roller-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Johnson (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (ROL-2132) Remember me is broken
Date Sun, 21 Apr 2019 19:21:00 GMT

     [ https://issues.apache.org/jira/browse/ROL-2132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Johnson resolved ROL-2132.
--------------------------------
    Resolution: Fixed

I was able to reproduce this problem by setting up OpenLDAP and setting up Roller to use it
for authentication. The problem was that when a user returned to Roller the user's remember-me
token did not match the one calculated by Roller.  The cause was that the password used to
calculate the initial remember-me token was the Roller user's password and the one used to
calculate the expected remember-me token was using the empty or non-existing one returned
by LDAP.

The fix is the use a dummy password to calculate the remember-me token when LDAP is enabled.
Here's the code:

https://github.com/apache/roller/commit/21c92aafd850a5477450284c127e52612bd2d585

> Remember me is broken
> ---------------------
>
>                 Key: ROL-2132
>                 URL: https://issues.apache.org/jira/browse/ROL-2132
>             Project: Apache Roller
>          Issue Type: Bug
>          Components: User Interface - General
>            Reporter: David Johnson
>            Assignee: David Johnson
>            Priority: Major
>             Fix For: 5.2.3
>
>
> Clicking remember-me does not result in remembering the user and (on blogs.apache.org)
can lead to an error page.
> Remember-me is working for me locally (Tomcat 8, PostgreSQL) so I suspect this problem
is related to Spring Security and LDAP configuration of blogs.apache.org.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message