View Issue Details

This bug affects 1 person(s).
 2
IDProjectCategoryView StatusLast Update
18169Bug reportsPluginspublic2022-09-10 17:30
ReporterDenisChenu Assigned Toollehar  
PrioritynoneSeverityminor 
Status ready for mergeResolutionopen 
Product Version5.3.x 
Summary18169: Potential redirect loop with Authwebserver
Description

If an user are connected via web but don't have right to connect to limesurvey : there are a redirect loop

Steps To Reproduce

Steps to reproduce

Connect as superadmin (and stay connected)
Create an user TEST for login , just give him right to connect via AuthDB
configure Authwebserver to get user by $_SERVER['TEST_USER'];
update config.php and add $_SERVER['TEST_USER'] = 'TEST'; at start
Open another browser, go to limesurvey admin page

Expected result

redirect loop

Actual result

Throw a 401 OR show login form

TagsNo tags attached.
Bug heat2
Complete LimeSurvey version number (& build)5.3.18
I will donate to the project if issue is resolvedNo
Browsernot relevant
Database type & versionnot relevant
Server OS (if known)not relevant
Webserver software & version (if known)not relevant
PHP Versionnot relevant

Relationships

related to 17654 feedbackollehar spurious error "Incorrect username and/or password!" on auth_webserver autocreating user 

Users monitoring this issue

User List There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2022-06-02 09:29

developer   ~70195

Found when working on https://bugs.limesurvey.org/view.php?id=17654

401 : sure if Authwebserver is default, unsure if not.

DenisChenu

DenisChenu

2022-06-02 09:36

developer   ~70196

https://github.com/LimeSurvey/LimeSurvey/pull/2448

DenisChenu

DenisChenu

2022-06-06 12:02

developer   ~70227

The issue is about Permission checking.

Permission is checked in newUserSession , but not in beforeLogin
Then redirect loop

After fix : no loop 401 is default, DBauth if not.

Issue History

Date Modified Username Field Change
2022-06-02 09:28 DenisChenu New Issue
2022-06-02 09:29 DenisChenu Note Added: 70195
2022-06-02 09:29 DenisChenu Bug heat 0 => 2
2022-06-02 09:29 DenisChenu Assigned To => DenisChenu
2022-06-02 09:29 DenisChenu Status new => assigned
2022-06-02 09:36 DenisChenu Note Added: 70196
2022-06-02 09:37 DenisChenu Assigned To DenisChenu =>
2022-06-02 09:37 DenisChenu Status assigned => ready for code review
2022-06-02 09:37 DenisChenu Relationship added related to 17654
2022-06-06 12:02 DenisChenu Note Added: 70227
2022-07-22 10:02 DenisChenu Assigned To => DenisChenu
2022-07-22 10:02 DenisChenu Status ready for code review => ready for merge
2022-09-10 17:30 DenisChenu Assigned To DenisChenu => ollehar