Skip to content

Don't further setup disabled users when logging in with apache #28939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LukasReschke merged 1 commit into from
Oct 4, 2021
Merged

Don't further setup disabled users when logging in with apache #28939

LukasReschke merged 1 commit into from
Oct 4, 2021

Conversation

@nickvergessen
Copy link
Member

@nickvergessen nickvergessen commented Sep 23, 2021

Steps

  1. Set up SAML
  2. Create a saml user
  3. Disable the saml user
  4. Try to login as the saml user

Before

  1. Infinite redirect: Infinite redirect when user is disabled user_saml#549
  2. Admin audit logs a successful login:
{"reqId":"YUxAmk6ad8CsAHoiDyFoMAAAAAM","level":1,"time":"2021-09-23T10:53:46+02:00","remoteAddr":"127.0.0.1","user":"admin","app":"admin_audit","method":"PUT","url":"/ocs/v2.php/cloud/users/saml1/disable","message":"User disabled: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}
{"reqId":"YUxA7k6ad8CsAHoiDyFoNAAAAAM","level":1,"time":"2021-09-23T10:55:10+02:00","remoteAddr":"127.0.0.1","user":"--","app":"admin_audit","method":"GET","url":"/","message":"Login attempt: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}
{"reqId":"YUxA7k6ad8CsAHoiDyFoNAAAAAM","level":1,"time":"2021-09-23T10:55:10+02:00","remoteAddr":"127.0.0.1","user":"saml1","app":"admin_audit","method":"GET","url":"/","message":"Login successful: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}

After

  1. User sees default screen:

Error

User disabled

  1. Admin audit logs only the login attempt, no successful login:
{"reqId":"YUxGTMunf0qR2-3A3U3I2wAAAAU","level":1,"time":"2021-09-23T11:18:04+02:00","remoteAddr":"127.0.0.1","user":"--","app":"admin_audit","method":"GET","url":"/","message":"Login attempt: \"saml1\"","userAgent":"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:92.0) Gecko/20100101 Firefox/92.0","version":"23.0.0.1"}

@nickvergessen nickvergessen added this to the Nextcloud 23 milestone Sep 23, 2021
@nickvergessen
Copy link
Member Author

nickvergessen commented Sep 23, 2021

/backport to stable22

@nickvergessen
Copy link
Member Author

nickvergessen commented Sep 23, 2021

/backport to stable21

@nickvergessen
Copy link
Member Author

nickvergessen commented Sep 23, 2021

/backport to stable20

@LukasReschke LukasReschke merged commit 857c769 into master Oct 4, 2021
@LukasReschke LukasReschke deleted the bugfix/noid/dont-setup-disabled-users branch October 4, 2021 10:59
@backportbot-nextcloud backportbot-nextcloud bot mentioned this pull request Oct 4, 2021
Merged
@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Oct 4, 2021

The backport to stable21 failed. Please do this backport manually.

@backportbot-nextcloud
Copy link

backportbot-nextcloud bot commented Oct 4, 2021

The backport to stable20 failed. Please do this backport manually.

@danxuliu danxuliu mentioned this pull request Nov 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LukasReschke LukasReschke LukasReschke approved these changes

@blizzz blizzz blizzz approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

Assignees

No one assigned

Labels

3. to review Waiting for reviews feature: authentication

Projects

None yet

Milestone

Nextcloud 23

Development

Successfully merging this pull request may close these issues.

4 participants

@nickvergessen @LukasReschke @blizzz