6.0.0-git
2019-05-25

[#14231] Log in into Horde Groupware from another website
Summary Log in into Horde Groupware from another website
Queue Horde Framework Packages
Type Bug
State Resolved
Priority 1. Low
Owners jan (at) horde (dot) org
Requester lukas_barros (at) hotmail (dot) com
Created 2016-01-29 (1212 days ago)
Due
Updated 2016-02-12 (1198 days ago)
Assigned 2016-01-29 (1212 days ago)
Resolved 2016-02-12 (1198 days ago)
Milestone
Patch No

History
2016-02-12 12:04:02 lukas_barros (at) hotmail (dot) com Comment #9 Reply to this comment
You are absolutely right, thanks for noticing.
You're welcome!
2016-02-12 11:58:03 Jan Schneider Comment #8 Reply to this comment
You are absolutely right, thanks for noticing.
2016-02-12 11:57:25 Git Commit Comment #7 Reply to this comment
Changes have been made in Git (master):

commit f8784611ebf8aae6b53860cf6bc0be271239b61a
Author: Jan Schneider <jan@horde.org>
Date:   Fri Feb 12 12:56:12 2016 +0100

     Partially Revert "Don't use local cipher caches if the key 
changed (Bug #14231)."

     In Horde_Secret, the cache key is built from the secret key, so 
it invalidates itself.

     This reverts commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1.

  framework/Secret/lib/Horde/Secret.php |    3 +--
  framework/Secret/package.xml          |    4 ++--
  2 files changed, 3 insertions(+), 4 deletions(-)

http://github.com/horde/horde/commit/f8784611ebf8aae6b53860cf6bc0be271239b61a
2016-02-12 11:46:00 lukas_barros (at) hotmail (dot) com Comment #6 Reply to this comment

[Show Quoted Text - 15 lines]
Hello Jan,

Please correct me if I am wrong. When I was developing the solution I 
saw that this modification was not needed for 
/Secret/lib/Horde/Secret.php because of how the index "idx" is 
calculated:

$idx = hash('md5', $key);

  The index depends on $key, so if $key has a different value than 
before, $idx will have a different value, leading to 
$this->_cipherCache[$idx] being empty, causing another 
Horde_Crypt_Blowfish object being created with the new $key.

In Cbc.php the index of _cipherCache[self::HORDE_KEYNAME] is a 
constant, so a change in $key would not lead to the creating of a new 
Horde_Crypt_Blowfish object with the new value.

This is why this bug did not happen before the addition of the Cbc encryption.

Best regards,

Lucas Barros Ara├║jo
2016-02-12 10:42:24 Git Commit Comment #5 Reply to this comment
Changes have been made in Git (master):

commit d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
Author: Jan Schneider <jan@horde.org>
Date:   Fri Feb 12 11:40:39 2016 +0100

     Don't use local cipher caches if the key changed (Bug #14231).

  framework/Core/lib/Horde/Core/Secret/Cbc.php |    3 ++-
  framework/Core/package.xml                   |    4 ++--
  framework/Secret/lib/Horde/Secret.php        |    3 ++-
  framework/Secret/package.xml                 |    4 ++--
  4 files changed, 8 insertions(+), 6 deletions(-)

http://github.com/horde/horde/commit/d9defefe7c671d3b3f72e4a8e6627e168f0d5da1
2016-02-12 10:42:06 Jan Schneider Comment #4
Assigned to Jan Schneider
Taken from Horde DevelopersHorde Developers
State ⇒ Resolved
Reply to this comment
Nice catch!
2016-02-12 10:41:12 Jan Schneider Version ⇒
Queue ⇒ Horde Framework Packages
 
2016-02-11 09:59:40 lukas_barros (at) hotmail (dot) com Comment #3 Reply to this comment
Problem was solved.

Solution:
Modification in file hordegw/pear/php/Horde/Core/Secret/Cbc.php

From:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]))

To:
if (!isset($this->_cipherCache[self::HORDE_KEYNAME]) || 
$this->_cipherCache[self::HORDE_KEYNAME]->key!=$key)
2016-01-29 10:16:49 Jan Schneider Comment #2
Assigned to Horde DevelopersHorde Developers
State ⇒ Assigned
Priority ⇒ 1. Low
Milestone ⇒
Reply to this comment
2016-01-29 09:59:10 lukas_barros (at) hotmail (dot) com Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Log in into Horde Groupware from another website
Queue ⇒ IMP
Milestone ⇒ 6.2.11
Patch ⇒ No
New Attachment: ERROR.png Download
Reply to this comment
I have a problem logging in into Horde groupware from another website, 
it used to work on version 5.1.3 (Groupware), but after upgrading to 
5.2.11(Groupware) it stopped working. It doesnt work in the first 
time, but it does when I try to log in a second time, unless I reset 
the cookies after the first try.

Additional info:

Error: "User <USER NAME> is not authorized for Mail (Host: <address>)"

Form used to login:

<html>
<head>
<script src="/js/jquery.min.js"></script>
<script>
$(document).ready(function() {
    $('#auto-login').submit();
});
</script>
</head>

    <body>
       <form id="auto-login" method="post" 
action="https://<hordeaddres>/login.php">
          <input type="hidden" name="app" value="" />
          <input type="hidden" name="login_post" value="0" />
          <input type="hidden" name="url" value="" />
          <input type="hidden" name="anchor_string" value="" />
          <input type="hidden" name="horde_user" value="<user>" />
          <input type="hidden" name="horde_pass" value="<password>" />
          <input type="hidden" name="login_button" value="Log in" />
      </form>
    </body>
</html>


Saved Queries