Tickets :: [#12411] horde could be used even if "Terms Of Service Agreement" would be rejected

6.0.0-alpha12

6/12/25

Summary	horde could be used even if "Terms Of Service Agreement" would be rejected
Queue	Horde Base
Queue Version	5.1.1
Type	Bug
State	No Feedback
Priority	1. Low
Owners	slusarz (at) horde (dot) org
Requester	lauffer (at) ph-freiburg (dot) de
Created	06/27/2013 (4368 days ago)
Due
Updated	12/07/2013 (4205 days ago)
Assigned	11/01/2013 (4241 days ago)
Resolved	12/07/2013 (4205 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

12/07/2013 05:13:17 AM	Michael Slusarz	State ⇒ No Feedback

11/01/2013 04:11:36 AM	Michael Slusarz	Comment #2 State ⇒ Feedback Priority ⇒ 1. Low	Reply to this comment
(we use ldap as auth source) The TOS (a type of "Horde_LoginTasks::DISPLAY_AGREE") could be passed by at least two ways: 1st: As default the task will only be run for the first login. So do not accept, whatever... just came back for the second time and no TOS will be appear. Cannot reproduce. I can verify that if you DON'T accept the screen will show up on the next login. This is the SQL query results after declining the agreement (and being logged out): horde=> select * from horde_prefs where pref_name = 'last_logintasks'; pref_uid \| pref_scope \| pref_name \| pref_value ----------+------------+-----------+------------ (0 rows) horde=> select * from horde_prefs where pref_name = 'last_login'; pref_uid \| pref_scope \| pref_name \| pref_value ----------+------------+-----------+------------ (0 rows) 2nd: Do not say no, just remove the "services/logintasks.php?app=horde" part from your browser url (kind of the 1st problem). The TOS (or any task) was not really designed to prevent direct URL manipulation. Indeed - it is entirely possible to use Horde services without logging in and accepting the agreement. We simply don't have a mechanism that locks down the entire system. This was never intended to do that in the first place anyway. I don't see a pressing need to workaround this. Just write in your TOS that continued use of the system, whether you actually click on the Agree button, constitutes acceptance of the agreement. Problem solved.

07/02/2013 10:30:11 PM	Jan Schneider	State ⇒ Assigned Assigned to Michael Slusarz

06/27/2013 03:56:19 PM	lauffer (at) ph-freiburg (dot) de	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ horde could be used even if "Terms Of Service Agreement" would be rejected Queue ⇒ Horde Base Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
(we use ldap as auth source) The TOS (a type of "Horde_LoginTasks::DISPLAY_AGREE") could be passed by at least two ways: 1st: As default the task will only be run for the first login. So do not accept, whatever... just came back for the second time and no TOS will be appear. 2nd: Do not say no, just remove the "services/logintasks.php?app=horde" part from your browser url (kind of the 1st problem). I tried to change the interval from ...FIRST_LOGIN to ONCE. But basically this does not change the problem. I guess/would say whe missed to evaluate the if the user agreed... maybe something got broken due to the last horde updates...? Best regards, Stephan