| Anonymous | Login | 2024-11-22 23:24 EST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0000761 | PacketFence | core | public | 2009-08-11 09:26 | 2012-02-29 10:58 | |||
| Reporter | obilodeau | |||||||
| Assigned To | obilodeau | |||||||
| Priority | normal | Severity | minor | Reproducibility | always | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | OS Version | ||||||
| Product Version | ||||||||
| Target Version | Fixed in Version | |||||||
| Summary | 0000761: Registration credentials stored in session allow user to re-register without entering username / password | |||||||
| Description | Affects local auth module. Steps to reproduce: 1. Connect to a packetfence managed switch with an unregistered device 2. Register using local auth (username / password in web captive portal) 3. De-register the node using web interface or SQL query 4. Re-open captive portal page, when you click to register you get registered right away without inputing user / pass. Its most likely a session issue, the credentials should be wiped from the session. Need to test: - Is the session persistent or not? If I close the browser, do I need to enter user/pass again to re-register, if so this bug is not really important since it'll mostly happen during devel/testing. | |||||||
| Tags | No tags attached. | |||||||
| fixed in git revision | ||||||||
| fixed in mtn revision | ||||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0001438) obilodeau (reporter) 2009-12-10 10:35 |
The session is not persistent so closing / re-opening the browser seems to remove stored credentials but its still pissing off Regis enough that he wrote a little patch:
--- web.pm.old 2009-12-08 14:20:47.000000000 -0800
+++ web.pm 2009-12-08 14:22:20.000000000 -0800
@@ -484,9 +484,9 @@
my ( $cgi, $session ) = @_;
my $logger = Log::Log4perl::get_logger('pf::web');
- if ( $session->param("login") ) {
- return ( 1, 0 ); # if logged in, don't bother going further
- }
+# if ( $session->param("login") ) {
+# return ( 1, 0 ); # if logged in, don't bother going further
+# }
if ( $cgi->param("login")
&& $cgi->param("password")
&& $cgi->param("auth") )
I'll now investigate if this was a real "feature" or if its just something that was done like that for no reason. If its the latter, then I'll apply the patch to mtn. |
|
(0001439) obilodeau (reporter) 2009-12-10 11:21 |
Was introduced before monotone history. Read the code and aside from having to re-login when viewing status page or to deregister, I see no change from current behavior. Searched mailing list archive without any findings related to that behavior. I'll consider this a bug and fix it. |
|
(0001440) obilodeau (reporter) 2009-12-10 11:38 |
fixed in 1.8 branch at montone rev: 7a8b920c5ac95d7b830c45af80832f0b358744e3 will be ported to 1.9 branch |
|
(0001441) obilodeau (reporter) 2009-12-10 11:40 |
Reminder sent to: rbalzard Fix applied to prevent the annoying automatic re-registration. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-08-11 09:26 | obilodeau | New Issue | |
| 2009-08-19 15:55 | obilodeau | Status | new => assigned |
| 2009-08-19 15:55 | obilodeau | Assigned To | => obilodeau |
| 2009-12-10 10:35 | obilodeau | Note Added: 0001438 | |
| 2009-12-10 11:21 | obilodeau | Note Added: 0001439 | |
| 2009-12-10 11:38 | obilodeau | Note Added: 0001440 | |
| 2009-12-10 11:38 | obilodeau | Status | assigned => resolved |
| 2009-12-10 11:38 | obilodeau | Resolution | open => fixed |
| 2009-12-10 11:40 | obilodeau | Note Added: 0001441 | |
| 2011-01-26 15:43 | obilodeau | Status | resolved => closed |
| 2011-06-17 17:24 | obilodeau | Relationship added | related to 0001227 |
| 2011-06-17 17:24 | obilodeau | Relationship deleted | related to 0001227 |
| 2012-02-29 10:58 | obilodeau | Category | future => core |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |