Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't further setup disabled users when logging in with apache #28939

Merged
merged 1 commit into from
Oct 4, 2021
Merged

Don't further setup disabled users when logging in with apache #28939

merged 1 commit into from
Oct 4, 2021

Conversation

nickvergessen
Copy link
Member

Steps

  1. Set up SAML
  2. Create a saml user
  3. Disable the saml user
  4. Try to login as the saml user

Before

  1. Infinite redirect: Infinite redirect when user is disabled user_saml#549
  2. Admin audit logs a successful login:
{"reqId":"YUxAmk6ad8CsAHoiDyFoMAAAAAM","level":1,"time":"2021-09-23T10:53:46+02:00","remoteAddr":"127.0.0.1","user":"admin","app":"admin_audit","method":"PUT","url":"/ocs/v2.php/cloud/users/saml1/disable","message":"User disabled: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}
{"reqId":"YUxA7k6ad8CsAHoiDyFoNAAAAAM","level":1,"time":"2021-09-23T10:55:10+02:00","remoteAddr":"127.0.0.1","user":"--","app":"admin_audit","method":"GET","url":"/","message":"Login attempt: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}
{"reqId":"YUxA7k6ad8CsAHoiDyFoNAAAAAM","level":1,"time":"2021-09-23T10:55:10+02:00","remoteAddr":"127.0.0.1","user":"saml1","app":"admin_audit","method":"GET","url":"/","message":"Login successful: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}

After

  1. User sees default screen:

Error

User disabled

  1. Admin audit logs only the login attempt, no successful login:
{"reqId":"YUxGTMunf0qR2-3A3U3I2wAAAAU","level":1,"time":"2021-09-23T11:18:04+02:00","remoteAddr":"127.0.0.1","user":"--","app":"admin_audit","method":"GET","url":"/","message":"Login attempt: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}

@nickvergessen
Don't further setup disabled users when logging in with apache
57a816a 
Signed-off-by: Joas Schilling <coding@schilljs.com>
@nickvergessen nickvergessen added this to the Nextcloud 23 milestone Sep 23, 2021
@nickvergessen
Copy link
Member Author

/backport to stable22

@nickvergessen
Copy link
Member Author

/backport to stable21

@nickvergessen
Copy link
Member Author

/backport to stable20

@LukasReschke LukasReschke merged commit 857c769 into master Oct 4, 2021
@LukasReschke LukasReschke deleted the bugfix/noid/dont-setup-disabled-users branch October 4, 2021 10:59
@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Oct 4, 2021
Merged
@backportbot-nextcloud
Copy link

The backport to stable21 failed. Please do this backport manually.

@backportbot-nextcloud
Copy link

The backport to stable20 failed. Please do this backport manually.

@danxuliu danxuliu mentioned this pull request Nov 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@LukasReschke LukasReschke LukasReschke approved these changes

@blizzz blizzz blizzz approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees
No one assigned
Labels
3. to review Waiting for reviews feature: authentication
Projects
None yet
Milestone
Nextcloud 23
Development

Successfully merging this pull request may close these issues.
3 participants
@nickvergessen @LukasReschke @blizzz