Tickets :: [#8842] Authentication requested in noauth situations

6.0.0-beta1

8/12/25

Summary	Authentication requested in noauth situations
Queue	Horde Framework Packages
Queue Version	Git master
Type	Bug
State	Resolved
Priority	2. Medium
Owners	slusarz (at) horde (dot) org
Requester	jan (at) horde (dot) org
Created	01/29/2010 (5674 days ago)
Due
Updated	03/09/2010 (5635 days ago)
Assigned	03/01/2010 (5643 days ago)
Resolved	03/09/2010 (5635 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

03/09/2010 04:12:21 AM	Michael Slusarz	Comment #6 State ⇒ Resolved	Reply to this comment
- The authentication exception from the Horde_Imap_Client instance has to be catched somewhere so that transparent() actually returns false. AFAICT, this was the main design flaw. There is no reason transparent auth should throw an Exception - since the understanding is that transparent auth is not expected to work some/most of the time. Thus, we just need to catch the exceptions thrown in IMP and return false instead.

03/09/2010 04:11:06 AM	CVS Commit	Comment #5	Reply to this comment
Changes have been made in Git for this ticket: ~~Bug #8842~~: Don't throw exception for a transparent() authentication failure http://git.horde.org/diff.php/framework/Auth/lib/Horde/Auth/Application.php?rt=horde-git&r1=e73c134898000aa83c9b5fbf815e9829adcbbd3e&r2=9d4149dddf111e8e0be758fef2f48f3676d765c7 http://git.horde.org/diff.php/imp/lib/Auth.php?rt=horde-git&r1=782ac358f192c97fbf55d0c0c5ccf09bf7e5094d&r2=9d4149dddf111e8e0be758fef2f48f3676d765c7

03/02/2010 05:46:34 PM	Jan Schneider	Comment #4	Reply to this comment
I tried to further track this down today, and this is what I found. This only only happens when using hordeauth in IMP because: - The alarms script queries all applications whether they have a listAlarms() method - that calls Horde_Registry#hasPermission() - that calls Horde_Auth::isAuthenticated() - that calls Horde_Auth#transparent() - that tries to authenticate with the non-existant Horde credentials when using hordeauth in IMP I think there are several faults, at least: - Transparent authentication in an application shouldn't be tried if there is no Horde authentication - The authentication exception from the Horde_Imap_Client instance has to be catched somewhere so that transparent() actually returns false.

03/01/2010 11:10:24 AM	Jan Schneider	State ⇒ Assigned

02/14/2010 04:17:42 PM	Jan Schneider	Comment #3	Reply to this comment
I still see this: IMAP server denied authentication. [Zeile 76 von /home/jan/horde-git/imp/lib/Auth.php] Details: The full error message is logged in Horde's log file, and is shown below only to administrators. Non-administrative users will not see error details. Horde_Auth_Exception Object ( [message:protected] => IMAP server denied authentication. [string:private] => [code:protected] => 0 [file:protected] => /home/jan/horde-git/imp/lib/Auth.php [line:protected] => 76 [trace:private] => Array ( [0] => Array ( [file] => /home/jan/horde-git/imp/lib/Auth.php [line] => 220 [function] => authenticate [class] => IMP_Auth [type] => :: [args] => Array ( [0] => Array ( [password] => [server] => cyrus [userId] => jan ) ) ) [1] => Array ( [file] => /home/jan/horde-git/imp/lib/Auth.php [line] => 109 [function] => _createSession [class] => IMP_Auth [type] => :: [args] => Array ( [0] => Array ( [userId] => jan [password] => [server] => cyrus ) ) ) [2] => Array ( [file] => /home/jan/horde-git/imp/lib/Application.php [line] => 318 [function] => transparent [class] => IMP_Auth [type] => :: [args] => Array ( [0] => Horde_Auth_Application Object ( [_loaded:protected] => Array ( [0] => transparent ) [_apiMethods:protected] => Array ( [add] => authAddUser [authenticate] => authAuthenticate [authenticatecallback] => authAuthenticateCallback [exists] => authUserExists [list] => authUserList [loginparams] => authLoginParams [remove] => authRemoveUser [resetpassword] => authResetPassword [transparent] => authTransparent [update] => authUpdateUser ) [_capabilities:protected] => Array ( [add] => [authenticate] => 1 [groups] => [list] => [resetpassword] => [remove] => [transparent] => 1 [update] => ) [_params:protected] => Array ( [app] => imp ) [_credentials:protected] => Array ( [credentials] => [params] => Array ( [change] => [app] => imp ) [userId] => jan ) [_app:protected] => imp ) ) ) [3] => Array ( [function] => authTransparent [class] => IMP_Application [type] => -> [args] => Array ( [0] => Horde_Auth_Application Object ( [_loaded:protected] => Array ( [0] => transparent ) [_apiMethods:protected] => Array ( [add] => authAddUser [authenticate] => authAuthenticate [authenticatecallback] => authAuthenticateCallback [exists] => authUserExists [list] => authUserList [loginparams] => authLoginParams [remove] => authRemoveUser [resetpassword] => authResetPassword [transparent] => authTransparent [update] => authUpdateUser ) [_capabilities:protected] => Array ( [add] => [authenticate] => 1 [groups] => [list] => [resetpassword] => [remove] => [transparent] => 1 [update] => ) [_params:protected] => Array ( [app] => imp ) [_credentials:protected] => Array ( [credentials] => [params] => Array ( [change] => [app] => imp ) [userId] => jan ) [_app:protected] => imp ) ) ) [4] => Array ( [file] => /home/jan/horde-git/framework/Core/lib/Horde/Registry.php [line] => 818 [function] => call_user_func_array [args] => Array ( [0] => Array ( [0] => IMP_Application Object ( [mobileView] => 1 [version] => H4 (5.0-git) [disabled] => Array ( [0] => authAddUser [1] => authRemoveUser [2] => authUserList ) [initParams] => Array ( ) [_initDone:protected] => 1 ) [1] => authTransparent ) [1] => Array ( [0] => Horde_Auth_Application Object ( [_loaded:protected] => Array ( [0] => transparent ) [_apiMethods:protected] => Array ( [add] => authAddUser [authenticate] => authAuthenticate [authenticatecallback] => authAuthenticateCallback [exists] => authUserExists [list] => authUserList [loginparams] => authLoginParams [remove] => authRemoveUser [resetpassword] => authResetPassword [transparent] => authTransparent [update] => authUpdateUser ) [_capabilities:protected] => Array ( [add] => [authenticate] => 1 [groups] => [list] => [resetpassword] => [remove] => [transparent] => 1 [update] => ) [_params:protected] => Array ( [app] => imp ) [_credentials:protected] => Array ( [credentials] => [params] => Array ( [change] => [app] => imp ) [userId] => jan ) [_app:protected] => imp ) ) ) ) [5] => Array ( [file] => /home/jan/horde-git/framework/Auth/lib/Horde/Auth/Application.php [line] => 264 [function] => callAppMethod [class] => Horde_Registry [type] => -> [args] => Array ( [0] => imp [1] => authTransparent [2] => Array ( [args] => Array ( [0] => Horde_Auth_Application Object ( [_loaded:protected] => Array ( [0] => transparent ) [_apiMethods:protected] => Array ( [add] => authAddUser [authenticate] => authAuthenticate [authenticatecallback] => authAuthenticateCallback [exists] => authUserExists [list] => authUserList [loginparams] => authLoginParams [remove] => authRemoveUser [resetpassword] => authResetPassword [transparent] => authTransparent [update] => authUpdateUser ) [_capabilities:protected] => Array ( [add] => [authenticate] => 1 [groups] => [list] => [resetpassword] => [remove] => [transparent] => 1 [update] => ) [_params:protected] => Array ( [app] => imp ) [_credentials:protected] => Array ( [credentials] => [params] => Array ( [change] => [app] => imp ) [userId] => jan ) [_app:protected] => imp ) ) [noperms] => 1 ) ) ) [6] => Array ( [file] => /home/jan/horde-git/framework/Auth/lib/Horde/Auth/Base.php [line] => 220 [function] => _transparent [class] => Horde_Auth_Application [type] => -> [args] => Array ( ) ) [7] => Array ( [file] => /home/jan/horde-git/framework/Auth/lib/Horde/Auth/Application.php [line] => 238 [function] => transparent [class] => Horde_Auth_Base [type] => -> [args] => Array ( ) ) [8] => Array ( [file] => /home/jan/horde-git/framework/Auth/lib/Horde/Auth.php [line] => 403 [function] => transparent [class] => Horde_Auth_Application [type] => -> [args] => Array ( ) ) [9] => Array ( [file] => /home/jan/horde-git/framework/Core/lib/Horde/Registry.php [line] => 1144 [function] => isAuthenticated [class] => Horde_Auth [type] => :: [args] => Array ( [0] => Array ( [app] => imp ) ) ) [10] => Array ( [file] => /home/jan/horde-git/framework/Core/lib/Horde/Registry.php [line] => 550 [function] => hasPermission [class] => Horde_Registry [type] => -> [args] => Array ( [0] => imp [1] => 4 ) ) [11] => Array ( [file] => /home/jan/horde-git/framework/Alarm/Alarm.php [line] => 191 [function] => listApps [class] => Horde_Registry [type] => -> [args] => Array ( [0] => [1] => [2] => 4 ) ) [12] => Array ( [file] => /home/jan/horde-git/framework/Alarm/Alarm.php [line] => 248 [function] => load [class] => Horde_Alarm [type] => -> [args] => Array ( [0] => [1] => ) ) [13] => Array ( [file] => /home/jan/horde-git/framework/Alarm/Alarm.php [line] => 277 [function] => listAlarms [class] => Horde_Alarm [type] => -> [args] => Array ( [0] => [1] => [2] => 1 [3] => ) ) [14] => Array ( [file] => /home/jan/horde-git/horde/bin/alarms [line] => 23 [function] => notify [class] => Horde_Alarm [type] => -> [args] => Array ( [0] => [1] => 1 [2] => [3] => Array ( [0] => notify ) ) ) ) )

02/05/2010 09:09:56 PM	Michael Slusarz	Comment #2 State ⇒ Feedback	Reply to this comment
I don't see this - running horde/bin/alarms from command line with imp authentication. Maybe something was fixed in the last week(?)

01/29/2010 06:22:31 PM	Jan Schneider	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ Authentication requested in noauth situations Queue ⇒ Horde Framework Packages Assigned to Michael Slusarz Milestone ⇒ Patch ⇒ No State ⇒ Assigned	Reply to this comment
If IMP is providing authentication for Horde, and Horde is instantiated through the registry with 'authentication' => 'none', listApps() is still requiring authentication. This throws an exception, e.g. when running the alarms script.