[Bug 36928] New: Patron authentication / password validation will fail with 500 error for local users if LDAP is enabled
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Bug ID: 36928 Summary: Patron authentication / password validation will fail with 500 error for local users if LDAP is enabled Change sponsored?: --- Product: Koha Version: unspecified Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: REST API Assignee: koha-bugs@lists.koha-community.org Reporter: kyle@bywatersolutions.com CC: tomascohen@gmail.com If LDAP is enabled, and use of /api/v1/auth/password/validation will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83, <DATA> line 1490. This is because the valid patron object is being overwritten with an undefined value if there is no LDAP patron returned. Since a failed LDAP query falls back to local user auth, we try to use the now undefined patron object thus generating an error. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|koha-bugs@lists.koha-commun |kyle@bywatersolutions.com |ity.org | -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |Needs Signoff -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #1 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 167047 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=167047&action=edit Bug 36928: Patron authentication / password validation will fail with 500 error for local users if LDAP is enabled If LDAP is enabled, and use of /api/v1/auth/password/validation will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83, <DATA> line 1490. This is because the valid patron object is being overwritten with an undefined value if there is no LDAP patron returned. Since a failed LDAP query falls back to local user auth, we try to use the now undefined patron object thus generating an error. Test Plan: 1) Set up and enable LDAP 2) POST JSON to /api/v1/auth/password/validation like: { "userid": "koha", "password": "koha" } 3) Note the 500 erorr 4) Apply this patch 5) Restart all the things! 6) POST the data again 7) It works! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #2 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 167048 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=167048&action=edit Bug 36928: Followup for CAS and Shibboleth -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Patron authentication / |Patron authentication / |password validation will |password validation will |fail with 500 error for |fail with 500 error for |local users if LDAP is |local users if external |enabled |auth (LDAP/CAS/Shibboleth) | |is enabled -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #167047|0 |1 is obsolete| | Attachment #167048|0 |1 is obsolete| | --- Comment #3 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 167049 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=167049&action=edit Bug 36928 - Patron authentication / password validation will fail with 500 error for local users if external auth (LDAP/CAS/Shibboleth) is enabled If external auth ( such as LDAP ) is enabled, and use of /api/v1/auth/password/validation will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83, <DATA> line 1490. This is because the valid patron object is being overwritten with an undefined value if there is no LDAP patron returned. Since a failed LDAP query falls back to local user auth, we try to use the now undefined patron object thus generating an error. Test Plan: 1) Set up and enable LDAP 2) POST JSON to /api/v1/auth/password/validation like: { "userid": "koha", "password": "koha" } 3) Note the 500 erorr 4) Apply this patch 5) Restart all the things! 6) POST the data again 7) It works! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |major -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |critical --- Comment #4 from Kyle M Hall <kyle@bywatersolutions.com> --- Upgrading severity since it affects all external authentications and will affect third party integration with Koha. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #5 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- Can we tell what caused this and which branches/versions are affected? -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |RM_priority -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #6 from Kyle M Hall <kyle@bywatersolutions.com> --- This also affects ILSDI and may affect other code utilizing checkpw -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #7 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Katrin Fischer from comment #5)
Can we tell what caused this and which branches/versions are affected?
This appears to be a missed edge case for the bug 34893 -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |34893 Referenced Bugs: https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34893 [Bug 34893] ILS-DI can return the wrong patron for AuthenticatePatron -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #8 from Katrin Fischer <katrin.fischer@bsz-bw.de> --- (In reply to Kyle M Hall from comment #7)
(In reply to Katrin Fischer from comment #5)
Can we tell what caused this and which branches/versions are affected?
This appears to be a missed edge case for the bug 34893
That's pretty bad then. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #9 from Tomás Cohen Arazi <tomascohen@gmail.com> --- I think we need some tests here. For C4::Auth. I might be able to help. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #10 from Kyle M Hall <kyle@bywatersolutions.com> --- (In reply to Tomás Cohen Arazi from comment #9)
I think we need some tests here.
For C4::Auth. I might be able to help.
Agreed. Thanks Tomas! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 David Cook <dcook@prosentient.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dcook@prosentient.com.au -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Kyle M Hall <kyle@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #167049|0 |1 is obsolete| | --- Comment #11 from Kyle M Hall <kyle@bywatersolutions.com> --- Created attachment 167097 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=167097&action=edit Bug 36928: Patron authentication / password validation will fail with 500 error for local users if external auth (LDAP/CAS/Shibboleth) is enabled If external auth ( such as LDAP ) is enabled, and use of /api/v1/auth/password/validation will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83, <DATA> line 1490. This is because the valid patron object is being overwritten with an undefined value if there is no LDAP patron returned. Since a failed LDAP query falls back to local user auth, we try to use the now undefined patron object thus generating an error. Test Plan: 1) Set up and enable LDAP 2) POST JSON to /api/v1/auth/password/validation like: { "userid": "koha", "password": "koha" } 3) Note the 500 erorr 4) Apply this patch 5) Restart all the things! 6) POST the data again 7) It works! -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Nick Clemens (kidclamp) <nick@bywatersolutions.com> changed: What |Removed |Added ---------------------------------------------------------------------------- See Also| |https://bugs.koha-community | |.org/bugzilla3/show_bug.cgi | |?id=36161 CC| |nick@bywatersolutions.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #167097|0 |1 is obsolete| | --- Comment #12 from Victor Grousset/tuxayo <victor@tuxayo.net> --- Created attachment 167202 --> https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=167202&action=edit Bug 36928: Patron authentication / password validation will fail with 500 error for local users if external auth (LDAP/CAS/Shibboleth) is enabled If external auth ( such as LDAP ) is enabled, and use of /api/v1/auth/password/validation will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83, <DATA> line 1490. This is because the valid patron object is being overwritten with an undefined value if there is no LDAP patron returned. Since a failed LDAP query falls back to local user auth, we try to use the now undefined patron object thus generating an error. Test Plan: 1) Set up and enable LDAP https://wiki.koha-community.org/wiki/Ldap_testing (restart plack) 2) POST JSON to /api/v1/auth/password/validation like: { "userid": "koha", "password": "koha" } Or run: prove t/db_dependent/api/v1/password_validation.t 3) Note the 500 error(s) 4) Apply this patch 5) Restart all the things! 6) POST the data again or run the tests 7) It works! Signed-off-by: Victor Grousset/tuxayo <victor@tuxayo.net> -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Victor Grousset/tuxayo <victor@tuxayo.net> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Needs Signoff |Signed Off CC| |victor@tuxayo.net --- Comment #13 from Victor Grousset/tuxayo <victor@tuxayo.net> --- It works! :) ---
will fail with a 500 internal server error like: Can't call method "cardnumber" on an undefined value at /usr/share/koha/lib/Koha/REST/V1/Auth/Password.pm line 83
Indeed, observed in /var/log/koha/kohadev/api-error.log --- Test plan amended to suggest as an alternative to run `prove t/db_dependent/api/v1/password_validation.t` -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #14 from Victor Grousset/tuxayo <victor@tuxayo.net> --- (In reply to Kyle M Hall from comment #7)
This appears to be a missed edge case for the bug 34893
Indeed, with LDAP enabled password_validation.t passes before and fails after. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 --- Comment #15 from Victor Grousset/tuxayo <victor@tuxayo.net> --- (In reply to Tomás Cohen Arazi from comment #9)
I think we need some tests here.
For C4::Auth. I might be able to help.
Idea for higher levels tests: a test from t/db_dependent/api/v1/password_validation.t could be copied in t/db_dependent/Auth_with_ldap.t I'm not sure where it wouldn't be too much out of place. -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- QA Contact| |tomascohen@gmail.com -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Tomás Cohen Arazi <tomascohen@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|Signed Off |RESOLVED Resolution|--- |DUPLICATE --- Comment #16 from Tomás Cohen Arazi <tomascohen@gmail.com> --- I was tracking the root cause of this, which took me to ONLY the LDAP use case. And the solution was to make sure the most basic successful case returned the Koha::Patron object. Which is what one of the follow-ups on bug 36575 does. I'm closing this one as duplicate. Feel free to re-open if you have another POV. *** This bug has been marked as a duplicate of bug 36575 *** -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Katrin Fischer <katrin.fischer@bsz-bw.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|RM_priority | -- You are receiving this mail because: You are watching all bug changes.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36928 Bug 36928 depends on bug 34893, which changed state. Bug 34893 Summary: ILS-DI can return the wrong patron for AuthenticatePatron https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34893 What |Removed |Added ---------------------------------------------------------------------------- Status|Pushed to oldoldoldstable |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org