SpacyNG / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

"forgotten username" does not work #69

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. install the new version pwm_b1039.zip
2. Use the "Forgotten username" feature

What is the expected output? What do you see instead?
The app seems cannot read the configuration attribute and lists all the dafault 
option (Username, last name, first name, email, email confirmation, telephone 
number).

What version of the product are you using? On what operating system?
The last version, pwm_b1039.zip on SUSE 10 SP1.

Please provide any additional information below.
We have to use this version. The pwm 1.5.3 does not seem to work with other 
languages.

Original issue reported on code.google.com by spell...@gmail.com on 24 May 2011 at 9:20

GoogleCodeExporter commented 9 years ago
Could you add some more information, like information from the logs? How did 
you configure PWM (through the interface or using a text editor)? Is the 
configuration file readable by the user account that runs the application 
server?

About languages: you can add more languages by modifying web.xml and creating 
the required properties files. Of course, you're always welcome to provide and 
maintain new localisations.

Original comment by menno.pi...@gmail.com on 24 May 2011 at 9:27

GoogleCodeExporter commented 9 years ago
Here log trace during "forgotten username":
2011-05-24 12:21:50, TRACE, pwm.SessionFilter, {3} GET request for: 
/pwm/public/ForgottenUsername (no params)  
[10.10.3.94/http-services.datasiel.net]
2011-05-24 12:21:50, DEBUG, pwm.CaptchaFilter, {3} reCaptcha private or public 
key not configured, skipping captcha check 
[10.10.3.94/http-services.datasiel.net]

In the config we have this:
mail:Email Address:email:3:50:true:false
surname:Last Name:text:2:50:true:false
The "forgotten username" lists these params: Username, first name, last name, 
emanil address, confirm email address, telepfone number.

I have imported the configuration from an export file (from 1.5.3 version).
I have configured PWM using the web interface.
No problem with the configuration file.
I used the italian language.

Original comment by spell...@gmail.com on 24 May 2011 at 10:31

GoogleCodeExporter commented 9 years ago
Any interesting log entries during startup (which is the phase where the 
configuration is read)? Did saving the configuration succeed and did the 
restart succeed after changing the configuration?

Italian is supported by version 1.5.3. You may want to update the language 
files from SVN, because these files have been updates recently.

I do recommend, you upgrade to the latest stable version or try the SVN 
release, which has even more features and fixes.

Also, double check all file permissions!

Original comment by menno.pi...@gmail.com on 24 May 2011 at 10:43

GoogleCodeExporter commented 9 years ago
The config file is updated and I restarted the tomcat instance.
This is PwmConfiguration.xml extract:
---
    <setting key="forgottenUsername.enable" syntax="BOOLEAN">
      <label>Enable Forgotten Username</label>
      <value><![CDATA[true]]></value>
    </setting>
    <setting key="forgottenUsername.form" syntax="LOCALIZED_STRING_ARRAY">
      <label>Forgotten Username Form</label>
      <value><![CDATA[mail:Email Address:email:3:50:true:false]]></value>
      <value><![CDATA[surname:Last Name:text:2:50:true:false]]></value>
      <value locale="it"><![CDATA[mail:Indirizzo di email:email:3:50:true:false]]></value>
      <value locale="it"><![CDATA[surname:Cognome:text:2:50:true:false]]></value>
    </setting>
    <setting key="forgottenUsername.searchFilter" syntax="STRING">
      <label>Forgotten Username Search Filter</label>
      <default />
    </setting>
    <setting key="forgottenUsername.usernameAttribute" syntax="STRING">
      <label>Username LDAP Attribute</label>
      <default />
    </setting>
---
The "Forgotten username" always returns the same params: Username, first name, 
last name, emanil address, confirm email address, telepfone number.

Original comment by spell...@gmail.com on 24 May 2011 at 11:51

Attachments:

GoogleCodeExporter commented 9 years ago
Sorry, you're absolutely right... I wasn't looking... USERNAME... not 
password... 

I'm looking into it.

Original comment by menno.pi...@gmail.com on 24 May 2011 at 12:20

GoogleCodeExporter commented 9 years ago
Fixed in revision 167.
The wrong form was selected in 
/pwm/servlet/src/password/pwm/tag/ShowFormTag.java
this has been corrected.

Original comment by menno.pi...@gmail.com on 24 May 2011 at 12:23

GoogleCodeExporter commented 9 years ago
Thanks you
"Italian is supported by version 1.5.3"
Do I have to put in the URL the parameter pwmLocale=it in all the requests?

"You may want to update the language files from SVN, because these files have 
been updates recently."
How can update the language file? Do I have to download from svn the 1.5.3 tag 
and rebuild pwm.war?

Best regards
 Sandro

Original comment by spell...@gmail.com on 24 May 2011 at 12:46

GoogleCodeExporter commented 9 years ago
PWM should detect your default language from your browser (you may have to
delete your sessions cookies, before that works). If it doesn't, you can use
the language switcher at the bottom (right click).

You should use the ones from the trunk release:

   -
   http://pwm.googlecode.com/svn/trunk/pwm/servlet/src/password/pwm/config/Display_it.properties
   -
   http://pwm.googlecode.com/svn/trunk/pwm/servlet/src/password/pwm/config/Message_it.properties
   -
   http://pwm.googlecode.com/svn/trunk/pwm/servlet/src/password/pwm/error/PwmError_it.properties

These will be included in the upcoming 1.5.4 release.

Original comment by menno.pi...@gmail.com on 24 May 2011 at 12:55

GoogleCodeExporter commented 9 years ago
I built v1.5.4 devbuild b1039 version.
Using "Forgotten Username" we have this exception:
---
2011-05-25 10:26:59, DEBUG, pwm.CaptchaFilter, {1} reCaptcha private or public 
key not configured, skipping captcha check 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:09, DEBUG, servlet.ForgottenUsernameServlet, {1} performing 
ldap search for user, base=o=LIGURIA 
filter=(&(objectClass=person)(mail=s.pellerano@datasiel.net)(surname=testpol0)) 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:09, DEBUG, servlet.ForgottenUsernameServlet, {1} found userDN: 
cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:09, INFO , servlet.ForgottenUsernameServlet, {1} found user 
cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:09, DEBUG, util.IntruderManager, {1} address intruder count 
reset for 10.10.3.94 [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:11, WARN , servlet.TopServlet, {1} unexpected exception during 
page generation: Cannot forward after response has been committed 
[10.10.3.94/http-services.datasiel.net]
java.lang.IllegalStateException: Cannot forward after response has been 
committed
        at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:312)
        at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:302)
        at password.pwm.servlet.ForgottenUsernameServlet.forwardToJSP(ForgottenUsernameServlet.java:197)
        at password.pwm.servlet.ForgottenUsernameServlet.handleSearchRequest(ForgottenUsernameServlet.java:142)
        at password.pwm.servlet.ForgottenUsernameServlet.processRequest(ForgottenUsernameServlet.java:79)
        at password.pwm.servlet.TopServlet.handleRequest(TopServlet.java:74)
        at password.pwm.servlet.TopServlet.doPost(TopServlet.java:115)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.CaptchaFilter.doFilter(CaptchaFilter.java:56)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.SessionFilter.doFilter(SessionFilter.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Unknown Source)
2011-05-25 10:27:11, WARN , pwm.CaptchaFilter, {1} error during captcha filter: 
Cannot forward after response has been committed 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:11, DEBUG, pwm.CaptchaFilter, {1} session requires captcha 
verification, redirecting to Captcha servlet 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:27:11, WARN , pwm.SessionFilter, {1} unhandled exception 
[10.10.3.94/http-services.datasiel.net]
java.lang.IllegalStateException
        at org.apache.catalina.connector.ResponseFacade.sendRedirect(ResponseFacade.java:435)
        at password.pwm.CaptchaFilter.doFilter(CaptchaFilter.java:78)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at password.pwm.SessionFilter.doFilter(SessionFilter.java:231)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Unknown Source)
---
Best regards
 Sandro

Original comment by spell...@gmail.com on 25 May 2011 at 8:33

GoogleCodeExporter commented 9 years ago
The same exception using the forgotten password.
Extract from catalina.out:
---

2011-05-25 10:38:40, TRACE, pwm.SessionFilter, {4} POST request for: 
/pwm/public/CommandServlet  [10.10.3.94/http-services.datasiel.net]
  button='Continua'
  processAction='continue'
2011-05-25 10:38:40, TRACE, servlet.CommandServlet, {4} received request for 
action continue [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:40, TRACE, servlet.CommandServlet, {4} redirecting user to 
forward url: /pwm [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:40, TRACE, pwm.SessionFilter, {4} GET request for: /pwm/ (no 
params)  [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:45, TRACE, pwm.SessionFilter, {4} GET request for: 
/pwm/public/CommandServlet  [10.10.3.94/http-services.datasiel.net]
  processAction='continue'
2011-05-25 10:38:45, TRACE, servlet.CommandServlet, {4} received request for 
action continue [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:45, TRACE, servlet.CommandServlet, {4} redirecting user to 
forward url: /pwm [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:45, TRACE, pwm.SessionFilter, {4} GET request for: /pwm/ (no 
params)  [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:47, TRACE, pwm.SessionFilter, {4} GET request for: 
/pwm/public/ForgottenPassword (no params)  
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:51, TRACE, pwm.SessionFilter, {4} POST request for: 
/pwm/public/ForgottenPassword  [10.10.3.94/http-services.datasiel.net]
  pwmFormID='9ggynHar63fKZNz2taUmQzqrTgCehJl8583f6073130264c3614'
  processAction='search'
  username='testpol0'
2011-05-25 10:38:51, TRACE, pwm.UserStatusHelper, {4} attempting username 
search for 'testpol0' in context o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:51, TRACE, pwm.UserStatusHelper, {4} search for username: 
(&(objectClass=person)(cn=testpol0)), searchDN: o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:51, TRACE, pwm.UserStatusHelper, {4} username match found: 
cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:59, TRACE, pwm.SessionFilter, {4} POST request for: 
/pwm/public/ForgottenPassword  [10.10.3.94/http-services.datasiel.net]
  pwmFormID='9ggynHar63fKZNz2taUmQzqrTgCehJl8583f6073130264c3614'
  sn='testpol0'
  processAction='checkResponses'
2011-05-25 10:38:59, TRACE, servlet.ForgottenPasswordServlet, {4} successful 
validation of ldap value for 'sn' [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:59, DEBUG, servlet.ForgottenPasswordServlet, {4} generated 
token code for session: SX7YXY [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:59, DEBUG, servlet.ForgottenPasswordServlet, {4} token email 
added to send queue for s.pellerano@datasiel.net 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:38:59, DEBUG, util.EmailQueueManager, successfully sent email: 
from: Dev Forgotten Password Agent <noreply@datasiel.net>, to: 
s.pellerano@datasiel.net, subject: Forgotten Password Information
2011-05-25 10:39:09, TRACE, pwm.SessionFilter, {4} GET request for: 
/pwm/public/ForgottenPassword/SX7YXY (no params)  
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, DEBUG, servlet.ForgottenPasswordServlet, {4} detected long 
servlet url, redirecting user to 
/pwm/public/ForgottenPassword?processAction=forgottenCode&code=SX7YXY&pwmFormID=
9ggynHar63fKZNz2taUmQzqrTgCehJl8583f6073130264c3614 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, TRACE, pwm.SessionFilter, {4} GET request for: 
/pwm/public/ForgottenPassword  [10.10.3.94/http-services.datasiel.net]
  pwmFormID='9ggynHar63fKZNz2taUmQzqrTgCehJl8583f6073130264c3614'
  code='SX7YXY'
  processAction='forgottenCode'
2011-05-25 10:39:09, DEBUG, servlet.ForgottenPasswordServlet, {4} token 
validation has been passed [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, TRACE, entry.EdirEntries, using active universal password 
policy for user cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA at cn=RL 
policy,cn=Password Policies,cn=Security
2011-05-25 10:39:09, DEBUG, pwm.PwmPasswordPolicy, {4} discovered assigned 
password policy for cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA at 
cn=RL policy,cn=Password Policies,cn=Security PwmPasswordPolicy: 
{MinimumLowerCase=0, MinimumSpecial=0, MaximumUpperCase=0, MaximumNumeric=0, 
MinimumLifetime=0, MinimumUnique=0, 
chai.pwrule.novellComplexity=<ComplexityPolicies><Policy><RuleSet><Rule 
MinPwdLen="8" /><Rule MaxPwdLen="128" /></RuleSet><RuleSet 
ViolationsAllowed="1"><Rule MinUppercase="1" /><Rule MinLowercase="1" /><Rule 
MinNumeric="1" /><Rule MinSpecial="1" 
/></RuleSet></Policy></ComplexityPolicies>, DisallowedAttributes=[CN, Given 
Name, Surname, displayName, Full Name], UniqueRequired=TRUE, AllowNumeric=TRUE, 
CaseSensitive=TRUE, ChangeMessage=RL policy, ExpirationInterval=7776000, 
MaximumLowerCase=0, AllowSpecial=TRUE, MaximumLength=512, 
AllowFirstCharNumeric=TRUE, MinimumLength=0, MaximumSequentialRepeat=0, 
MinimumNumeric=0, AllowLastCharSpecial=TRUE, PolicyEnabled=true, 
MaximumSpecial=0, MinimumUpperCase=0, AllowFirstCharSpecial=TRUE, 
DisallowedValues=[], AllowLastCharNumeric=TRUE} 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, DEBUG, pwm.PwmPasswordPolicy, {4} merged password policy 
with PWM configured policy: PwmPasswordPolicy: {MinimumLowerCase=0, 
MinimumSpecial=0, MaximumUpperCase=0, MaximumNumeric=0, EnableWordlist=true, 
MinimumLifetime=0, RegExMatch=, MinimumUnique=0, MinimumNonAlpha=null, 
DisallowedAttributes=[sn, cn, Given Name, Full Name, Surname, givenName, 
displayName, CN], UniqueRequired=true, MinimumStrength=45, AllowNumeric=true, 
CaseSensitive=true, ChangeMessage=RL policy, ExpirationInterval=7776000, 
MinimumAlpha=null, MaximumLowerCase=0, AllowSpecial=true, ADComplexity=false, 
MaximumLength=64, MaximumRepeat=null, AllowFirstCharNumeric=true, 
MinimumLength=8, MaximumSequentialRepeat=0, AllowLastCharSpecial=true, 
MinimumNumeric=0, MaximumAlpha=null, PolicyEnabled=true, RegExNoMatch=, 
MaximumNonAlpha=null, MaximumSpecial=0, MinimumUpperCase=0, 
AllowFirstCharSpecial=true, AllowLastCharNumeric=true, DisallowedValues=[test, 
password]} [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, TRACE, pwm.PwmPasswordPolicy, {4} createPwmPasswordPolicy 
completed in 7ms [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, TRACE, pwm.UserStatusHelper, {4} beginning password status 
check process for cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA 
[10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, TRACE, pwm.UserStatusHelper, {4} password for 
cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA does not appear to be 
expired [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, DEBUG, pwm.UserStatusHelper, {4} completed user password 
status check for cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA 
PasswordStatus {expired=false, pre-expired=false, warn=false, 
violatesPolicy=false} (6ms) [10.10.3.94/http-services.datasiel.net]
2011-05-25 10:39:09, ERROR, servlet.ForgottenPasswordServlet, {4} 5046 
ERROR_UNLOCK_FAILURE (unable to unlock user 
cn=testpol0,ou=testPolicy,ou=InternalUsers,o=LIGURIA error: error writing to 
lockedByIntruder: [LDAP: error code 16 - NDS error: no such value (-602)]) 
[10.10.3.94/http-services.datasiel.net]
---

Original comment by spell...@gmail.com on 25 May 2011 at 8:40

GoogleCodeExporter commented 9 years ago
Fixed in revision 168.

Original comment by menno.pi...@gmail.com on 25 May 2011 at 2:44