Anonymous | Login | 2024-11-22 23:28 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0000761 | PacketFence | core | public | 2009-08-11 09:26 | 2012-02-29 10:58 | |||
Reporter | obilodeau | |||||||
Assigned To | obilodeau | |||||||
Priority | normal | Severity | minor | Reproducibility | always | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | ||||||||
Target Version | Fixed in Version | |||||||
Summary | 0000761: Registration credentials stored in session allow user to re-register without entering username / password | |||||||
Description | Affects local auth module. Steps to reproduce: 1. Connect to a packetfence managed switch with an unregistered device 2. Register using local auth (username / password in web captive portal) 3. De-register the node using web interface or SQL query 4. Re-open captive portal page, when you click to register you get registered right away without inputing user / pass. Its most likely a session issue, the credentials should be wiped from the session. Need to test: - Is the session persistent or not? If I close the browser, do I need to enter user/pass again to re-register, if so this bug is not really important since it'll mostly happen during devel/testing. | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | ||||||||
Attached Files | ||||||||
Notes | |
(0001438) obilodeau (reporter) 2009-12-10 10:35 |
The session is not persistent so closing / re-opening the browser seems to remove stored credentials but its still pissing off Regis enough that he wrote a little patch:--- web.pm.old 2009-12-08 14:20:47.000000000 -0800 +++ web.pm 2009-12-08 14:22:20.000000000 -0800 @@ -484,9 +484,9 @@ my ( $cgi, $session ) = @_; my $logger = Log::Log4perl::get_logger('pf::web'); - if ( $session->param("login") ) { - return ( 1, 0 ); # if logged in, don't bother going further - } +# if ( $session->param("login") ) { +# return ( 1, 0 ); # if logged in, don't bother going further +# } if ( $cgi->param("login") && $cgi->param("password") && $cgi->param("auth") ) I'll now investigate if this was a real "feature" or if its just something that was done like that for no reason. If its the latter, then I'll apply the patch to mtn. |
(0001439) obilodeau (reporter) 2009-12-10 11:21 |
Was introduced before monotone history. Read the code and aside from having to re-login when viewing status page or to deregister, I see no change from current behavior. Searched mailing list archive without any findings related to that behavior. I'll consider this a bug and fix it. |
(0001440) obilodeau (reporter) 2009-12-10 11:38 |
fixed in 1.8 branch at montone rev: 7a8b920c5ac95d7b830c45af80832f0b358744e3 will be ported to 1.9 branch |
(0001441) obilodeau (reporter) 2009-12-10 11:40 |
Reminder sent to: rbalzard Fix applied to prevent the annoying automatic re-registration. |
Issue History | |||
Date Modified | Username | Field | Change |
2009-08-11 09:26 | obilodeau | New Issue | |
2009-08-19 15:55 | obilodeau | Status | new => assigned |
2009-08-19 15:55 | obilodeau | Assigned To | => obilodeau |
2009-12-10 10:35 | obilodeau | Note Added: 0001438 | |
2009-12-10 11:21 | obilodeau | Note Added: 0001439 | |
2009-12-10 11:38 | obilodeau | Note Added: 0001440 | |
2009-12-10 11:38 | obilodeau | Status | assigned => resolved |
2009-12-10 11:38 | obilodeau | Resolution | open => fixed |
2009-12-10 11:40 | obilodeau | Note Added: 0001441 | |
2011-01-26 15:43 | obilodeau | Status | resolved => closed |
2011-06-17 17:24 | obilodeau | Relationship added | related to 0001227 |
2011-06-17 17:24 | obilodeau | Relationship deleted | related to 0001227 |
2012-02-29 10:58 | obilodeau | Category | future => core |
Copyright © 2000 - 2012 MantisBT Group |