0015869: API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0015869	mantisbt	api soap	public	2013-05-16 11:56	2014-12-08 00:33

Reporter	smartmantis	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.2.15
Target Version	1.3.0-beta.1	Fixed in Version	1.3.0-beta.1

Summary	0015869: API call mc_login with valid LDAP user which is not in mantis DB -> result: login failed
Description	We use mantistouch and LDAP auth. And we have a problem with the new users because they can't login until they aren't login to the mantis "normal" version. We made a patch for it in the core/authentication_api.php: function auth_attempt_script_login( $p_username, $p_password = null ) { global $g_script_login_cookie, $g_cache_current_user_id; $t_user_id = user_get_id_by_name( $p_username ); //patch start //create users if not exists in the mantis DB but exits in the LDAP if ( false === $t_user_id ) { $t_login_method = config_get( 'login_method' ); if ( LDAP == $t_login_method && ldap_authenticate_by_username( $p_username, $p_password ) ) { $t_auto_create = true; } if ( $t_auto_create ) { $t_cookie_string = user_create( $p_username, md5( $p_password ) ); if ( false === $t_cookie_string ) return false; $t_user_id = user_get_id_by_name( $p_username ); if( false === $t_user_id ) { return false; } } else { return false; } } // if( false === $t_user_id ) { // return false; // } //patch end $t_user = user_get_row( $t_user_id ); ...
Tags	patch

rombert 2013-05-17 15:20 reporter ~0036893	Thanks for the report and the patch. This is something we should definitely do. Not by duplicating functionality from the core though, but instead by reusing existing code. If you're able to provide such a patch, it would greatly speed up the process of getting this fixed.

smartmantis 2013-05-21 09:46 reporter ~0036923	yes but then we need a new function like auto_create_user or we can remake the auth_attempt_login (this can be the better one) but then we need a new parameter there ($p_script_login BOOLEAN) so if you can decide which way is the better for you, then i can write the patch :)

rombert 2013-06-30 16:10 reporter ~0037348	I tend to agree that we should unify the two functions, but we should keep the current names + signatures intact. Since this can be a pretty sensitive change, I've written an email on the dev list 1, asking what the others developers think about it.

vboctor 2014-10-21 23:02 manager ~0041627 Last edited: 2014-10-21 23:02	Here is the pull request - funny I didn't notice the comments, then after posting the pull request I found that we have exactly the same suggested approach and even method name. https://github.com/mantisbt/mantisbt/pull/517 Thanks @smartmantis for the patch and bug report.

MantisBT: master 25987317 2014-10-21 18:55 vboctor Details Diff	mc_login() should auto-create valid LDAP users The web login logic auto-creates users in case of BASIC AUTH and LDAP when they don't exist. However, the SOAP API didn't. This fix includes: - When user authenticates using SOAP API, re-use the same auto-creation logic to create the user in case of valid credentials. - When a user is auto-created, execute post login checks and processing like login count, cookies, tokens, etc. This fix applies to the web interface code path. Fixes 0015869		Affected Issues 0015869
	mod - core/authentication_api.php		Diff File