| Summary | Log in into Horde Groupware from another website |
| Queue | Horde Framework Packages |
| Type | Bug |
| State | Resolved |
| Priority | 1. Low |
| Owners | jan (at) horde (dot) org |
| Requester | lukas_barros (at) hotmail (dot) com |
| Created | 2016-01-29 (1149 days ago) |
| Due | |
| Updated | 2016-02-12 (1135 days ago) |
| Assigned | 2016-01-29 (1149 days ago) |
| Resolved | 2016-02-12 (1135 days ago) |
| Milestone | |
| Patch | No |
commit f8784611ebf8aae6b53860cf6bc0be271239b61a
Author: Jan Schneider <jan@horde.org>
Date: Fri Feb 12 12:56:12 2016 +0100
Partially Revert "Don't use local cipher caches if the key
changed (
Bug #14231)."In Horde_Secret, the cache key is built from the secret key, so
it invalidates itself.
This reverts commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1.
framework/Secret/lib/Horde/Secret.php | 3 +--
framework/Secret/package.xml | 4 ++--
2 files changed, 3 insertions(+), 4 deletions(-)
http://github.com/horde/horde/commit/f8784611ebf8aae6b53860cf6bc0be271239b61a
Please correct me if I am wrong. When I was developing the solution I
saw that this modification was not needed for
/Secret/lib/Horde/Secret.php because of how the index "idx" is
calculated:
$idx = hash('md5', $key);
The index depends on $key, so if $key has a different value than
before, $idx will have a different value, leading to
$this->_cipherCache[$idx] being empty, causing another
Horde_Crypt_Blowfish object being created with the new $key.
In Cbc.php the index of _cipherCache[self::HORDE_KEYNAME] is a
constant, so a change in $key would not lead to the creating of a new
Horde_Crypt_Blowfish object with the new value.
This is why this bug did not happen before the addition of the Cbc encryption.
Best regards,
Lucas Barros Araújo
commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
Author: Jan Schneider <jan@horde.org>
Date: Fri Feb 12 11:40:39 2016 +0100
Don't use local cipher caches if the key changed (
Bug #14231).framework/Core/lib/Horde/Core/Secret/Cbc.php | 3 ++-
framework/Core/package.xml | 4 ++--
framework/Secret/lib/Horde/Secret.php | 3 ++-
framework/Secret/package.xml | 4 ++--
4 files changed, 8 insertions(+), 6 deletions(-)
http://github.com/horde/horde/commit/d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
Assigned to Jan Schneider
Taken from
State ⇒ Resolved
Queue ⇒ Horde Framework Packages
Solution:
Modification in file hordegw/pear/php/Horde/Core/Secret/Cbc.php
From:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]))
To:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]) ||
$this->_cipherCache[self::HORDE_KEYNAME]->key!=$key)
Assigned to
State ⇒ Assigned
Priority ⇒ 1. Low
Milestone ⇒
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Log in into Horde Groupware from another website
Queue ⇒ IMP
Milestone ⇒ 6.2.11
Patch ⇒ No
New Attachment: ERROR.png
it used to work on version 5.1.3 (Groupware), but after upgrading to
5.2.11(Groupware) it stopped working. It doesnt work in the first
time, but it does when I try to log in a second time, unless I reset
the cookies after the first try.
Additional info:
Error: "User <USER NAME> is not authorized for Mail (Host: <address>)"
Form used to login:
<html>
<head>
<script src="/js/jquery.min.js"></script>
<script>
$(document).ready(function() {
$('#auto-login').submit();
});
</script>
</head>
<body>
<form id="auto-login" method="post"
action="https://<hordeaddres>/login.php">
<input type="hidden" name="app" value="" />
<input type="hidden" name="login_post" value="0" />
<input type="hidden" name="url" value="" />
<input type="hidden" name="anchor_string" value="" />
<input type="hidden" name="horde_user" value="<user>" />
<input type="hidden" name="horde_pass" value="<password>" />
<input type="hidden" name="login_button" value="Log in" />
</form>
</body>
</html>