Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006707TestLinkUser Authentication Methodspublic2014-10-23 23:492014-11-30 09:15
Reporterram_chandupatla 
Assigned Tofman 
PriorityimmediateSeveritytrivialReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.12 (2014 Q3) 
Fixed in Version1.9.13 (2015 #1) 
Summary0006707: User Authentication is failing with DB when using LDAP & DB authentication
DescriptionDue to the nature of our business we have staff working on our projects both internally and externally. We would like to use TestLink authentication for both LDAP & DB in TestLink.

When we enabled the LDAP authentication on TestLink, the users with DB passwords are unable to access TestLink. We are unable to resolve the issue. I have checked the forum but could not a resolution on this issue.

As our testing will be going through crucial phase in the coming months we would like to resolve this issue as soon as possible.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships
related to 0006712closedfman Reset Password does not write password to DB, when DEFAULT AUTH method is LDAP, but user is DB 

-  Notes
(0022019)
fman (administrator)
2014-10-24 18:24

unfortunately detailed provided are not enough to do other action that closing unable to reproduce.
Please read FRONT PAGE of forum.testlink.org where I've written:


HOW TO Report an issue?
To report issues you have to use => http://mantis.testlink.org [^]
You need to create a user, using available link on http://mantis.testlink.org [^] HOME PAGE.

Please read documentation about EFFECTIVE BUG REPORTING before start.

Avoid sentences that has no value and can be misunderstood as OFFENSIVE like:

This does not make any sense ...
This is nonsense ...

Same apply for ending sentences with !!! => THIS DOES NOT WORK!!!!
...


there you are going to find reference to good examples

>> As our testing will be going through crucial phase in the coming months we
>> would like to resolve this issue as soon as possible.
You can buy support in order to have personalized support if TestLink is so critical for you.
If you can not afford it, then you have to understand that I provide support on BEST possible effort but without any warranty on ETA.
(0022026)
fman (administrator)
2014-10-24 18:36

http://forum.testlink.org/viewforum.php?f=33&sid=072ca12c319850b32e88933f5d198627 [^]
(0022031)
pkhooper (reporter)
2014-10-25 08:53
edited on: 2014-10-25 08:56

Additional information on this issue.

Authentication Configuration:

-- config.inc.php (not changed from default for 1.9.12 base)

$tlCfg->authentication['domain'] = array('DB' => array('description' => 'DB', 'allowPasswordManagement' => true) ,
                                                                                 'LDAP' => array('description' => 'LDAP', 'allowPasswordManagement' => false) );

-- custom_config.inc.php

/* Default Authentication method */
$tlCfg->authentication['method'] = 'LDAP'; //array('LDAP','DB');


Effectively, our default authentication method is 'LDAP'.

In this configuration when a new user is created with a user level authentication selected as DB, the users password is blank in the database. A cookie-string is created , and the auth_method field is set to 'DB'.

This user can not login to the system, due to the blank password.

If I encrypt a password and put it in the password field. The user can login, but the main page is blank.

I traced through the code and found the blank password creation occurs in /lib/functions/users.inc.php - function resetPassword

The function is below.

function resetPassword(&$db,$userID,$passwordSendMethod='send_password_by_mail')
{
  $retval = array('status' => tl::OK, 'password' => '', 'msg' => '');
  $user = new tlUser($userID);
  $retval['status'] = $user->readFromDB($db);
  
  if ($retval['status'] >= tl::OK)
  {
    $retval['status'] = tlUser::E_EMAILLENGTH;

    if( trim($user->emailAddress) != "")
    {
      $newPassword = tlUser::generatePassword(8,4);
      $retval['status'] = $user->setPassword($newPassword);
      
      if ($retval['status'] >= tl::OK)
      {
        $retval['password'] = $newPassword;
        $mail_op = new stdClass();
        $mail_op->status_ok = false;
        if( $passwordSendMethod == 'send_password_by_mail' )
        {
          $msgBody = lang_get('your_password_is') . "\n\n" . $newPassword . "\n\n" . lang_get('contact_admin');
          $mail_op = @email_send(config_get('from_email'),
                                 $user->emailAddress,lang_get('mail_passwd_subject'),$msgBody);
        }
        if ($mail_op->status_ok || ($passwordSendMethod == 'display_on_screen') )
        {
          $retval['status'] = $user->writePasswordToDB($db);
        }
        else
        {
          $retval['status'] = tl::ERROR;
          $retval['msg'] = $mail_op->msg;
        }
      }
    }
  }


The line causing the error is:
$retval['status'] = $user->setPassword($newPassword);

This function is from /lib/functions/tlUser.class.php

  public function setPassword($pwd,$authentication=null)
  {
    if (self::isPasswordMgtExternal($authentication))
    {
      return self::S_PWDMGTEXTERNAL;
    }
    $pwd = trim($pwd);
    if ($pwd == "")
    {
      return self::E_PWDEMPTY;
    }
    $this->password = $this->encryptPassword($pwd,$authentication);
    return tl::OK;
  }


The problem in this function is that setPassword call from /lib/functions/users.inc.php does not pass in the second parameter for authentication method.
This authentication method is used in self::isPasswordMgtExternal($authentication).
Then self::isPasswordMgtExternal($authentication) is called with null, it always returns the configuration default authentication method, which is our case is 'LDAP'.

For this user, the authentication method is 'DB'.

The code for the function isPasswordMgtExternal is below. This is from /lib/function/tlUser.class.php.

  static public function isPasswordMgtExternal($method2check=null)
  {
    $target = $method2check;
    if( is_null($target) || $target=='')
    {
      $authCfg = config_get('authentication');
      $target = $authCfg['method'];
    }
    switch($target)
    {
      case 'LDAP':
        return true;
      break;

      case 'DB':
      case 'MD5':
      default:
        return false;
      break;
    }
  }


The lines of issue here are:
      $authCfg = config_get('authentication');
      $target = $authCfg['method'];

This is user level class, and the authentication method is being retrieved from a system level setting.
This needs to change to a user level default based on the auth_method for the user.

When I modify setPassword call in resetPassword (users.inc.php) to have the user level authentication method the user is created with a password and from limited testing things are working correctly.

/lib/functions/users.inc.php - line 187.
Original line:
$retval['status'] = $user->setPassword($newPassword);

Modified line:
$retval['status'] = $user->setPassword($newPassword, $user->authentication);

Even though this change fixes the issue, with my limited understanding of the code, I would change the isPasswordMgtExternal function to be user level default than system configuration level default.


Patrick.

(0022032)
fman (administrator)
2014-10-25 13:32

@pkhooper
Thanks for your help

Issue subject need to be changed IMHO
(0022034)
pkhooper (reporter)
2014-10-25 21:36

fman,

Agree after understanding the problem correctly, this subject is not accurate.

This issue though does apply with both reset of password and creation of a new account.

I have read through your created issue 6712, and I have applied your fix to our system and I confirm that creating a new user and resetting a password work correctly.

Though I still think that the root cause of the problem is isPasswordMgtExternal being system level configuration when it needs to be user based.

Thank you for your fast response.

Regards,
Patrick.
(0022038)
fman (administrator)
2014-10-26 14:21

>> Though I still think that the root cause of the problem is
>> isPasswordMgtExternal being system level configuration when it needs to be
>> user based.

I slitghty disagree, IMHO isPasswordMgtExternal() has to provide info about System default.
What may be is needed is to have an option or a differente method to give a answer to this question (is Password Mgt External?) but for an specific USER
(0022286)
istream (reporter)
2014-11-30 02:07

Ram_Chandupatle,
Can you please attach your custom_config.inc.php file which works for both DB and LDAP users. Also, the changes suggested for users.inc.php are must change for both authentications to work, I suppose.
Thanks in advance.
(0022287)
fman (administrator)
2014-11-30 09:15

@istream
Issue is resolved on latest code from gitorious (branch 1.9). (this will be NEXT stable release)
Then what you can do is get this code, install in sandbox, and test.

- Issue History
Date Modified Username Field Change
2014-10-23 23:49 ram_chandupatla New Issue
2014-10-24 18:24 fman Note Added: 0022019
2014-10-24 18:25 fman Assigned To => fman
2014-10-24 18:25 fman Status new => feedback
2014-10-24 18:36 fman Note Added: 0022026
2014-10-25 08:53 pkhooper Note Added: 0022031
2014-10-25 08:56 pkhooper Note Edited: 0022031 View Revisions
2014-10-25 13:32 fman Note Added: 0022032
2014-10-25 13:51 fman Relationship added related to 0006712
2014-10-25 21:36 pkhooper Note Added: 0022034
2014-10-26 14:21 fman Note Added: 0022038
2014-11-01 08:30 fman QA Team - Task Workflow Status => TBD
2014-11-01 08:30 fman Status feedback => resolved
2014-11-01 08:30 fman Resolution open => fixed
2014-11-30 02:07 istream Note Added: 0022286
2014-11-30 09:15 fman Note Added: 0022287
2014-11-30 09:15 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2014-11-30 09:15 fman Status resolved => closed
2014-11-30 09:15 fman Fixed in Version => 1.9.13 (2015 #1)



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker