Web Basic authentication not creating template user

[robwdwd]

Describe the bug

Currently on cacti 1.2.21 and this seems to have broken web basic authentication. When a user authenticates with web basic the template user is not used to copy the user because the auth method is being reset and cacti us treating it as a local user. This does not affect users logging in with an existing account.

To Reproduce

This happens every time a new user logs in without an existing account, that must be copied from the template user.

Expected behavior

User is created on first login from template user.

Additional context

I tracked the issue down to this bit of code in auth_login.php. $frv_realm is set here, but I am presuming since web basic auth won't have a form this will use the default 0.

$frv_realm     = get_nfilter_request_var('realm', 0); // The dropdown value for realm

It then hits this bit of code which resets $auth_method to local because $auth_method = 2 and $frv_realm = 0

if (get_nfilter_request_var('action') == 'login' || $auth_method == 2) {
  if ($auth_method >= 2 && $frv_realm <= 1) {
    // User picked 'local' from dropdown;
    $auth_method = 1;
  } else {
    $auth_method = read_config_option('auth_method');
  }

Looking into lib/auth.php and auth_get_username() if I set the realm here to 2 it fixes the issue.

  if ($auth_method == 2) {
    $username = get_basic_auth_username();

    /* Get the Web Basic Auth username and set action so we login right away */
    set_request_var('action', 'login');
    set_request_var('realm', 2);

  } elseif (get_nfilter_request_var('action') == 'login') {
    $username = get_nfilter_request_var('login_username');
  } else {
    $username = '';

[robwdwd]

I think this needs to be changed to in auth_login.php. It needs to check for auth_method is 2 first otherwise when it created the template user it gets created as an LDAP user due to the if ($frv_realm == 2) changing realm to 3.

  // Compensate as the dropdown for LDAP is off by one
  if ($auth_method == 2) {
    $realm = $auth_method;
  } elseif ($frv_realm == 2) {
    $realm = 3;
  } else {
    $realm = $frv_realm;
  }

[TheWitness]

@robwdwd first thanks for reporting. Is it just the first login problem and picking the template user to copy?

Before you make a pull request, pull the latest 1.2.x. There have already been some bugs reported.

[robwdwd]

@TheWitness I can't see any fixes for it but looking at the commits for auth_login.php I think it might have been introduced with the code re-write for #4578.

This seem to only happen when the web basic user has never logged in before. If the user exists or I create the user manually before hand this doesn't seem to cause issues.

[TheWitness]

ea06704

[TheWitness]

I'm thinking that this is wrong. Should be $auth_method > 2

if (get_nfilter_request_var('action') == 'login' || $auth_method == 2) {
  if ($auth_method >= 2 && $frv_realm <= 1) {
    // User picked 'local' from dropdown;
    $auth_method = 1;
  } else {
    $auth_method = read_config_option('auth_method');
  }

[TheWitness]

Try that out and report back.

[robwdwd]

That works! :)