Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web.pm - use LoadByGecos after user autocreation #351

Open
wants to merge 1 commit into
base: 4.4-trunk
Choose a base branch
from

Conversation

NReilingh
Copy link
Contributor

I was experiencing an edge case in my RT 5.0.3 installation after reconfiguring my setup to use WebRemote authentication with ExternalInfo. I am using the WebRemoteUserGecos option, and the LDAP source in use by ExternalInfo yields different values for Name and Gecos.

I was finding that after authenticating a new user, RT would display the "You are not allowed to log in" error message to the user, and was writing these log messages:

rt-demo       | [2962] [Tue Jan 24 00:14:33 2023] [info]: RT::User::CanonicalizeUserInfoFromExternalAuth returning Disabled: , EmailAddress: [email protected], Gecos: 1111111228, Name: nicktest, NickName: Nicktest, Privileged: , RealName: Nicktest Testlastname (/opt/rt5/sbin/../lib/RT/User.pm:982)
rt-demo       | [2962] [Tue Jan 24 00:14:33 2023] [error]: Couldn't find internal user for '1111111228' when attempting WebRemoteUser and RT is not configured for auto-creation. Refer to `perldoc /opt/rt5/docs/authentication.pod` if you want to allow auto-creation. (/opt/rt5/sbin/../lib/RT/Interface/Web.pm:823)

All the user had to do was reload the page to be authenticated properly, but this indicated to me that something was wrong with substituting the Gecos field with the Name field between creating the account and logging in.

I believe what is happening here is that after the new user is created and all of the values are set, then this line attempts to load a user by Name, but is still passing in the REMOTE_USER variable which is Gecos. I changed the line to follow the pattern on line 742 and this seems to have solved the issue.

I would suggest reviewing the few lines of code above my change to ensure this is still correct when WebRemoteUserGecos is in use. I am not knowledgeable enough with Perl to say either way, but I recognize that this maps User to $user even though $user may be a Gecos value.

@cbrandtbuffalo
Copy link
Member

Thanks for the detailed explanation. We'll take a look.

The auth code has tests in t/externalauth/. Ideally tests could be added for your case also.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants