search

UpendoVentures / Upendo-DNN-Simple-Auth-Provider

This extension for DNN allows you to switch from the default DNN login, to use a more user-friendly approach that requires entering a code from your email account.
https://upendoventures.com/What/CMS/DNN
MIT License
2 stars 1 forks source link

Untrapped Exception Occurred on Log In Attempt #21

Closed WillStrohl closed 1 year ago

WillStrohl commented 1 year ago

Sponsorship

If this request requires additional support (e.g., such as direct email/phone/meeting/development), I have the following interest in helping to sponsor the effot via GitHub Sponsors:

Describe the bug

When I tried testing this, I successfully sent the notification, but then changed the casing of a single character, then attempted to validate the code. An exception was thrown, and I was redirected to the home page.

Software Versions

To Reproduce

Steps to reproduce the behavior:

  1. Clean install of both.
  2. Enable the provider in the persona bar > Site Settings.
  3. Enable SMTP so emails will be sent (e.g., Smtp4Dev in development).
  4. Attempt to log in as the superuser in an incognito window. This requires entering your username, and then clicking the Send Code link.
  5. Copy the code from the email.
  6. Before submitting, change any upper-case character to a lower-case character.
  7. Click the Login button.

Expected behavior

There should have been an error message of some kind telling me that the code was not valid. (It is good for this to be case-sensitive.)

Actual behavior

An exception occurred, and I was redirected to the homepage.

Screenshots

If applicable, add screenshots to help explain your problem.

Error log

Message: Object reference not set to an instance of an object.  
StackTrace:  
InnerMessage: Object reference not set to an instance of an object.  
InnerStackTrace:  
   at UpendoVentures.Auth.UpendoDnnSimpleAuthProvider.Login.OnLoginClick(Object sender, EventArgs e)  
   at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)  
   at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)  
   at System.Web.UI.Page.<ProcessRequestMainAsync>d__523.MoveNext()

With Symbols Loaded: 

   at UpendoVentures.Auth.UpendoDnnSimpleAuthProvider.Login.OnLoginClick(Object sender, EventArgs e) in C:\Work\Dnn.Modules\UpendoSimpleAuth\Upendo-DNN-Simple-Auth-Provider\Modules\UpendoDnnSimpleAuthProvider\Login.ascx.cs:line 403
   at System.Web.UI.WebControls.LinkButton.OnClick(EventArgs e)
   at System.Web.UI.WebControls.LinkButton.RaisePostBackEvent(String eventArgument)
   at System.Web.UI.Page.<ProcessRequestMainAsync>d__523.MoveNext()

Additional context

This appears to be happening because the person that is entering the authentication details will always be assuming their username. To them, the username is whatever they've been using. It might be an email address, or it might literally be some sort of username.

image

Then, in the code, it's always assuming the email address is used. If a username was used, there will never be a user found.

image

WillStrohl commented 1 year ago

The correct fix here is as follows:

  1. If either the username or verification code are incorrect, it's the same result. A piece of information was incorrect. That's it. The same error message is displayed.
  2. The Email column in the database should be renamed to Username. All related code will need to be updated.
  3. The Code column in the database should be renamed to ValidationPacket to make its contents a bit more vague.
  4. The code that is trying to tie together the username shouldn't be querying the Email property. Instead, it should be querying the Username property.

Also, please rename the data table from Upendo_Simple_Auth_VerificationCodes to Upendo_SimpleAuthVerification. This should need to be done in both SqlDataProvider files.

ArielBlanco1990 commented 1 year ago

Understood! I get to work on this quickly.