07049: Webserver authentication is not implemented - LimeSurvey bugs and feature requests

This bug affects 1 person(s).

ID	Project	Category	View Status	Date Submitted	Last Update

07049	Bug reports	Authentication	public	2012-12-07 15:14	2013-03-02 16:34

Reporter	drohde	Assigned To	c_schmitz
Priority	urgent	Severity	partial_block
Status	closed	Resolution	fixed
Product Version	2.00+
Fixed in Version	2.00+

Summary	07049: Webserver authentication is not implemented
Description	I cannot protect the admin interface with a Apache Basic authentication because I get the LimeSurvey login screen after a successful basic auth. When I click on the login button of the LimeSurvey login form (without username/password) the authenticated user will be correct registered but I get the LimeSurvey login screen again. I cannot upgrade to 2.x. because I'm missing the behavior of the old v1.9x builds.
Steps To Reproduce	My Apache ask for the username and password when a went to the admin interface. After a successful Basic authentication I get the unwanted LimeSurvey login screen. Apache 2.4 config snippet: <Directory /opt/limesurvey> <If "%{PATH_INFO} =~ m#/admin#"> AuthType Basic AuthName "Account" require valid-user </If> </Directory> Limesurvey config.php snippet: return array( ... 'auth_webserver'=>true, 'auth_webserver_user_map' => Array('xxxxx' => 'admin'), 'auth_webserver_autocreate_user'=>true, 'auth_webserver_autocreate_profile' => Array( 'full_name' => preg_match('/@/',$_SERVER['REMOTE_USER']) ? strtok($_SERVER['REMOTE_USER'],'@') : $_SERVER['REMOTE_USER'], 'email' => preg_match('/@/',$_SERVER['REMOTE_USER'])? $_SERVER['REMOTE_USER'] : $_SERVER['REMOTE_USER'].'@mydomain.de', 'lang' => 'en', 'htmleditormode' => 'inline', 'templatelist' => 'default,basic,bluengrey,citronade,clear_logo,eirenicon,limespired,mint_idea,sherpa,vallendar', 'create_survey' => 1, 'create_user' => 0, 'delete_user' => 0, 'superadmin' => 0, 'configurator' => 0, 'manage_template' => 0, 'manage_label' => 0 ), ... );
Additional Information	I can't find any REMOTE_USER or REDIRECT_REMOTE_USER string in the LimeSurvey code base and in the authentication controller (except in the Statistics_userController.php). In the old build (192plus-build120919) the authentication and auto registration features work fine because admin/usercontrol.php evaluates the REMOTE_USER.
Tags	No tags attached.

Bug heat	6
Complete LimeSurvey version number (& build)	121204
I will donate to the project if issue is resolved	No
Browser
Database type & version	MySQL
Server OS (if known)	Linux
Webserver software & version (if known)	Apache 2.4.3
PHP Version	5.3.18

User List	mfaber

drohde 2013-02-11 08:52 reporter ~24024	Hi, this bug report is not a duplicate and is not fixed yet (build build130206). There isn't any REMOTE_USER or REDIRECT_REMOTE_USER evaluation in the UserIdentity class or in any controller. I expect following behavior (like it was in 1.9+ versions): 1 after calling the admin interface the Apache asks for login and password 2 after successful login: 2.1 a unknown user will be registered 2.2 user is logged in I cannot upgrade yet because I have 40.000 potential users in my production environment and I need the Apache Basic authentication and a automated user registration. Regards, Dan

c_schmitz 2013-02-15 14:56 administrator ~24110	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11641

drohde 2013-02-18 10:24 reporter ~24141	Hi, the fix works Thx

c_schmitz 2013-02-19 11:13 administrator ~24152	2.00 Build 130219 released

c_schmitz 2013-02-25 11:18 administrator ~24255	Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11690

c_schmitz 2013-03-02 16:34 administrator ~24472	Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11731

LimeSurvey: master 645ea656 2013-02-15 14:56 c_schmitz Details Diff	Fixed issue 07049: Webserver authentication not working when external access control is used	Affected Issues 07049
	mod - application/core/UserIdentity.php	Diff File
LimeSurvey: 2.1 e3706b1c 2013-02-15 14:56 c_schmitz Details Diff	Fixed issue 07049: Webserver authentication not working when external access control is used	Affected Issues 07049
	mod - application/core/UserIdentity.php	Diff File
LimeSurvey: master ad10c283 2013-02-25 11:18 c_schmitz Details Diff	Fixed issue 07049: Webserver authentication not working when external access control is used	Affected Issues 07049
	mod - application/core/UserIdentity.php	Diff File
LimeSurvey: 2.1 6eaf4fbf 2013-02-25 11:18 c_schmitz Details Diff	Fixed issue 07049: Webserver authentication not working when external access control is used	Affected Issues 07049
	mod - application/core/UserIdentity.php	Diff File

Date Modified	Username	Field	Change
2012-12-07 15:14	drohde	New Issue
2012-12-07 15:25	c_schmitz	Relationship added	duplicate of 07021
2012-12-07 15:26	c_schmitz	Status	new => closed
2012-12-07 15:26	c_schmitz	Assigned To	=> c_schmitz
2012-12-07 15:26	c_schmitz	Resolution	open => duplicate
2012-12-09 09:31	mfaber	Issue Monitored: mfaber
2013-02-11 08:52	drohde	Note Added: 24024
2013-02-11 08:52	drohde	Status	closed => feedback
2013-02-11 08:52	drohde	Resolution	duplicate => reopened
2013-02-15 14:54	c_schmitz	Status	feedback => resolved
2013-02-15 14:54	c_schmitz	Fixed in Version	=> 2.00+
2013-02-15 14:54	c_schmitz	Resolution	reopened => fixed
2013-02-15 14:56	c_schmitz	Changeset attached	=> LimeSurvey master 645ea656
2013-02-15 14:56	c_schmitz	Note Added: 24110
2013-02-18 10:24	drohde	Note Added: 24141
2013-02-19 11:13	c_schmitz	Note Added: 24152
2013-02-19 11:13	c_schmitz	Status	resolved => closed
2013-02-25 11:18	c_schmitz	Changeset attached	=> LimeSurvey master ad10c283
2013-02-25 11:18	c_schmitz	Note Added: 24255
2013-03-02 16:34	c_schmitz	Changeset attached	=> LimeSurvey 2.1 e3706b1c
2013-03-02 16:34	c_schmitz	Changeset attached	=> LimeSurvey 2.1 6eaf4fbf
2013-03-02 16:34	c_schmitz	Note Added: 24472

View Issue Details

Relationships

Users monitoring this issue

Activities

Related Changesets

Issue History