View Issue Details

IDProjectCategoryView StatusLast Update
14257Bug reports[All Projects] Authenticationpublic2019-04-12 10:33
Reporterlameventanas Assigned ToLouisGac  
PrioritynoneSeverityminor 
Status assignedResolutionopen 
Product Version3.13.x 
Target VersionFixed in Version 
Summary14257: Automatic profile creation process has a bug
Description

The process of automatic profile creation has a bug.

When a new account is created in Authwebserver.php, newUserSession()

AuthwebServer->newUserSession() gets the default values for the new user profile (either by hook or the config entry).
Then it calls setAuthSuccess($oUser) (inherited from AuthPluginBase).

Which does:
$identity->id = $user->uid;

And generates a PHP warning:
Creating default object from empty value

The user is created successfully though, and reloading the page makes the error message go away, but of course this is unsettling for the user.

Steps To Reproduce

Enable the Authwebserver plugin and configure Limesurvey with a "hook_get_auth_webserver_profile" funciton or auth_webserver_autocreate_user and auth_webserver_autocreate_profile.

TagsNo tags attached.
Complete LimeSurvey version number (& build)3.14.8+180829
I will donate to the project if issue is resolvedNo
Browser
Database & DB-Version5.6.41
Server OS (if known)Linux
Webserver software & version (if known)Apache 2.4
PHP Version7.2.10

Activities

DenisChenu

DenisChenu

2018-11-15 13:03

developer   ~49666

If i don't make error : in LDAP : we reload user after creation : https://github.com/LimeSurvey/LimeSurvey/blob/d6363641acf60725994ac3f8dd308469fe1377b3/application/core/plugins/AuthLDAP/AuthLDAP.php#L556

Maybe same patch can be done

lameventanas

lameventanas

2018-11-16 03:41

reporter   ~49673

Hi Denis,
I added:
$oUser = $this->api->getUserByName($sUser);
in Authwebserver.php after $oUser->save().

It didn't help.

Just to clarify, the problem is that $identity is hasn't been set in AuthPluginBase->setAuthSuccess() when it reaches this line:
$identity->id = $user->uid;

I added this to the beginning of function setAuthSuccess:
$event = $this->getEvent();
$identity = $event->get('identity');
error_log('setAuthSccess event: ' . print_r($event, 1));
error_log('setAuthSccess identity: ' . print_r($identity, 1));

And I get this:
2018-11-16T10:34:49+08:00 cn-dc-limesurvey httpd[3046]: setAuthSuccess event: LimeSurvey\PluginManager\PluginEvent Object
(
[_event:protected] => getGlobalBasePermissions
[_content:protected] => Array
(
)

[_sender:protected] => 
[_stop:protected] => 
[_parameters:protected] => Array
    (
        [globalBasePermissions] => Array
            (
                [auth_webserver] => Array
                    (
                        [create] => 
                        [update] => 
                        [delete] => 
                        [import] => 
                        [export] => 
                        [title] => Use web server authentication
                        [description] => Use web server authentication
                        [img] => usergroup
                    )

                [auth_ldap] => Array
                    (
                        [create] => 
                        [update] => 
                        [delete] => 
                        [import] => 
                        [export] => 
                        [title] => Use LDAP authentication
                        [description] => Use LDAP authentication
                        [img] => usergroup
                    )

            )

    )

)
2018-11-16T10:34:49+08:00 cn-dc-limesurvey httpd[3046]: setAuthSuccess identity:

Eg: identity is not set.

DenisChenu

DenisChenu

2018-11-16 08:43

developer   ~49674

Oh, i think i get the solution : https://github.com/LimeSurvey/LimeSurvey/commit/a5a05d59efb587120e0501792036bba51a7b4523#diff-8595e8f022d653436a397a3e2d218cc9

(this one take me 2 days to find the best solution … 2 days for one line …)

lameventanas

lameventanas

2018-11-19 01:15

reporter   ~49689

Hi Denis,

I'm not sure what you are proposing here.

I tried adding:
$this->unsubscribe('beforeHasPermission');

At the beginning of Authwebserver->newUserSession() like in the commit you referred to, it didn't work.

DenisChenu

DenisChenu

2018-11-19 10:44

developer   ~49690

When you put error_log('setAuthSccess event: ' . print_r($event, 1));

I think you don't get setAuthSuccess but another event (surely/maybe Permission event) then some event replace current somewhere :)

lameventanas

lameventanas

2018-11-19 11:17

reporter   ~49692

That is possible, I'm not familiar with this code, I'm just trying to fix the problem as soon as possible.

Anyway, have you reproduced this bug? It's very easy, this should happen to anyone that is using the Authwebserver plugin, I'm not doing anything special here.
A very simple way would be using Apache's basic authentication module.

DenisChenu

DenisChenu

2018-11-19 11:23

developer   ~49693

I didn't search to reproduce the bug … 1st one already take me 2 days to fix without any client …

Issue History

Date Modified Username Field Change
2018-11-15 10:00 lameventanas New Issue
2018-11-15 13:03 DenisChenu Note Added: 49666
2018-11-16 03:41 lameventanas Note Added: 49673
2018-11-16 08:43 DenisChenu Note Added: 49674
2018-11-19 01:15 lameventanas Note Added: 49689
2018-11-19 10:44 DenisChenu Note Added: 49690
2018-11-19 11:17 lameventanas Note Added: 49692
2018-11-19 11:23 DenisChenu Note Added: 49693
2019-04-12 10:33 LouisGac Assigned To => LouisGac
2019-04-12 10:33 LouisGac Status new => assigned