Skip Menu |

This queue is for tickets about the Dancer2-Plugin-Auth-ActiveDirectory CPAN distribution.

Report information
The Basics
Id: 131400
Status: open
Priority: 0/
Queue: Dancer2-Plugin-Auth-ActiveDirectory
People
Owner: MZIESCHA [...] cpan.org
Requestors: davidp [...] preshweb.co.uk
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Thu Jan 09 04:56:40 2020 davidp [...] preshweb.co.uk - Ticket created
Subject: error-checking of call to Auth::ActiveDirectory->authenticate()
A user on irc.perl.org/#dancer was having problems using Dancer2::Plugin::Auth::ActiveDirectory, and in looking in to it, I see that the plugin does not appear to error-check the result from Auth::ActiveDirectory->authenticate() correctly. It checks for $user->{error}, but he documentation for Auth::ActiveDirectory says: # returns object from logged in user or undef if it fails my $user = $obj->authenticate( $args{username}, $args{password} ); The patch below should resolve it, and also improves the documentation a little. I've not tested it, though, as I don't have an ActiveDirectory testbed to try it against. --- /home/davidp/tmp/vimbackups/ActiveDirectory.pm_20200109-095103 2016-12-30 06:32:51.000000000 +0000 +++ lib/Dancer2/Plugin/Auth/ActiveDirectory.pm 2020-01-09 09:52:34.397872270 +0000 @@ -129,14 +129,16 @@ =head2 authenticate -Basicaly the subroutine for authentication in the ActiveDirectory +Authenticate the user against ActiveDirectory; calls +L<Auth::ActiveDirectory/authenticate> and reutrns a hashref of information +about the found user, if authentication was successful, or undef if not. =cut register authenticate => sub { my ( $dsl, $name, $pass ) = @_; my $user = _connect_to_ad($dsl)->authenticate( $name, $pass ); - return $user if $user->{error}; + return $user if !$user; my $user_groups = [ map { $_->name } @{ $user->groups } ]; return { uid => $user->uid,
  Thu Jan 09 10:26:38 2020 tieupyourcamel.ds [...] gmail.com - Correspondence added
I have tested BIGPRESH's patch and the results are different than my previous behavior: I've added a line to my route to handle failed logins, and I get that template when I enter a correct password, and an error when I enter an invalid password. # from myapp.pm: post '/loginPost' => sub { session 'user' => authenticate( params->{user}, params->{pass} ); return template 'loginFailed', {} unless ( session('user') ); return template 'loggedIn', {}; }; # error message on bad password Error 500 - Internal Server Error Runtime Error Failed to authenticate user 'user@our.domain.com'. Reason: '80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db0' at /home/camel/perl5/perlbrew/perls/perl-5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm line 73. /home/camel/perl5/perlbrew/perls/perl-5.30.1/lib/site_perl/5.30.1/Auth/ActiveDirectory.pm around line 73 68 sub _v_is_error { 69 my ( $message, $s_user ) = @_; 70 return 0 if ( !$message->is_error ); 71 my $error = $message->error; 72 my $level = $message->code == LDAP_INVALID_CREDENTIALS ? 'debug' : 'error'; 73 die qq/Failed to authenticate user '$s_user'. Reason: '$error'/; 74 return 1; 75 } 76 77 =head2 _parse_error_message On Thu Jan 09 04:56:40 2020, BIGPRESH wrote: Show quoted text
> A user on irc.perl.org/#dancer was having problems using > Dancer2::Plugin::Auth::ActiveDirectory, and in looking in to it, I see > that the plugin does not appear to error-check the result from > Auth::ActiveDirectory->authenticate() correctly. > > It checks for $user->{error}, but he documentation for > Auth::ActiveDirectory says: > > # returns object from logged in user or undef if it fails > my $user = $obj->authenticate( $args{username}, $args{password} ); > > The patch below should resolve it, and also improves the documentation > a little. > > I've not tested it, though, as I don't have an ActiveDirectory testbed > to try it against. > > > --- /home/davidp/tmp/vimbackups/ActiveDirectory.pm_20200109-095103 > 2016-12-30 06:32:51.000000000 +0000 > +++ lib/Dancer2/Plugin/Auth/ActiveDirectory.pm 2020-01-09 > 09:52:34.397872270 +0000 > @@ -129,14 +129,16 @@ > > =head2 authenticate > > -Basicaly the subroutine for authentication in the ActiveDirectory > +Authenticate the user against ActiveDirectory; calls > +L<Auth::ActiveDirectory/authenticate> and reutrns a hashref of > information > +about the found user, if authentication was successful, or undef if > not. > > =cut > > register authenticate => sub { > my ( $dsl, $name, $pass ) = @_; > my $user = _connect_to_ad($dsl)->authenticate( $name, $pass ); > - return $user if $user->{error}; > + return $user if !$user; > my $user_groups = [ map { $_->name } @{ $user->groups } ]; > return { > uid => $user->uid,
  Thu Jan 09 10:26:39 2020 The RT System itself - Status changed from 'new' to 'open'
  Tue Jan 21 03:08:18 2020 MZIESCHA [...] cpan.org - Taken