6.0.0-beta1
7/14/25

[#14231] Log in into Horde Groupware from another website
Summary Log in into Horde Groupware from another website
Queue Horde Framework Packages
Type Bug
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester lukas_barros (at) hotmail (dot) com
Created 01/29/2016 (3454 days ago)
Due
Updated 02/12/2016 (3440 days ago)
Assigned 01/29/2016 (3454 days ago)
Resolved 02/12/2016 (3440 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch No

History
02/12/2016 12:04:02 PM lukas_barros (at) hotmail (dot) com Comment #9 Reply to this comment
You are absolutely right, thanks for noticing.
You're welcome!
02/12/2016 11:58:03 AM Jan Schneider Comment #8 Reply to this comment
You are absolutely right, thanks for noticing.
02/12/2016 11:57:25 AM Git Commit Comment #7 Reply to this comment
Changes have been made in Git (master):

commit f8784611ebf8aae6b53860cf6bc0be271239b61a
Author: Jan Schneider <jan@horde.org>
Date:   Fri Feb 12 12:56:12 2016 +0100

     Partially Revert "Don't use local cipher caches if the key 
changed (Bug #14231)."

     In Horde_Secret, the cache key is built from the secret key, so 
it invalidates itself.

     This reverts commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1.

  framework/Secret/lib/Horde/Secret.php |    3 +--
  framework/Secret/package.xml          |    4 ++--
  2 files changed, 3 insertions(+), 4 deletions(-)

http://github.com/horde/horde/commit/f8784611ebf8aae6b53860cf6bc0be271239b61a
02/12/2016 11:46:00 AM lukas_barros (at) hotmail (dot) com Comment #6 Reply to this comment

[Show Quoted Text - 15 lines]
Hello Jan,

Please correct me if I am wrong. When I was developing the solution I 
saw that this modification was not needed for 
/Secret/lib/Horde/Secret.php because of how the index "idx" is 
calculated:

$idx = hash('md5', $key);

  The index depends on $key, so if $key has a different value than 
before, $idx will have a different value, leading to 
$this->_cipherCache[$idx] being empty, causing another 
Horde_Crypt_Blowfish object being created with the new $key.

In Cbc.php the index of _cipherCache[self::HORDE_KEYNAME] is a 
constant, so a change in $key would not lead to the creating of a new 
Horde_Crypt_Blowfish object with the new value.

This is why this bug did not happen before the addition of the Cbc encryption.

Best regards,

Lucas Barros Araújo
02/12/2016 10:42:24 AM Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
Author: Jan Schneider <jan@horde.org>
Date:   Fri Feb 12 11:40:39 2016 +0100

     Don't use local cipher caches if the key changed (Bug #14231).

  framework/Core/lib/Horde/Core/Secret/Cbc.php |    3 ++-
  framework/Core/package.xml                   |    4 ++--
  framework/Secret/lib/Horde/Secret.php        |    3 ++-
  framework/Secret/package.xml                 |    4 ++--
  4 files changed, 8 insertions(+), 6 deletions(-)

http://github.com/horde/horde/commit/d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
02/12/2016 10:42:06 AM Jan Schneider Comment #4
State ⇒ Resolved
Taken from Horde DevelopersHorde Developers
Assigned to Jan Schneider
Reply to this comment
Nice catch!
02/12/2016 10:41:12 AM Jan Schneider Version ⇒
Queue ⇒ Horde Framework Packages
 
02/11/2016 09:59:40 AM lukas_barros (at) hotmail (dot) com Comment #3 Reply to this comment
Problem was solved.

Solution:
Modification in file hordegw/pear/php/Horde/Core/Secret/Cbc.php

From:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]))

To:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]) || 
$this->_cipherCache[self::HORDE_KEYNAME]->key!=$key)
01/29/2016 10:16:49 AM Jan Schneider Comment #2
Milestone ⇒
Priority ⇒ 1. Low
State ⇒ Assigned
Assigned to Horde DevelopersHorde Developers
Reply to this comment
01/29/2016 09:59:10 AM lukas_barros (at) hotmail (dot) com Comment #1
Priority ⇒ 2. Medium
State ⇒ Unconfirmed
New Attachment: ERROR.png Download
Patch ⇒ No
Milestone ⇒ 6.2.11
Queue ⇒ IMP
Summary ⇒ Log in into Horde Groupware from another website
Type ⇒ Bug
Reply to this comment
I have a problem logging in into Horde groupware from another website, 
it used to work on version 5.1.3 (Groupware), but after upgrading to 
5.2.11(Groupware) it stopped working. It doesnt work in the first 
time, but it does when I try to log in a second time, unless I reset 
the cookies after the first try.

Additional info:

Error: "User <USER NAME> is not authorized for Mail (Host: <address>)"

Form used to login:

<html>
<head>
<!--a75c305b1c0a6022--><script src="/js/jquery.min.js"></script>
<!--a75c305b1c0a6022--><script>
$(document).ready(function() {
    $('#auto-login').submit();
});
</script>
</head>

    <body>
       <form id="auto-login" method="post" 
action="https://<hordeaddres>/login.php">
          <input type="hidden" name="app" value="" />
          <input type="hidden" name="login_post" value="0" />
          <input type="hidden" name="url" value="" />
          <input type="hidden" name="anchor_string" value="" />
          <input type="hidden" name="horde_user" value="<user>" />
          <input type="hidden" name="horde_pass" value="<password>" />
          <input type="hidden" name="login_button" value="Log in" />
      </form>
    </body>
</html>


Saved Queries