Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RemoteAuthLogin and other auth plugins no longer work #1835

Open
1 task done
sevmonster opened this issue Nov 6, 2024 · 0 comments
Open
1 task done

RemoteAuthLogin and other auth plugins no longer work #1835

sevmonster opened this issue Nov 6, 2024 · 0 comments

Comments

@sevmonster
Copy link

sevmonster commented Nov 6, 2024
edited
Loading

Describe the bug
I upgraded from v2.35, and now login-remote no longer works. It will redirect back to the login page instead of logging in. If the custom login URL is set to /?RemoteAutoLogin, you will enter an endless loop. I made no changes to the config, merely upgraded.

Disabling the plugin and removing the login redirect allows me to log in manually.

Looks like at some point the login mechanism was updated to use the SecureString class, and the plugin was not. This also affects the login-cpanel plugin, and maybe other plugins, since they also do not use SecureString.

I was able to fix this by wrapping $sPassword in new \SnappyMail\SensitiveString().

To Reproduce
Steps to reproduce the behavior:

  1. Set up a proxy in front of Snappymail or use a browser that can add headers
  2. Send REMOTE_USER and REMOTE_PASSWORD in request to /?RemoveAutoLogin
  3. Get redirected back to / with login cookies set
  4. Doesn't work, asks you to log in again

Expected behavior
It works

Please complete the following information:

  • Browser: Firefox 132.0-1
  • IMAP daemon: dovecot
  • PHP version: 8.3.14
  • SnappyMail Version: 2.38.2
  • Mode: standalone

Debug/logging information

  • I've placed them here (few lines) or as attachments (many lines)
[2024-12-18 18:48:36.051][b72e10fe] [NOTICE]: TypeError: RainLoop\Actions::LoginProcess(): Argument #2 ($oPassword) must be of type SnappyMail\SensitiveString, string given, called in /srv/www/snappymail/data/_data_/_default_/plugins/login-remote/index.php on line 46 and defined in /srv/www/snappymail/snappymail/v/2.38.2/app/libraries/RainLoop/Actions/UserAuth.php:142
Stack trace:
#0 /srv/www/snappymail/data/_data_/_default_/plugins/login-remote/index.php(46): RainLoop\Actions->LoginProcess()
#1 /srv/www/snappymail/snappymail/v/2.38.2/app/libraries/RainLoop/Plugins/Manager.php(371): LoginRemotePlugin->ServiceRemoteAutoLogin()
#2 /srv/www/snappymail/snappymail/v/2.38.2/app/libraries/RainLoop/Service.php(133): RainLoop\Plugins\Manager->RunAdditionalPart()
#3 /srv/www/snappymail/snappymail/v/2.38.2/app/libraries/RainLoop/Service.php(14): RainLoop\Service::RunResult()
#4 /srv/www/snappymail/snappymail/v/2.38.2/include.php(137): RainLoop\Service::Handle()
#5 /srv/www/snappymail/index.php(11): include('...')
#6 {main}

Additional context
I set up a new instance with new configuration and it still happens after reinstalling the plugin.
@sevmonster sevmonster changed the title RemoteAuthLogin no longer works RemoteAuthLogin and other auth plugins no longer work Dec 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sevmonster