[12:19:33.504][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='updatelastcheck'

login (line 161)

[12:19:33.507][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='surveys', :schema='dbo'

login (line 162)

[12:19:33.512][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='surveys'

login (line 163)

[12:19:33.513][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='surveys' AND TABLE_SCHEMA='dbo'

login (line 164)

[12:19:33.521][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 165)

[12:19:33.521][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='DBVersion'

login (line 166)

[12:19:33.525][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='failed_login_attempts', :schema='dbo'

login (line 167)

[12:19:33.529][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='failed_login_attempts'

login (line 168)

[12:19:33.530][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='failed_login_attempts' AND TABLE_SCHEMA='dbo'

login (line 169)

[12:19:33.531][trace][system.db.ar.CActiveRecord] Failed_login_attempts.find()

login (line 170)

[12:19:33.531][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[failed_login_attempts] [t] WHERE number_attempts > :attempts AND ip = :ip. Bound with :attempts=3, :ip='192.168.100.123'

login (line 171)
login (line 153)
I will donate to the project if issue is resolved within 48 hrsNo
LimeSurvey build number OR git commit ID121204
BrowserIE8
Database & DB-VersionSQL Express 2012
Operating System (Server)Server 2008
Webserver software & versionIIS 7
PHP Version5.4.8
Attached Files? file icon config.php [^] (2,856 bytes) 2012-12-10 10:35

- Relationships
has duplicate 07049closedc_schmitz Webserver authentication is not implemented 

-  Notes
User avatar (23035)
c_schmitz (administrator)
2012-12-09 14:42

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10798 [^]
User avatar (23040)
c_schmitz (administrator)
2012-12-09 16:29

2.00+ Build 121209 released
User avatar (23057)
c_schmitz (administrator)
2012-12-09 20:20

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10814 [^]
User avatar (23071)
pfpDave (reporter)
2012-12-10 09:56

The fix doesn't work and to be honest I don't believe the issue is or was related to the UserIdentity module ... In my comment I said ...

..."I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?"...
User avatar (23072)
c_schmitz (administrator)
2012-12-10 10:33

It works for me so now - so I cannot reproduce your issue.
Can you attach your config.php please? (please remove any passwords first)
User avatar (23073)
pfpDave (reporter)
2012-12-10 10:35

Attached as requested.
User avatar (23075)
pfpDave (reporter)
2012-12-10 10:40

I just edited UserIdentity.php to insert the below debug code at line 150:

print "User ID: " . $this->id;
print "
Error code Not set: " . !$this->errorCode;
die();

====
The UI Returns the following:

User ID: 4
Error code Not set: 1

====

row with uID 4 in dbo.users.Users_name matches my PC login ID
User avatar (23076)
pfpDave (reporter)
2012-12-10 10:41

Without the code above, I click Login, the page reloads and shows with no error message (as if I hadn't clicked the login button)
User avatar (23080)
c_schmitz (administrator)
2012-12-10 11:06

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10828 [^]
User avatar (23081)
c_schmitz (administrator)
2012-12-10 11:07

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10830 [^]
User avatar (23083)
pfpDave (reporter)
2012-12-10 11:18

I'm not entirely sure I understand why that fix has worked but it has - many thanks.
User avatar (23085)
c_schmitz (administrator)
2012-12-10 11:28

We recently introduced another control layer that checks if the session belongs to the currently used database - if not the login screen is shown.
This check includes a has created from a 'secret' string, your user ID and user name. So it is important that the Identity properly sets the user name for the CWebuser object for later use (which was in case of web auth not the case - therefore the change).
User avatar (23086)
pfpDave (reporter)
2012-12-10 11:30

Ahh OK, that makes sense, many thanks.
User avatar (23127)
c_schmitz (administrator)
2012-12-11 14:48

2.00 Build 121211 released

- Related Changesets
LimeSurvey: master d4b1be7e
Timestamp: 2012-12-09 13:36:58
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: 2.1 34770900
Timestamp: 2012-12-09 13:36:58
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: 2.1 91ea5f64
Timestamp: 2012-12-10 10:05:36
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: master 76160fbd
Timestamp: 2012-12-10 10:05:36
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-12-05 13:25 pfpDave New Issue
2012-12-07 15:25 c_schmitz Relationship added has duplicate 07049
2012-12-09 14:35 c_schmitz Assigned To => c_schmitz
2012-12-09 14:35 c_schmitz Status new => assigned
2012-12-09 14:42 c_schmitz Changeset attached => LimeSurvey master d4b1be7e
2012-12-09 14:42 c_schmitz Note Added: 23035
2012-12-09 14:42 c_schmitz Resolution open => fixed
2012-12-09 14:42 c_schmitz Status assigned => resolved
2012-12-09 14:42 c_schmitz Fixed in Version => 2.00+
2012-12-09 16:29 c_schmitz Note Added: 23040
2012-12-09 16:29 c_schmitz Status resolved => closed
2012-12-09 20:20 c_schmitz Changeset attached => LimeSurvey 2.1 34770900
2012-12-09 20:20 c_schmitz Note Added: 23057
2012-12-10 09:56 pfpDave Note Added: 23071
2012-12-10 09:56 pfpDave Status closed => feedback
2012-12-10 09:56 pfpDave Resolution fixed => reopened
2012-12-10 10:33 c_schmitz Note Added: 23072
2012-12-10 10:35 pfpDave File Added: config.php
2012-12-10 10:35 pfpDave Note Added: 23073
2012-12-10 10:35 pfpDave Status feedback => assigned
2012-12-10 10:40 pfpDave Note Added: 23075
2012-12-10 10:41 pfpDave Note Added: 23076
2012-12-10 11:06 c_schmitz Changeset attached => LimeSurvey 2.1 91ea5f64
2012-12-10 11:06 c_schmitz Note Added: 23080
2012-12-10 11:07 c_schmitz Changeset attached => LimeSurvey master 76160fbd
2012-12-10 11:07 c_schmitz Note Added: 23081
2012-12-10 11:07 c_schmitz Status assigned => resolved
2012-12-10 11:07 c_schmitz Resolution reopened => fixed
2012-12-10 11:18 pfpDave Note Added: 23083
2012-12-10 11:28 c_schmitz Note Added: 23085
2012-12-10 11:30 pfpDave Note Added: 23086
2012-12-11 14:48 c_schmitz Note Added: 23127
2012-12-11 14:48 c_schmitz Status resolved => closed


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker