Bug #38535
closed
No login possible with Google Chrome under 4.7 with RSA authmode
0%
Description
Hi Guys,
while I have tried to figure out a solution for this bug (#38418), I realized that not the extension was the problem, the whole browser is!
I have uninstalled every extension and can't still log in to backend.
This issue just happens under Google Chrome with TYPO3 4.7 and RSA as backend authmode. I haven't tried 4.6 - but under 4.5 (with RSA) it works. And with other browser, i.e. Firefox the login works well, too.
Maybe this issue is related with #37421.
Thanks in advance!
Armin
Updated by Viktor Livakivskyi over 11 years ago
I'm also experiencing this issue with Chrome only.
Both: FE and BE logins do not work.
TYPO3 4.7.4.
Chrome 22.
I don't think, that it is related to #37421, since those are issues about time shift, but here is some misterious mess.
I've spent the whole day, debugging t3lib_userauth and tx_rsaauth_sv1, and found really strange thing: openssl_private_decrypt() fails to decrypt password even with correct data, when called inside of tx_rsaauth_sv1 and login is intiated by Google Chrome.
Here is my debug code inside processLoginData() of class.tx_rsaauth_sv1.php:
...
if ($key != NULL && substr($password, 0, 4) === 'rsa:') {
$localData = substr($password, 4);
debug($localData);
debug($key);
openssl_private_decrypt(base64_decode($localData), $localDcr, $key);
debug($localDcr, 'local decrypt');
}
...
First debug line returns data to decrypt.
Second line returns private key.
And the third line returns the result.
When I cal in FF, IE, Opera - login is successfull and third line gives me a decrupted password.
But when I call in Chrome - login fails and third line is 'debug'.
Moreover, when I copy the data and private key, then paste them into simple openssl.php:
openssl_private_decrypt(base64_decode('*[data from a first debug line]*'), $result, '*[data from second debug line]*');
echo $result;
?>
Correctly decrypted password is echoed! Even, if openssl.php is called from Chrome.
So, I really can't understand, why openssl_private_decrypt doesn't put correct value, when called in TYPO3 scope and from Chrome.
Any clues?
Updated by Marcus Schwemer almost 11 years ago
I can reproduce the issue on TYPO3 V.6.2 alpha1.
Updated by Philipp Gampe over 10 years ago
- Category set to Authentication
- Status changed from New to Accepted
- Priority changed from Should have to Must have
- Target version set to next-patchlevel
- Complexity set to hard
Updated by Philipp Gampe over 10 years ago
I reproduced this on 6.1.4-dev. Login from Firefox works, but not with Chrome.
Updated by Philipp Gampe over 10 years ago
heisenbug ... as soon as I debugged it, it started to work and now I cannot reproduce it any more ... wtf
Updated by Henrik Ziegenhain over 10 years ago
I can confirm this Issue in Chrome.
If [FE][loginSecurityLevel] is set to RSA login with Chrome on some desktop machines isn´t working.
When setting [FE][loginSecurityLevel] = normal the Login with the same Chrome Installation! is working, so I don´t think it has something to do with any installed Browser-Plugins.
Updated by Armin Vieweg over 10 years ago
Actually my Clear Cache Extension for Google Chrome caused login issues (#38418). But this is fixed now.
It was because the extension created an ajax request in backend, and this RSA-Auth creates a new hash. If you then try to login the hash has changed and the login failes.
But as I've mentioned, this bug is fixed - no ajax requests in backend anymore.
Updated by Henrik Ziegenhain over 10 years ago
Jeb Armin,
removing your Clear Cache Extenstion for Chrome solved the issue with RSA-Felogin.
Updated by Georg Ringer about 9 years ago
- Status changed from Accepted to Resolved
- Is Regression set to No
i am setting this to resolved as it seems that all was caused by a 3rd party extension.
feel free to reopen if still valid for you.
Updated by