Bug #50264
closed
rsaauth + salted passwords > Frontend-Login by Chrome not possible
0%
Description
Hallo,
related to bug #38660 ist is not possible to log in in the frontend with chrome (version 28). The failed login error message is displayed as if I entered an incorrect password. With Firefox, IE an Opera everything works fine.
If I switch loginSecurityLevel for the frontend to ´normal´, I can also login using chrome.
PS.: Login into backend with chrome and rsa works correctly!
Files
Updated by Andre Hohmann over 11 years ago
Here are the used versions:
rsaauth: 6.1.0
saltedpasswords: 6.1.0
felogin: 6.1.0
sr_feuser_register: 3.0.1
There's another problem, too: Sometimes the login over firefox doesn't work at the first time (I'm sure that I put in the right data); at second time it works. And sometimes the login works at the first time, but the images on the site don't get loaded and when I go to another site (of course in the pagetree) then I got logged out.
Does somebody have any clue? Thanks!
Updated by Philipp Gampe over 11 years ago
- Status changed from New to Needs Feedback
Can you please have a look at the request via your browsers inspection tools to verify that the data is encrypted at all? Please also check for possible JS errors.
Updated by Andre Hohmann over 11 years ago
Hallo Philipp,
with my browser inspection tools I can't find errors and it seems that the data is encrypted as it should be...
But I'm not an expert in JS, so I would appreciate it if you could take a look by yourself on the site? The url is http://atcev.no-ip.org. The username is "test" and the password is "222222".
Thank you so much!!
Updated by Philipp Gampe over 11 years ago
I can see that the password is encrypted. You would need to debug this issue (e.g. in the auth code you can turn on the dev log and the use one of the devlog extensions to see what is going on during authentication).
BTW I could not login with Firefox either. Are you sure that the password is correct?
Updated by Andre Hohmann over 11 years ago
Thank you Philipp.
In the attachment you can see the log file (I think especially the third one at 07:06 is interesting).
The username "test" and the password "222222" is definitely correct. Sometimes the first login-attempt in firefox fails, too (-> #23613), but normally the second try is successful.
In rarely cases (sometimes after I cleared the cache of chrome) the login in chrome ist successful, but the pictures on the pages (slideshow at the top or pics of news) are not shown and I get logged out directly!
Updated by Philipp Gampe over 11 years ago
- Target version deleted (
next-patchlevel)
Do you have a valid user group in the same storage folder for the user? FE user need a user group AFAIK.
Updated by Andre Hohmann over 11 years ago
- File FE_groups.gif FE_groups.gif added
- File fe_test_info.gif fe_test_info.gif added
Yes I have; you can see that in the screenshots.
Updated by Philipp Gampe over 11 years ago
- Complexity set to hard
well, someone needs to look into this (debug the issue)
Currently the bug report is too general. We need to find a way to reproduce the issue if we want to fix this.
Updated by Andre Hohmann over 11 years ago
@Philipp Gampe:
Ok.
The site itself inclusive all data currently isn´t in "live-/producture-status", so I`m willing to copy the whole installation into a "test-environment" and give you the username and password for the backend and also for the install-tool. So I think you would be able to look into this by yourself, if you are willing to spend the time.
For that I would ask you to send an formless email to my mail-adress info@andre-hohmann.net, so that I can tell you the login-data.
Thank you very much!
Updated by Andre Hohmann over 11 years ago
@ Philipp Gampe: The testversion which reproduces the error is now ready for you. If you would be so kind to spend time to look at it I would tell you the password(s) for the backend and the url by mail, so please send an email to info@andre-hohmann.net so that I get your mail-adress. Thank you!
When I tried to log into the backend without https today (normaly I work with an own-created ssl-certificate when I log in at the backend as admin) I got an exciting Uncaught Typo3-Exception: "#1294587023: Browser Error: Your browser version looks incompatible with this TYPO3 version!" Maybe that can be a userful hint?
Updated by Philipp Gampe over 11 years ago
What is your browser "User-Agent" string?
I might have some time in the afternoon.
Updated by Andre Hohmann over 11 years ago
Netscape/1.0 (CP/M; 8-bit)
I'm working over my own proxy...when I go over another browser without this proxy it works.
Updated by Philipp Gampe over 11 years ago
Looks more like an issue with the proxy then? Maybe some values are encoded or truncated?
Updated by Andre Hohmann over 11 years ago
For the problem itself think not. If the proxy were the reason, the login with other browsers should also be not possible. Of course I tried it with clients without proxy, outside of my network. The problem of #11 maybe caused by my proxy but not the problem with the failed login with chrome.
Updated by Philipp Gampe over 11 years ago
- Status changed from Needs Feedback to Accepted
- Target version set to next-patchlevel
I can reproduce the problem locally with 6.1.4-dev.
For the moment, you can disable rsa for frontend (FE|loginSecurityLevel = normal) and enforce HTTPS as a workaround.
Updated by Philipp Gampe over 11 years ago
- Category changed from felogin to Authentication
Updated by Philipp Gampe over 11 years ago
- Status changed from Accepted to Resolved
Updated by Philipp Gampe over 11 years ago
- Status changed from Resolved to Closed