PacketFence
Bug Tracking System

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001302PacketFencecaptive portalpublic2011-10-05 16:392012-09-06 10:57
Reporterfgaudreault 
Assigned Toobilodeau 
PriorityhighSeveritymajorReproducibilityrandom
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.3.2 
Target Version3.5.1Fixed in Version3.5.1 
Summary0001302: People cannot confirm email registration on some cases
DescriptionHere is the use case.

In a routed environment, the user self-registers, get the 10min grace period, and tries to load the email link. The email link comes with pf.domain.tld, which usually points to the management interface of PF. The user won't be able to hit the virtual server on port 443 since his IP address won't be allowed to hit the portal. The allow is only for routed-networks, and localhost. So, when you try to reach it using a production ip, you will get a 403.




TagsNo tags attached.
fixed in git revisionstable: 3547973 devel: 3204f55
fixed in mtn revision
Attached Files

- Relationships
has duplicate 0001504closedfdurand Sponsor Guest registration is not able to activate the registration link. 

-  Notes
(0002317)
obilodeau (reporter)
2011-10-05 17:40

Previous readme on how to configure was specifying this and giving appropriate instructions to open up Apache's ACLs. What do you suggest for a fix?
(0002318)
fgaudreault (viewer)
2011-10-05 17:41

Create a specific location definition in the captive-portal-common for email-activation.cgi and allow all. I think that would do it.
(0002397)
fgaudreault (viewer)
2011-10-25 11:01

Fixed in 3.0.2
(0002400)
obilodeau (reporter)
2011-10-25 11:44

3.0.2 is released, closing ticket.
(0002690)
fgaudreault (viewer)
2012-04-27 11:32
edited on: 2012-04-27 11:33

Issue reopened.

Tested on 3.3.2, the allow all on activate/email is not sufficient. We still get 403 on the cgi file:
client denied by server configuration: /usr/local/pf/html/captive-portal/email_activation.cgi

Caused by :
<DirectoryMatch "%%install_dir%%/html/captive-portal">
  Order deny,allow
  Deny from all
  allow from %%routed-nets%% 127.0.0.1
</DirectoryMatch>

(0002700)
sinusoidal (reporter)
2012-05-07 19:04

I've also had this error.

Put in a temporary work around by adding the url to the allowed_from_all_urls in apache.pm, but concerned that this may have opened up security issues?

$tags{'allowed_from_all_urls'} .=
    '|/activate/email|/activate/email|/email_activation.cgi';
(0002701)
obilodeau (reporter)
2012-05-08 08:42

Increasing priority and targeted for next stable release.
(0002935)
obilodeau (reporter)
2012-08-15 16:45

A quick fix was pushed in 3547973: https://github.com/inverse-inc/packetfence/commit/3547973fd7a81f08d9d419685f160ff194573f3a [^]

A better fix is coming for the devel branch: fix/apache-acl-generation-for-guests
(0002950)
obilodeau (reporter)
2012-08-20 16:38

Better fix for devel completed.
(0003020)
obilodeau (reporter)
2012-09-06 10:57

fix released in 3.5.1 yesterday

- Issue History
Date Modified Username Field Change
2011-10-05 16:39 fgaudreault New Issue
2011-10-05 17:40 obilodeau Note Added: 0002317
2011-10-05 17:41 fgaudreault Note Added: 0002318
2011-10-06 09:43 obilodeau Target Version => +1
2011-10-06 09:43 obilodeau Additional Information Updated
2011-10-25 11:01 fgaudreault Note Added: 0002397
2011-10-25 11:01 fgaudreault Status new => resolved
2011-10-25 11:01 fgaudreault Fixed in Version => 3.0.2
2011-10-25 11:01 fgaudreault Resolution open => fixed
2011-10-25 11:01 fgaudreault Assigned To => fgaudreault
2011-10-25 11:44 obilodeau Note Added: 0002400
2011-10-25 11:44 obilodeau Status resolved => closed
2011-10-25 11:44 obilodeau Target Version +1 => 3.0.2
2011-10-25 11:44 obilodeau Additional Information Updated
2012-04-27 11:30 fgaudreault Resolution fixed => reopened
2012-04-27 11:30 fgaudreault Product Version 3.0.1 => 3.3.2
2012-04-27 11:31 fgaudreault Status closed => assigned
2012-04-27 11:32 fgaudreault Note Added: 0002690
2012-04-27 11:32 fgaudreault Resolution reopened => open
2012-04-27 11:33 fgaudreault Note Edited: 0002690
2012-05-03 13:41 obilodeau Assigned To fgaudreault => obilodeau
2012-05-07 19:04 sinusoidal Note Added: 0002700
2012-05-08 08:42 obilodeau Note Added: 0002701
2012-05-08 08:42 obilodeau Priority normal => high
2012-05-08 08:42 obilodeau Fixed in Version 3.0.2 =>
2012-05-08 08:42 obilodeau Target Version 3.0.2 => +1
2012-08-07 16:05 obilodeau Relationship added has duplicate 0001504
2012-08-15 16:45 obilodeau Note Added: 0002935
2012-08-20 16:38 obilodeau git revision => stable: 3547973 devel: 3204f55
2012-08-20 16:38 obilodeau Note Added: 0002950
2012-08-20 16:38 obilodeau Status assigned => resolved
2012-08-20 16:38 obilodeau Fixed in Version => +1
2012-08-20 16:38 obilodeau Resolution open => fixed
2012-09-06 10:56 obilodeau Target Version +1 => 3.5.1
2012-09-06 10:56 obilodeau Fixed in Version +1 => 3.5.1
2012-09-06 10:57 obilodeau Note Added: 0003020
2012-09-06 10:57 obilodeau Status resolved => closed


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker