Anonymous Login
2016-09-29 10:21 CEST

View Issue Details Jump to Notes ] Related Changesets ]
IDProjectCategoryView StatusLast Update
07049Bug reports[All Projects] Authenticationpublic2013-03-02 16:34
Reporterdrohde 
Assigned Toc_schmitz 
PriorityurgentSeveritymajor 
StatusclosedResolutionfixed 
Product Version2.00+ 
Target VersionFixed in Version2.00+ 
Summary07049: Webserver authentication is not implemented
DescriptionI cannot protect the admin interface with a Apache Basic authentication because I get the LimeSurvey login screen after a successful basic auth.
When I click on the login button of the LimeSurvey login form (without username/password) the authenticated user will be correct registered but I get the LimeSurvey login screen again. I cannot upgrade to 2.x. because I'm missing the behavior of the old v1.9x builds.
Steps To ReproduceMy Apache ask for the username and password when a went to the admin interface. After a successful Basic authentication I get the unwanted LimeSurvey login screen.


Apache 2.4 config snippet:
<Directory /opt/limesurvey>
        <If "%{PATH_INFO} =~ m#/admin#">
                AuthType Basic
                AuthName "Account"
                require valid-user
        </If>
</Directory>


Limesurvey config.php snippet:
return array(
...
                'auth_webserver'=>true,
                'auth_webserver_user_map' => Array('xxxxx' => 'admin'),
                'auth_webserver_autocreate_user'=>true,
               'auth_webserver_autocreate_profile' => Array(
                        'full_name' => preg_match('/@/',$_SERVER['REMOTE_USER']) ? strtok($_SERVER['REMOTE_USER'],'@') : $_SERVER['REMOTE_USER'],
                        'email' => preg_match('/@/',$_SERVER['REMOTE_USER'])? $_SERVER['REMOTE_USER'] : $_SERVER['REMOTE_USER'].'@mydomain.de',
                        'lang' => 'en',
                        'htmleditormode' => 'inline',
                        'templatelist' => 'default,basic,bluengrey,citronade,clear_logo,eirenicon,limespired,mint_idea,sherpa,vallendar',
                        'create_survey' => 1,
                        'create_user' => 0,
                        'delete_user' => 0,
                        'superadmin' => 0,
                        'configurator' => 0,
                        'manage_template' => 0,
                        'manage_label' => 0
                        ),



...
);
Additional InformationI can't find any REMOTE_USER or REDIRECT_REMOTE_USER string in the LimeSurvey code base and in the authentication controller (except in the Statistics_userController.php). In the old build (192plus-build120919) the authentication and auto registration features work fine because admin/usercontrol.php evaluates the REMOTE_USER.
Complete LimeSurvey version number (& build)121204
I will donate to the project if issue is resolvedNo
Browser
Database & DB-VersionMySQL
Operating System (Server)Linux
Webserver software & versionApache 2.4.3
PHP Version5.3.18
Attached Files

-Relationships
duplicate of 07021closedc_schmitz Web Server Auth Broken (again) in latest build 
+Relationships

-Notes

~24024

drohde (reporter)

Hi,
this bug report is not a duplicate and is not fixed yet (build build130206). There isn't any REMOTE_USER or REDIRECT_REMOTE_USER evaluation in the UserIdentity class or in any controller.

I expect following behavior (like it was in 1.9+ versions):
   1 after calling the admin interface the Apache asks for login and password
   2 after successful login:
      2.1 a unknown user will be registered
      2.2 user is logged in
I cannot upgrade yet because I have 40.000 potential users in my production environment and I need the Apache Basic authentication and a automated user registration.
 

Regards,
Dan

~24110

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11641

~24141

drohde (reporter)

Hi,
the fix works

Thx

~24152

c_schmitz (administrator)

2.00 Build 130219 released

~24255

c_schmitz (administrator)

Fix committed to master branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11690

~24472

c_schmitz (administrator)

Fix committed to 2.1 branch: http://bugs.limesurvey.org/plugin.php?page=Source/view&id=11731
+Notes

+Related Changesets

-Issue History
Date Modified Username Field Change
2012-12-07 15:14 drohde New Issue
2012-12-07 15:25 c_schmitz Relationship added duplicate of 07021
2012-12-07 15:26 c_schmitz Status new => closed
2012-12-07 15:26 c_schmitz Assigned To => c_schmitz
2012-12-07 15:26 c_schmitz Resolution open => duplicate
2013-02-11 08:52 drohde Note Added: 24024
2013-02-11 08:52 drohde Status closed => feedback
2013-02-11 08:52 drohde Resolution duplicate => reopened
2013-02-15 14:54 c_schmitz Status feedback => resolved
2013-02-15 14:54 c_schmitz Fixed in Version => 2.00+
2013-02-15 14:54 c_schmitz Resolution reopened => fixed
2013-02-15 14:56 c_schmitz Changeset attached => LimeSurvey master 645ea656
2013-02-15 14:56 c_schmitz Note Added: 24110
2013-02-18 10:24 drohde Note Added: 24141
2013-02-19 11:13 c_schmitz Note Added: 24152
2013-02-19 11:13 c_schmitz Status resolved => closed
2013-02-25 11:18 c_schmitz Changeset attached => LimeSurvey master ad10c283
2013-02-25 11:18 c_schmitz Note Added: 24255
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 e3706b1c
2013-03-02 16:34 c_schmitz Changeset attached => LimeSurvey 2.1 6eaf4fbf
2013-03-02 16:34 c_schmitz Note Added: 24472
+Issue History