LimeSurvey issue tracker
Registration

View Issue Details Jump to Notes ] Related Changesets ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
07049Bug reports[All Projects] Authenticationpublic2012-12-07 15:142013-03-02 16:34
Reporterdrohde 
Assigned Toc_schmitz 
PriorityurgentSeveritymajor 
StatusclosedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07049: Webserver authentication is not implemented
DescriptionI cannot protect the admin interface with a Apache Basic authentication because I get the LimeSurvey login screen after a successful basic auth.
When I click on the login button of the LimeSurvey login form (without username/password) the authenticated user will be correct registered but I get the LimeSurvey login screen again. I cannot upgrade to 2.x. because I'm missing the behavior of the old v1.9x builds.
Steps To ReproduceMy Apache ask for the username and password when a went to the admin interface. After a successful Basic authentication I get the unwanted LimeSurvey login screen.


Apache 2.4 config snippet:
<Directory /opt/limesurvey>
        <If "%{PATH_INFO} =~ m#/admin#">
                AuthType Basic
                AuthName "Account"
                require valid-user
        </If>
</Directory>


Limesurvey config.php snippet:
return array(
...
                'auth_webserver'=>true,
                'auth_webserver_user_map' => Array('xxxxx' => 'admin'),
                'auth_webserver_autocreate_user'=>true,
               'auth_webserver_autocreate_profile' => Array(
                        'full_name' => preg_match('/@/',$_SERVER['REMOTE_USER']) ? strtok($_SERVER['REMOTE_USER'],'@') : $_SERVER['REMOTE_USER'],
                        'email' => preg_match('/@/',$_SERVER['REMOTE_USER'])? $_SERVER['REMOTE_USER'] : $_SERVER['REMOTE_USER'].'@mydomain.de',
                        'lang' => 'en',
                        'htmleditormode' => 'inline',
                        'templatelist' => 'default,basic,bluengrey,citronade,clear_logo,eirenicon,limespired,mint_idea,sherpa,vallendar',
                        'create_survey' => 1,
                        'create_user' => 0,
                        'delete_user' => 0,
                        'superadmin' => 0,
                        'configurator' => 0,
                        'manage_template' => 0,
                        'manage_label' => 0
                        ),



...
);
Additional InformationI can't find any REMOTE_USER or REDIRECT_REMOTE_USER string in the LimeSurvey code base and in the authentication controller (except in the Statistics_userController.php). In the old build (192plus-build120919) the authentication and auto registration features work fine because admin/usercontrol.php evaluates the REMOTE_USER.
I will donate to the project if issue is resolved within 48 hrsNo
LimeSurvey build number OR git commit ID121204
Browser
Database & DB-VersionMySQL
Operating System (Server)Linux
Webserver software & versionApache 2.4.3
PHP Version5.3.18
Attached Files

- Relationships
duplicate of 07021closedc_schmitz Web Server Auth Broken (again) in latest build 

-  Notes
User avatar (24024)
drohde (reporter)
2013-02-11 08:52

Hi,
this bug report is not a duplicate and is not fixed yet (build build130206). There isn't any REMOTE_USER or REDIRECT_REMOTE_USER evaluation in the UserIdentity class or in any controller.

I expect following behavior (like it was in 1.9+ versions):
   1 after calling the admin interface the Apache asks for login and password
   2 after successful login:
      2.1 a unknown user will be registered
      2.2 user is logged in
I cannot upgrade yet because I have 40.000 potential users in my production environment and I need the Apache Basic authentication and a automated user registration.
 

Regards,
Dan
User avatar (24110)
c_schmitz (administrator)
2013-02-15 14:56

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11641 [^]
User avatar (24141)
drohde (reporter)
2013-02-18 10:24

Hi,
the fix works

Thx
User avatar (24152)
c_schmitz (administrator)
2013-02-19 11:13

2.00 Build 130219 released
User avatar (24255)
c_schmitz (administrator)
2013-02-25 11:18

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11690 [^]
User avatar (24472)
c_schmitz (administrator)
2013-03-02 16:34

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11731 [^]

- Related Changesets
LimeSurvey: master 645ea656
Timestamp: 2013-02-15 13:56:24
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07049: Webserver authentication not working when external access control is used
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: 2.1 e3706b1c
Timestamp: 2013-02-15 13:56:24
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07049: Webserver authentication not working when external access control is used
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: master ad10c283
Timestamp: 2013-02-25 10:18:47
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07049: Webserver authentication not working when external access control is used
mod - application/core/UserIdentity.php Diff ] File ]
LimeSurvey: 2.1 6eaf4fbf
Timestamp: 2013-02-25 10:18:47
Author: c_schmitz
Committer: Carsten Schmitz
Details ] Diff ]
Fixed issue 07049: Webserver authentication not working when external access control is used
mod - application/core/UserIdentity.php Diff ] File ]

- Issue History
Date Modified Username Field Change
2012-12-07 15:14 drohde New Issue
2012-12-07 15:25 c_schmitz Relationship added duplicate of 07021
2012-12-07 15:26 c_schmitz Status new => closed
2012-12-07 15:26 c_schmitz Assigned To => c_schmitz
2012-12-07 15:26 c_schmitz Resolution open => duplicate
2013-02-11 08:52 drohde Note Added: 24024
2013-02-11 08:52 drohde Status closed => feedback
2013-02-11 08:52 drohde Resolution duplicate => reopened
2013-02-15 14:54 c_schmitz Status feedback => resolved
2013-02-15 14:54 c_schmitz Fixed in Version => 2.00+
2013-02-15 14:54 c_schmitz Resolution reopened => fixed
2013-02-15 14:56 c_schmitz Changeset attached => LimeSurvey master 645ea656
2013-02-15 14:56 c_schmitz Note Added: 24110
2013-02-18 10:24 drohde Note Added: 24141
2013-02-19 11:13 c_schmitz Note Added: 24152
2013-02-19 11:13 c_schmitz Status resolved => closed
2013-02-25 11:18 c_schmitz Changeset attached => LimeSurvey master ad10c283
2013-02-25 11:18 c_schmitz Note Added: 24255
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 e3706b1c
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 6eaf4fbf
2013-03-02 16:34 c_schmitz Note Added: 24472


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker