[web2py:29684] Re: Bug in alternate authentication

Mon, 31 Aug 2009 05:53:12 -0700 

Thanks. I will take care of this asap.

On Aug 30, 3:00 pm, Ahmed Soliman <ah...@farghal.com> wrote:
> Hello Everybody,
> I've seen a *possible* bug if I got things right in the authentication code,
> let me tell you about how to reproduce it first.
> *
> *
> *steps to reproduce:*
>
>    1. I use LDAP authentication (LDAP only, no local authentication wanted)
>    so I set my
>
> auth.settings.login_methods = ldap_auth(server=ldapConfig.server,
> base_dn=ldapConfig.basedn, mode=ldapConfig.searchattr)]
>
>    1. When I try to login with LDAP account things go great and the user is
>    created in the authentication database as caching, next time you login with
>    that user you will be able to login with any password!, the LDAP
>    authentication is not even checked!
>    2. When you try to login with any other unknown user in the database, the
>    LDAP authentication is checked and fails as expected.
>
> I'm submitting the patch against the source version and the fix is really
> simple, please review and consider for merge.
>
> Note: I noticed 'self.settings.alternate_requires_registration' and I didn't
> understand its role, but it's set to False by default and setting it to True
> will cause the following
> 1- Initially you won't be able to authenticate to LDAP users that are not
> already in the cache, but if they are in the cache already things work fine
> and you can't see the bug, so it's confusing what it should 'actually' do.
>
> Thanks
>
> Ahmed Soliman
> Software Engineer
> B-Virtual Team.
>
> Thebe Technology. Egypt - Belgium
> 16 Nehro St. Heliopolis. Cairo
> Egypt.
>
> http://www.b-virtual.orghttp://www.thebetechnology.com
>
> GPG ID: 0xAEEE5042
>
>  auth.patch
> 1KViewDownload
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to