search

wolfd / pwm

PWM is an open source password self service application for LDAP directories. - exported from code.google.com/p/pwm
http://pwmdemo.weisberg.net/
0 stars 1 forks source link

Admin permissions not checked correctly in trunk #512

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Login as user with pwm admin rights
2. Check whether administration is available on main menu 

What is the expected output? What do you see instead?

Expect to see link/button to administration functions. In recent builds the 
link is sometimes available and sometimes not. After clearing cookies or 
restarting the browser (Firefox) the link is (most often) not available after 
first login, but available on the second try.

The issue also affects the availability of the configuration menu.

I could not reproduce this with release 1.7.0 using the same configuration. The 
issue happened at least with r.640 (added r.641 to debug the problem).

Please use labels and text to provide additional information.

...something must have changed to the permissions since 1.7.0. I have not 
figured out what, but it looks like some caching or uninitialized or 
incorrectly initialized values.

Original issue reported on code.google.com by menno.pi...@gmail.com on 12 Nov 2013 at 3:18

GoogleCodeExporter commented 9 years ago 
Got a log trace?  We should be able to see the admin query check in the log 
when the user hits the menu page.

Original comment by jrivard on 12 Nov 2013 at 5:14

GoogleCodeExporter commented 9 years ago 
A trace is attached. It seems that the user info bean is not complete:

AFTER login, I see the message:

2013-11-12T19:56:25Z, DEBUG, pwm.Permission, Checking permission PWMADMIN for 
user null

I've marked my login's and logout in the file.

Original comment by menno.pi...@gmail.com on 12 Nov 2013 at 7:14

Attachments:

GoogleCodeExporter commented 9 years ago 
The procedure to get the menu _with_ the Administration link:

* Log out
* go to pwm -> login page
* clear cookies for the PWM site
* shift-reload the login page (URL changes with session)
* login
* menu item is missing
* logout
* login
* menu item is available

Original comment by menno.pi...@gmail.com on 12 Nov 2013 at 7:16

GoogleCodeExporter commented 9 years ago 
Fixed in r650.

Original comment by menno.pi...@gmail.com on 25 Nov 2013 at 7:32