View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017872 | mantisbt | authentication | public | 2014-11-14 00:19 | 2022-05-08 12:10 |
Reporter | holger1980 | Assigned To | dregad | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Platform | amd 64 bit | OS | Debian | OS Version | 7 |
Product Version | 1.2.17 | ||||
Summary | 0017872: AUTH_BASIC fails | ||||
Description | Using Debian 7, Apache2 and MySQL (updated to the most recent stable). | ||||
Steps To Reproduce | Protecting our mantis folder through AuthMySQL and configured config_ing.php to use
Still, visiting the folder, it keeps displaying the default login page! | ||||
Additional Information | I've printed a debug message through the login_page.php to proove if HTTP_BASIC is set correctly (it displays true and '5' as enumeration). However, it still fails. I've set a user to the mantis database names holger - and it still fails. | ||||
Tags | No tags attached. | ||||
Attached Files | mantisbt_basicauth.patch (1,359 bytes)
diff -r -u mantisbt-1.2.19/core/authentication_api.php mantisbt-1.2.19_patched/core/authentication_api.php --- mantisbt-1.2.19/core/authentication_api.php 2015-10-08 16:24:09.868054147 +0200 +++ mantisbt-1.2.19_patched/core/authentication_api.php 2015-01-26 00:00:30.000000000 +0100 @@ -224,14 +224,12 @@ # check for anonymous login if( !user_is_anonymous( $t_user_id ) ) { - if ( BASIC_AUTH != $t_login_method ) { - # anonymous login didn't work, so check the password + # anonymous login didn't work, so check the password - if( !auth_does_password_match( $t_user_id, $p_password ) ) { - user_increment_failed_login_count( $t_user_id ); - return false; - } - } + if( !auth_does_password_match( $t_user_id, $p_password ) ) { + user_increment_failed_login_count( $t_user_id ); + return false; + } } # ok, we're good to login now @@ -325,7 +323,6 @@ function auth_automatic_logon_bypass_form() { switch( config_get( 'login_method' ) ) { case HTTP_AUTH: - case BASIC_AUTH: return true; } return false; | ||||
duplicate of | 0022398 | new | HTTP_AUTH not working |
I've again set up a brand new environment from mantis 1.2.18 - fresh install, first configuration - again with AuthMySQL to the new folder - and the problem re-occured 100%. I was curious if there was improvement through earlier reports, so obiviously there is not. Single-Sign-On stills seems to fail and be missing. So it is still reproducable. |
|
I had the same problem on 1.2.19. I attached a simple patch that seems to solve the problem. Note that it is not deeply tested. I am still evaluating side effects. |
|
This seems to be the same issue as 0022398, so I'm resolving as duplicate. If this is incorrect, feel free to reopen with an explanation note. |
|