If i don't make error : in LDAP : we reload user after creation : https://github.com/LimeSurvey/LimeSurvey/blob/d6363641acf60725994ac3f8dd308469fe1377b3/application/core/plugins/AuthLDAP/AuthLDAP.php#L556

Maybe same patch can be done

Hi Denis,
I added:
$oUser = $this->api->getUserByName($sUser);
in Authwebserver.php after $oUser->save().

It didn't help.

Just to clarify, the problem is that $identity is hasn't been set in AuthPluginBase->setAuthSuccess() when it reaches this line:
$identity->id = $user->uid;

I added this to the beginning of function setAuthSuccess:
$event = $this->getEvent();
$identity = $event->get('identity');
error_log('setAuthSccess event: ' . print_r($event, 1));
error_log('setAuthSccess identity: ' . print_r($identity, 1));

And I get this:
2018-11-16T10:34:49+08:00 cn-dc-limesurvey httpd[3046]: setAuthSuccess event: LimeSurvey\PluginManager\PluginEvent Object
(
[_event:protected] => getGlobalBasePermissions
[_content:protected] => Array
(
)

[_sender:protected] => 
[_stop:protected] => 
[_parameters:protected] => Array
    (
        [globalBasePermissions] => Array
            (
                [auth_webserver] => Array
                    (
                        [create] => 
                        [update] => 
                        [delete] => 
                        [import] => 
                        [export] => 
                        [title] => Use web server authentication
                        [description] => Use web server authentication
                        [img] => usergroup
                    )

                [auth_ldap] => Array
                    (
                        [create] => 
                        [update] => 
                        [delete] => 
                        [import] => 
                        [export] => 
                        [title] => Use LDAP authentication
                        [description] => Use LDAP authentication
                        [img] => usergroup
                    )

            )

    )

)
2018-11-16T10:34:49+08:00 cn-dc-limesurvey httpd[3046]: setAuthSuccess identity:

Eg: identity is not set.

Oh, i think i get the solution : https://github.com/LimeSurvey/LimeSurvey/commit/a5a05d59efb587120e0501792036bba51a7b4523#diff-8595e8f022d653436a397a3e2d218cc9

(this one take me 2 days to find the best solution … 2 days for one line …)

Hi Denis,

I'm not sure what you are proposing here.

I tried adding:
$this->unsubscribe('beforeHasPermission');

At the beginning of Authwebserver->newUserSession() like in the commit you referred to, it didn't work.

When you put error_log('setAuthSccess event: ' . print_r($event, 1));

I think you don't get setAuthSuccess but another event (surely/maybe Permission event) then some event replace current somewhere :)

That is possible, I'm not familiar with this code, I'm just trying to fix the problem as soon as possible.

Anyway, have you reproduced this bug? It's very easy, this should happen to anyone that is using the Authwebserver plugin, I'm not doing anything special here.
A very simple way would be using Apache's basic authentication module.

I didn't search to reproduce the bug … 1st one already take me 2 days to fix without any client …

Please update to the latest version and check if the bug can still be reproduced. Thank you.

Hello lameventanas,

we have asked for feedback on this issue. Because we did not get an answer we assume that the issue is resolved.
However, should you be able to reproduce the issue using the latest version, please feel free to re-open the issue and give us exact details on how to reproduce it.

Thank you and best regards,

c_schmitz