Project

General

Profile

Actions

Bug #50264

closed

rsaauth + salted passwords > Frontend-Login by Chrome not possible

Added by Andre Hohmann over 10 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Authentication
Target version:
Start date:
2013-07-22
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
6.1
PHP Version:
5.4
Tags:
Complexity:
hard
Is Regression:
Sprint Focus:

Description

Hallo,

related to bug #38660 ist is not possible to log in in the frontend with chrome (version 28). The failed login error message is displayed as if I entered an incorrect password. With Firefox, IE an Opera everything works fine.

If I switch loginSecurityLevel for the frontend to ´normal´, I can also login using chrome.

PS.: Login into backend with chrome and rsa works correctly!


Files

log.txt (20.1 KB) log.txt devlogfile Andre Hohmann, 2013-07-31 07:16
FE_groups.gif (54.6 KB) FE_groups.gif Andre Hohmann, 2013-07-31 12:06
fe_test_info.gif (50.4 KB) fe_test_info.gif Andre Hohmann, 2013-07-31 12:06
error_browsercompatability.png (52.2 KB) error_browsercompatability.png Andre Hohmann, 2013-08-01 07:33

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #38660: Login not possible from Firefox when using salted passwords and RSAClosed2012-07-05

Actions
Is duplicate of TYPO3 Core - Bug #38535: No login possible with Google Chrome under 4.7 with RSA authmodeClosed2012-07-02

Actions
Actions #1

Updated by Andre Hohmann over 10 years ago

Here are the used versions:

rsaauth: 6.1.0
saltedpasswords: 6.1.0
felogin: 6.1.0
sr_feuser_register: 3.0.1

There's another problem, too: Sometimes the login over firefox doesn't work at the first time (I'm sure that I put in the right data); at second time it works. And sometimes the login works at the first time, but the images on the site don't get loaded and when I go to another site (of course in the pagetree) then I got logged out.

Does somebody have any clue? Thanks!

Actions #2

Updated by Philipp Gampe over 10 years ago

  • Status changed from New to Needs Feedback

Can you please have a look at the request via your browsers inspection tools to verify that the data is encrypted at all? Please also check for possible JS errors.

Actions #3

Updated by Andre Hohmann over 10 years ago

Hallo Philipp,

with my browser inspection tools I can't find errors and it seems that the data is encrypted as it should be...
But I'm not an expert in JS, so I would appreciate it if you could take a look by yourself on the site? The url is http://atcev.no-ip.org. The username is "test" and the password is "222222".
Thank you so much!!

Actions #4

Updated by Philipp Gampe over 10 years ago

I can see that the password is encrypted. You would need to debug this issue (e.g. in the auth code you can turn on the dev log and the use one of the devlog extensions to see what is going on during authentication).

BTW I could not login with Firefox either. Are you sure that the password is correct?

Actions #5

Updated by Andre Hohmann over 10 years ago

Thank you Philipp.
In the attachment you can see the log file (I think especially the third one at 07:06 is interesting).
The username "test" and the password "222222" is definitely correct. Sometimes the first login-attempt in firefox fails, too (-> #23613), but normally the second try is successful.

In rarely cases (sometimes after I cleared the cache of chrome) the login in chrome ist successful, but the pictures on the pages (slideshow at the top or pics of news) are not shown and I get logged out directly!

Actions #6

Updated by Philipp Gampe over 10 years ago

  • Target version deleted (next-patchlevel)

Do you have a valid user group in the same storage folder for the user? FE user need a user group AFAIK.

Updated by Andre Hohmann over 10 years ago

Yes I have; you can see that in the screenshots.

Actions #8

Updated by Philipp Gampe over 10 years ago

  • Complexity set to hard

well, someone needs to look into this (debug the issue)

Currently the bug report is too general. We need to find a way to reproduce the issue if we want to fix this.

Actions #9

Updated by Andre Hohmann over 10 years ago

@Philipp Gampe:
Ok.
The site itself inclusive all data currently isn´t in "live-/producture-status", so I`m willing to copy the whole installation into a "test-environment" and give you the username and password for the backend and also for the install-tool. So I think you would be able to look into this by yourself, if you are willing to spend the time.
For that I would ask you to send an formless email to my mail-adress , so that I can tell you the login-data.
Thank you very much!

Actions #10

Updated by Andre Hohmann over 10 years ago

@ Philipp Gampe: The testversion which reproduces the error is now ready for you. If you would be so kind to spend time to look at it I would tell you the password(s) for the backend and the url by mail, so please send an email to so that I get your mail-adress. Thank you!

When I tried to log into the backend without https today (normaly I work with an own-created ssl-certificate when I log in at the backend as admin) I got an exciting Uncaught Typo3-Exception: "#1294587023: Browser Error: Your browser version looks incompatible with this TYPO3 version!" Maybe that can be a userful hint?

Actions #11

Updated by Philipp Gampe over 10 years ago

What is your browser "User-Agent" string?

I might have some time in the afternoon.

Actions #12

Updated by Andre Hohmann over 10 years ago

Netscape/1.0 (CP/M; 8-bit)
I'm working over my own proxy...when I go over another browser without this proxy it works.

Actions #13

Updated by Philipp Gampe over 10 years ago

Looks more like an issue with the proxy then? Maybe some values are encoded or truncated?

Actions #14

Updated by Andre Hohmann over 10 years ago

For the problem itself think not. If the proxy were the reason, the login with other browsers should also be not possible. Of course I tried it with clients without proxy, outside of my network. The problem of #11 maybe caused by my proxy but not the problem with the failed login with chrome.

Actions #15

Updated by Philipp Gampe over 10 years ago

  • Status changed from Needs Feedback to Accepted
  • Target version set to next-patchlevel

I can reproduce the problem locally with 6.1.4-dev.

For the moment, you can disable rsa for frontend (FE|loginSecurityLevel = normal) and enforce HTTPS as a workaround.

Actions #16

Updated by Philipp Gampe over 10 years ago

  • Category changed from felogin to Authentication
Actions #17

Updated by Philipp Gampe over 10 years ago

  • Status changed from Accepted to Resolved

I close this one in favor of #38535 which is a) older, b) does not contain unrelated side problems.

I will try to make some noise for this. For the meantime, please set the login security level to normal in FE (and use HTTPS if possible) and vote for #38535.

Actions #18

Updated by Philipp Gampe over 10 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF