View Issue Details

IDProjectCategoryView StatusLast Update
0015869mantisbtapi soappublic2014-12-08 00:33
ReportersmartmantisAssigned Tovboctor 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.2.15 
Target Version1.3.0-beta.1Fixed in Version1.3.0-beta.1 
Summary0015869: API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed
Description

We use mantistouch and LDAP auth.
And we have a problem with the new users because they can't login until they aren't login to the mantis "normal" version.

We made a patch for it in the core/authentication_api.php:

function auth_attempt_script_login( $p_username, $p_password = null ) {
global $g_script_login_cookie, $g_cache_current_user_id;
$t_user_id = user_get_id_by_name( $p_username );
//patch start
//create users if not exists in the mantis DB but exits in the LDAP
if ( false === $t_user_id ) {
$t_login_method = config_get( 'login_method' );
if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) {
$t_auto_create = true;
}
if ( $t_auto_create ) {
$t_cookie_string = user_create( $p_username, md5( $p_password ) );
if ( false === $t_cookie_string )
return false;
$t_user_id = user_get_id_by_name( $p_username );
if( false === $t_user_id ) {
return false;
}
} else {
return false;
}
}
// if( false === $t_user_id ) {
// return false;
// }
//patch end
$t_user = user_get_row( $t_user_id );
...

Tagspatch

Activities

rombert

rombert

2013-05-17 15:20

developer   ~0036893

Thanks for the report and the patch. This is something we should definitely do. Not by duplicating functionality from the core though, but instead by reusing existing code.

If you're able to provide such a patch, it would greatly speed up the process of getting this fixed.

smartmantis

smartmantis

2013-05-21 09:46

reporter   ~0036923

yes but then we need a new function like auto_create_user
or we can remake the auth_attempt_login (this can be the better one) but then we need a new parameter there ($p_script_login BOOLEAN)

so if you can decide which way is the better for you, then i can write the patch :)

rombert

rombert

2013-06-30 16:10

developer   ~0037348

I tend to agree that we should unify the two functions, but we should keep the current names + signatures intact.

Since this can be a pretty sensitive change, I've written an email on the dev list 1, asking what the others developers think about it.

vboctor

vboctor

2014-10-21 23:02

manager   ~0041627

Last edited: 2014-10-21 23:02

View 2 revisions

Here is the pull request - funny I didn't notice the comments, then after posting the pull request I found that we have exactly the same suggested approach and even method name.
https://github.com/mantisbt/mantisbt/pull/517

Thanks @smartmantis for the patch and bug report.

Related Changesets

MantisBT: master 25987317

2014-10-21 22:55:55

vboctor

Details Diff
mc_login() should auto-create valid LDAP users

The web login logic auto-creates users in case of BASIC AUTH and LDAP when they don't exist. However, the SOAP API didn't.

This fix includes:

- When user authenticates using SOAP API, re-use the same auto-creation logic to create the user in case of valid credentials.

- When a user is auto-created, execute post login checks and processing like login count, cookies, tokens, etc. This fix applies to the web interface code path.

Fixes 0015869
mod - core/authentication_api.php Diff File

Issue History

Date Modified Username Field Change
2013-05-16 11:56 smartmantis New Issue
2013-05-17 15:20 rombert Note Added: 0036893
2013-05-17 15:20 rombert Status new => acknowledged
2013-05-21 09:46 smartmantis Note Added: 0036923
2013-06-30 16:10 rombert Note Added: 0037348
2013-06-30 16:10 rombert Status acknowledged => confirmed
2013-06-30 16:10 rombert Target Version => 1.2.16
2013-06-30 16:10 rombert Description Updated View Revisions
2014-01-23 17:59 atrol Target Version 1.2.16 =>
2014-01-23 17:59 atrol Description Updated View Revisions
2014-02-18 02:16 vboctor Tag Attached: patch
2014-10-21 23:00 vboctor Assigned To => vboctor
2014-10-21 23:00 vboctor Status confirmed => assigned
2014-10-21 23:02 vboctor Note Added: 0041627
2014-10-21 23:02 vboctor Note Edited: 0041627 View Revisions
2014-10-29 11:50 vboctor Changeset attached => MantisBT master 25987317
2014-10-29 11:50 vboctor Status assigned => resolved
2014-10-29 11:50 vboctor Resolution open => fixed
2014-10-29 11:50 vboctor Fixed in Version => 1.3.0-beta.1
2014-11-05 01:51 atrol Target Version => 1.3.0-beta.1
2014-12-08 00:33 vboctor Status resolved => closed