View Issue Details

IDProjectCategoryView StatusLast Update
07021Bug reports[All Projects] Authenticationpublic2012-12-11 14:48
ReporterpfpDaveAssigned Toc_schmitz 
PriorityhighSeverityminor 
Status closedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07021: Web Server Auth Broken (again) in latest build
DescriptionIn the latest build Web Server auth is broken again but I'm struggling to trace where or why. Basically when I leave the login boxes blank and click login it just returns me to the login screen. I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?

Here's the console log from Firebug (NB: the failed_login_attempts table is empty):



Application Log

[12:19:33.449][trace][system.db.CDbConnection] Opening DB connection

login (line 154)

[12:19:33.453][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='settings_global', :schema='dbo'

login (line 155)

[12:19:33.458][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='settings_global'

login (line 156)

[12:19:33.459][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='settings_global' AND TABLE_SCHEMA='dbo'

login (line 157)

[12:19:33.460][trace][system.db.ar.CActiveRecord] Settings_global.findAll()

login (line 158)

[12:19:33.463][trace][system.db.CDbCommand] Querying SQL: SELECT * FROM [dbo].[settings_global] [t]

login (line 159)

[12:19:33.504][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 160)

[12:19:33.504][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='updatelastcheck'

login (line 161)

[12:19:33.507][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='surveys', :schema='dbo'

login (line 162)

[12:19:33.512][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='surveys'

login (line 163)

[12:19:33.513][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='surveys' AND TABLE_SCHEMA='dbo'

login (line 164)

[12:19:33.521][trace][system.db.ar.CActiveRecord] Settings_global.findByPk()

login (line 165)

[12:19:33.521][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[settings_global] [t] WHERE [t].[stg_name]='DBVersion'

login (line 166)

[12:19:33.525][trace][system.db.CDbCommand] Querying SQL: SELECT k.column_name field_name
            FROM [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] k
            LEFT JOIN [INFORMATION_SCHEMA].[TABLE_CONSTRAINTS] c
              ON k.table_name = c.table_name
             AND k.constraint_name = c.constraint_name
           WHERE c.constraint_type ='PRIMARY KEY'
                   AND k.table_name = :table
                AND k.table_schema = :schema. Bound with :table='failed_login_attempts', :schema='dbo'

login (line 167)

[12:19:33.529][trace][system.db.CDbCommand] Querying SQL: SELECT
             KCU1.CONSTRAINT_NAME AS 'FK_CONSTRAINT_NAME'
           , KCU1.TABLE_NAME AS 'FK_TABLE_NAME'
           , KCU1.COLUMN_NAME AS 'FK_COLUMN_NAME'
           , KCU1.ORDINAL_POSITION AS 'FK_ORDINAL_POSITION'
           , KCU2.CONSTRAINT_NAME AS 'UQ_CONSTRAINT_NAME'
           , KCU2.TABLE_NAME AS 'UQ_TABLE_NAME'
           , KCU2.COLUMN_NAME AS 'UQ_COLUMN_NAME'
           , KCU2.ORDINAL_POSITION AS 'UQ_ORDINAL_POSITION'
        FROM [INFORMATION_SCHEMA].[REFERENTIAL_CONSTRAINTS] RC
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU1
        ON KCU1.CONSTRAINT_CATALOG = RC.CONSTRAINT_CATALOG
           AND KCU1.CONSTRAINT_SCHEMA = RC.CONSTRAINT_SCHEMA
           AND KCU1.CONSTRAINT_NAME = RC.CONSTRAINT_NAME
        JOIN [INFORMATION_SCHEMA].[KEY_COLUMN_USAGE] KCU2
        ON KCU2.CONSTRAINT_CATALOG =
        RC.UNIQUE_CONSTRAINT_CATALOG
           AND KCU2.CONSTRAINT_SCHEMA =
        RC.UNIQUE_CONSTRAINT_SCHEMA
           AND KCU2.CONSTRAINT_NAME =
        RC.UNIQUE_CONSTRAINT_NAME
           AND KCU2.ORDINAL_POSITION = KCU1.ORDINAL_POSITION
        WHERE KCU1.TABLE_NAME = :table. Bound with :table='failed_login_attempts'

login (line 168)

[12:19:33.530][trace][system.db.CDbCommand] Querying SQL: SELECT *, columnproperty(object_id(table_schema+'.'+table_name), column_name, 'IsIdentity') as IsIdentity FROM [INFORMATION_SCHEMA].[COLUMNS] WHERE TABLE_NAME='failed_login_attempts' AND TABLE_SCHEMA='dbo'

login (line 169)

[12:19:33.531][trace][system.db.ar.CActiveRecord] Failed_login_attempts.find()

login (line 170)

[12:19:33.531][trace][system.db.CDbCommand] Querying SQL: SELECT TOP 1 * FROM [dbo].[failed_login_attempts] [t] WHERE number_attempts > :attempts AND ip = :ip. Bound with :attempts=3, :ip='192.168.100.123'

login (line 171)
login (line 153)
TagsNo tags attached.
Complete LimeSurvey version number (& build)121204
I will donate to the project if issue is resolvedNo
BrowserIE8
Database & DB-VersionSQL Express 2012
Operating System (Server)Server 2008
Webserver software & versionIIS 7
PHP Version5.4.8

Relationships

has duplicate 07049 closedc_schmitz Webserver authentication is not implemented 

Activities

c_schmitz

c_schmitz

2012-12-09 14:42

administrator   ~23035

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10798
c_schmitz

c_schmitz

2012-12-09 16:29

administrator   ~23040

2.00+ Build 121209 released
c_schmitz

c_schmitz

2012-12-09 20:20

administrator   ~23057

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10814
pfpDave

pfpDave

2012-12-10 09:56

reporter   ~23071

The fix doesn't work and to be honest I don't believe the issue is or was related to the UserIdentity module ... In my comment I said ...

..."I've checked UserIdentity.php and it's grabbing the username correctly and is returning a 1 for !$this->errorCode; so that part works OK ... where does it go next?"...
c_schmitz

c_schmitz

2012-12-10 10:33

administrator   ~23072

It works for me so now - so I cannot reproduce your issue.
Can you attach your config.php please? (please remove any passwords first)
pfpDave

pfpDave

2012-12-10 10:35

reporter  

config.php (2,856 bytes)
pfpDave

pfpDave

2012-12-10 10:35

reporter   ~23073

Attached as requested.
pfpDave

pfpDave

2012-12-10 10:40

reporter   ~23075

I just edited UserIdentity.php to insert the below debug code at line 150:

print "User ID: " . $this->id;
print "
Error code Not set: " . !$this->errorCode;
die();

====
The UI Returns the following:

User ID: 4
Error code Not set: 1

====

row with uID 4 in dbo.users.Users_name matches my PC login ID
pfpDave

pfpDave

2012-12-10 10:41

reporter   ~23076

Without the code above, I click Login, the page reloads and shows with no error message (as if I hadn't clicked the login button)
c_schmitz

c_schmitz

2012-12-10 11:06

administrator   ~23080

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10828
c_schmitz

c_schmitz

2012-12-10 11:07

administrator   ~23081

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=10830
pfpDave

pfpDave

2012-12-10 11:18

reporter   ~23083

I'm not entirely sure I understand why that fix has worked but it has - many thanks.
c_schmitz

c_schmitz

2012-12-10 11:28

administrator   ~23085

We recently introduced another control layer that checks if the session belongs to the currently used database - if not the login screen is shown.
This check includes a has created from a 'secret' string, your user ID and user name. So it is important that the Identity properly sets the user name for the CWebuser object for later use (which was in case of web auth not the case - therefore the change).
pfpDave

pfpDave

2012-12-10 11:30

reporter   ~23086

Ahh OK, that makes sense, many thanks.
c_schmitz

c_schmitz

2012-12-11 14:48

administrator   ~23127

2.00 Build 121211 released

Related Changesets

LimeSurvey: master d4b1be7e

2012-12-09 13:36:58

c_schmitz

Details Diff
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff File

LimeSurvey: 2.1 34770900

2012-12-09 13:36:58

c_schmitz

Details Diff
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff File

LimeSurvey: 2.1 91ea5f64

2012-12-10 10:05:36

c_schmitz

Details Diff
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff File

LimeSurvey: master 76160fbd

2012-12-10 10:05:36

c_schmitz

Details Diff
Fixed issue 07021: Web server authentication broken
mod - application/core/UserIdentity.php Diff File

Issue History

Date Modified Username Field Change
2012-12-05 13:25 pfpDave New Issue
2012-12-07 15:25 c_schmitz Relationship added has duplicate 07049
2012-12-09 14:35 c_schmitz Assigned To => c_schmitz
2012-12-09 14:35 c_schmitz Status new => assigned
2012-12-09 14:42 c_schmitz Changeset attached => LimeSurvey master d4b1be7e
2012-12-09 14:42 c_schmitz Note Added: 23035
2012-12-09 14:42 c_schmitz Resolution open => fixed
2012-12-09 14:42 c_schmitz Status assigned => resolved
2012-12-09 14:42 c_schmitz Fixed in Version => 2.00+
2012-12-09 16:29 c_schmitz Note Added: 23040
2012-12-09 16:29 c_schmitz Status resolved => closed
2012-12-09 20:20 c_schmitz Changeset attached => LimeSurvey 2.1 34770900
2012-12-09 20:20 c_schmitz Note Added: 23057
2012-12-10 09:56 pfpDave Note Added: 23071
2012-12-10 09:56 pfpDave Status closed => feedback
2012-12-10 09:56 pfpDave Resolution fixed => reopened
2012-12-10 10:33 c_schmitz Note Added: 23072
2012-12-10 10:35 pfpDave File Added: config.php
2012-12-10 10:35 pfpDave Note Added: 23073
2012-12-10 10:35 pfpDave Status feedback => assigned
2012-12-10 10:40 pfpDave Note Added: 23075
2012-12-10 10:41 pfpDave Note Added: 23076
2012-12-10 11:06 c_schmitz Changeset attached => LimeSurvey 2.1 91ea5f64
2012-12-10 11:06 c_schmitz Note Added: 23080
2012-12-10 11:07 c_schmitz Changeset attached => LimeSurvey master 76160fbd
2012-12-10 11:07 c_schmitz Note Added: 23081
2012-12-10 11:07 c_schmitz Status assigned => resolved
2012-12-10 11:07 c_schmitz Resolution reopened => fixed
2012-12-10 11:18 pfpDave Note Added: 23083
2012-12-10 11:28 c_schmitz Note Added: 23085
2012-12-10 11:30 pfpDave Note Added: 23086
2012-12-11 14:48 c_schmitz Note Added: 23127
2012-12-11 14:48 c_schmitz Status resolved => closed