Project

General

Profile

Actions

Bug #38535

closed

No login possible with Google Chrome under 4.7 with RSA authmode

Added by Armin Vieweg over 11 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Authentication
Target version:
Start date:
2012-07-02
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.7
PHP Version:
Tags:
Complexity:
hard
Is Regression:
No
Sprint Focus:

Description

Hi Guys,

while I have tried to figure out a solution for this bug (#38418), I realized that not the extension was the problem, the whole browser is!

I have uninstalled every extension and can't still log in to backend.
This issue just happens under Google Chrome with TYPO3 4.7 and RSA as backend authmode. I haven't tried 4.6 - but under 4.5 (with RSA) it works. And with other browser, i.e. Firefox the login works well, too.

Maybe this issue is related with #37421.

Thanks in advance!
Armin


Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #37421: RSA Auth prevents User from loginClosed2012-05-23

Actions
Has duplicate TYPO3 Core - Bug #50264: rsaauth + salted passwords > Frontend-Login by Chrome not possibleClosed2013-07-22

Actions
Actions #1

Updated by Viktor Livakivskyi over 11 years ago

I'm also experiencing this issue with Chrome only.
Both: FE and BE logins do not work.
TYPO3 4.7.4.
Chrome 22.

I don't think, that it is related to #37421, since those are issues about time shift, but here is some misterious mess.
I've spent the whole day, debugging t3lib_userauth and tx_rsaauth_sv1, and found really strange thing: openssl_private_decrypt() fails to decrypt password even with correct data, when called inside of tx_rsaauth_sv1 and login is intiated by Google Chrome.

Here is my debug code inside processLoginData() of class.tx_rsaauth_sv1.php:

...
if ($key != NULL && substr($password, 0, 4) === 'rsa:') {
$localData = substr($password, 4);
debug($localData);
debug($key);
openssl_private_decrypt(base64_decode($localData), $localDcr, $key);
debug($localDcr, 'local decrypt');
}
...

First debug line returns data to decrypt.
Second line returns private key.
And the third line returns the result.

When I cal in FF, IE, Opera - login is successfull and third line gives me a decrupted password.
But when I call in Chrome - login fails and third line is 'debug'.
Moreover, when I copy the data and private key, then paste them into simple openssl.php:
openssl_private_decrypt(base64_decode('*[data from a first debug line]*'), $result, '*[data from second debug line]*');
echo $result;
?>
Correctly decrypted password is echoed! Even, if openssl.php is called from Chrome.
So, I really can't understand, why openssl_private_decrypt doesn't put correct value, when called in TYPO3 scope and from Chrome.

Any clues?

Actions #2

Updated by Marcus Schwemer over 10 years ago

I can reproduce the issue on TYPO3 V.6.2 alpha1.

Actions #3

Updated by Philipp Gampe over 10 years ago

  • Category set to Authentication
  • Status changed from New to Accepted
  • Priority changed from Should have to Must have
  • Target version set to next-patchlevel
  • Complexity set to hard
Actions #4

Updated by Philipp Gampe over 10 years ago

I reproduced this on 6.1.4-dev. Login from Firefox works, but not with Chrome.

Actions #5

Updated by Philipp Gampe over 10 years ago

heisenbug ... as soon as I debugged it, it started to work and now I cannot reproduce it any more ... wtf

Actions #6

Updated by Henrik Ziegenhain over 10 years ago

I can confirm this Issue in Chrome.
If [FE][loginSecurityLevel] is set to RSA login with Chrome on some desktop machines isn´t working.

When setting [FE][loginSecurityLevel] = normal the Login with the same Chrome Installation! is working, so I don´t think it has something to do with any installed Browser-Plugins.

Actions #7

Updated by Armin Vieweg over 10 years ago

Actually my Clear Cache Extension for Google Chrome caused login issues (#38418). But this is fixed now.
It was because the extension created an ajax request in backend, and this RSA-Auth creates a new hash. If you then try to login the hash has changed and the login failes.

But as I've mentioned, this bug is fixed - no ajax requests in backend anymore.

Actions #8

Updated by Henrik Ziegenhain over 10 years ago

Jeb Armin,

removing your Clear Cache Extenstion for Chrome solved the issue with RSA-Felogin.

Actions #9

Updated by Georg Ringer about 9 years ago

  • Status changed from Accepted to Resolved
  • Is Regression set to No

i am setting this to resolved as it seems that all was caused by a 3rd party extension.

feel free to reopen if still valid for you.

Actions #10

Updated by Benni Mack over 5 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF