LDAP login with user creation does not correct user input for "username"

More
1 month 3 weeks ago #157930 by bdeprez
bdeprez created the topic: LDAP login with user creation does not correct user input for "username&quo
We have a setup of Limesurvey with LDAP authentication and automated user creation.
We use "mail" as the user account so users would log on with "This email address is being protected from spambots. You need JavaScript enabled to view it."

Now, when a user logs on the very first time and makes a mistake in the case used to type their email address (eg. This email address is being protected from spambots. You need JavaScript enabled to view it.) then the LDAP will return the official full name and the email address HOWEVER the user will be created with the email address with an upper case F instead of lower case...

So, when the user comes back, they try to log in BUT since this time they use the correct email address (This email address is being protected from spambots. You need JavaScript enabled to view it. - so no upper case F) - the LDAP will return a correct response but Limesurvey will default to the login screen - the user CANNOT access Limesurvey! It is also NOT registered as a 'failed login attempt' in the audit log...

Probably the solution is to correct the email address as entered in the "username" field by the user with the email address taken from the reply from LDAP.

I created a bug 12628 for this...

B.

Please Log in to join the conversation.

More
5 days 20 hours ago #159650 by bdeprez
bdeprez replied the topic: LDAP login with user creation does not correct user input for "username&quo
Dear all,

Would anybody know of a feasible and temporary workaround to fix this?

I was looking at doing this:

strtolower(str_replace(' ', '', userid));

somewhere in the code but I can't figure out where to put this... I tried AuthLDAP.php but probably need to do that right after the user clicks "Logon" after having filled in the login form but can't figure it out...

Anybody who could give me a hint?

Thanks a ton in advance!
B.

Please Log in to join the conversation.

More
5 days 19 hours ago #159654 by bdeprez
bdeprez replied the topic: LDAP login with user creation does not correct user input for "username&quo
Found the location to put this: in the function "setUsername" in AuthPluginBase.php

I added: "$username = strtolower(str_replace(' ', '', $username)); as the first line in that function.

and now it filters out the spaces and capital letters as soon as the form has been submitted.

I know this is suboptimal since I will need to update my code each time I update Limesurvey but it does the trick and prevents irked users.

If anybody has any ideas how to fix this in a better way, I'm open to suggestions!

Thanks,
B.

Please Log in to join the conversation.

More
5 days 1 hour ago - 5 days 1 hour ago #159663 by DenisChenu
DenisChenu replied the topic: LDAP login with user creation does not correct user input for "username&quo

bdeprez wrote: …
I know this is suboptimal since I will need to update my code each time I update Limesurvey but it does the trick and prevents irked users.

If anybody has any ideas how to fix this in a better way, I'm open to suggestions!

Because AuthLdap is a plugin, you can easily:

1. Copy whole AuthLdap directory to /plugins/ directory
2. Update directory and php file to myAuthLDAP
3. Update className to myAuthLDAP
3. Update name to myLDAP
4. Deactivate the core AuthLDAP plugin
5. Activate and configure myAuthLDAP plugin.

Denis

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .
Last Edit: 5 days 1 hour ago by DenisChenu. Reason: url fix

Please Log in to join the conversation.

More
4 days 13 hours ago - 4 days 13 hours ago #159666 by bdeprez
bdeprez replied the topic: LDAP login with user creation does not correct user input for "username&quo
Hi Denis,

Thanks very much indeed for that suggestion... Now, since I'm pretty new to PHP, I was wondering how to do this...

If I do all the steps you stated, I would still have to copy the function into "myAuthLDAP" right?

So I would need to copy that function in myAuthLDAP and then add my line in it:
protected function setUsername($username)
    {
        $username = strtolower(str_replace(' ', '', $username));
        $this->_username = $username;
        $event = $this->getEvent();
        $identity = $this->getEvent()->get('identity');
        $identity->username = $username;
 
        $event->set('identity', $identity);
 
        return $this;
    }

Is that a correct understanding? And, if so, where should I add it? At the beginning?

Sorry if this is a noob question :-)

Thanks
B.
Last Edit: 4 days 13 hours ago by bdeprez.

Please Log in to join the conversation.

More
4 days 3 hours ago #159668 by DenisChenu
DenisChenu replied the topic: LDAP login with user creation does not correct user input for "username&quo
I say : copy WHOLE file, the you create a totally new plugin and just update inside the setUsername function.

After you have the old AuthLDAP->setUsername function, but you use myAuthLDAP->setUsername function. because you use myAuthLDAP Class.

Assistance on LimeSurvey forum and LimeSurvey core development are on my free time.
I'm not a LimeSurvey GmbH member, professional service on demand (or search sondages pro).
An error happen ? Before make a new topic : remind the Debug mode .

Please Log in to join the conversation.

Start now!

Just create your account and start using Limesurvey today.

Register now