[horde] Random user not authorized messages from Registry.php

James MacLean macleajb at ednet.ns.ca
Thu Jul 11 10:48:08 UTC 2013 

On 07/10/2013 08:15 PM, Luis Felipe Marzagao wrote:
> Em 10-07-2013 18:43, Andy Dorman escreveu:
>> On 07/10/2013 04:38 PM, l.kiraly at madalbal.hu wrote:
>>> Hi Luis,
>>>
>>>
>>> The user has to relog after this message?
>>>
>>>
>>> Idézet (Luis Felipe Marzagao <lfbm.andamentos at gmail.com>):
>>>
>>>> Hello:
>>>>
>>>> Horde 5.1.1.
>>>>
>>>> I´m getting random 'user not authorized' msgs in my logs, like these:
>>>>
>>>> Jul 10 14:34:16 mserver HORDE: User is not authorized for horde [pid
>>>> 1612 on line 267 of "/usr/share/php/Horde/Registry.php"]
>>>> Jul 10 14:34:18 mserver HORDE: User is not authorized for horde [pid
>>>> 1311 on line 267 of "/usr/share/php/Horde/Registry.php"]
>>>> Jul 10 15:42:01 mserver HORDE: User is not authorized for horde [pid
>>>> 2263 on line 270 of "/usr/share/php/Horde/Registry.php"]
>>>> Jul 10 16:42:04 mserver HORDE: User is not authorized for horde [pid
>>>> 2268 on line 270 of "/usr/share/php/Horde/Registry.php"]
>>>>
>>>> Apparently, they are harmless, since everybody is using horde and all
>>>> the modules just fine. But I´d like to further investigate this.
>>>>
>>>> I´ve inserted Horde::debug($GLOBALS['registry']->getAuth()); in
>>>> /usr/share/php/Horde/Registry.php to see what users were causing the
>>>> problem, but it returned a false boolean, like this:
>>>>
>>>> 2013-07-10T18:42:01+00:00 DEBUG: Variable information:
>>>> bool(false)
>>>>
>>>> Backtrace:
>>>> 1. Horde_Registry::appInit() /var/www/horde/rampage.php:54
>>>> 2. Horde::debug() /usr/share/php/Horde/Registry.php:268
>>>>
>>>>
>>>> How can I further debug this? Any directions?
>>>>
>>>> Thanks.
>>>> Luis Felipe
>>>> -- 
>>>> Horde mailing list
>>>> Frequently Asked Questions: http://horde.org/faq/
>>>> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>>
>> In our case the user does NOT have to relog after this message...in 
>> fact we have not yet seen any impact on the user.
>>
>
> Yes, for us to. Any user has to relog into horde. Things still works 
> after the error msg.
>
In our environment, this started when we were testing in the spring. 
When they happen we can not get back in to Horde. Refreshing the browser 
just repeats the error. We use the latest 5 release with IMP authentication.

We have so far found the following 2 situations:

In one instance, users get redirected around and around usually to an 
emtpy page or a browser recursive error. After this user could not log 
in until the remove their Horde specific cookie. Fix for this that 
appears to work for us is to remove the cookie at the point when these 
errors are thrown :

--- Registry.php        2013-07-08 17:54:00.089791302 -0300
+++ /usr/share/pear/Horde/Registry.php  2013-07-08 20:43:23.920790751 -0300
@@ -264,6 +264,8 @@

              switch ($e->getCode()) {
              case self::AUTH_FAILURE:
+               setcookie ($GLOBALS['conf']['session']['name'], 
"remove", time() - 3600, '/', '.<ourdomain>');
                  $failure = new 
Horde_Exception_AuthenticationFailure($e->getMessage());
                  $failure->application = $app;
                  throw $failure;
@@ -280,6 +282,8 @@
                  // Fall-through

              case self::PERMISSION_DENIED:
+               setcookie ($GLOBALS['conf']['session']['name'], 
"remove", time() - 3600, '/', '.<ourdomain>');
                  $failure = new 
Horde_Exception_AuthenticationFailure($e->getMessage(), 
Horde_Auth::REASON_MESSAGE);
                  $failure->application = $app;
                  throw $failure;

No, not the best fix, but seems to be working when tested at the point 
the error occurs.

The second gives the user a JSON response in their browser and again, no 
way to get back in easily. For that we changed one of the ajax returns:

--- ajax.php    2013-07-09 12:29:48.336546450 -0300
+++ /var/www/horde/services/ajax.php    2013-07-09 12:29:21.423811212 -0300
@@ -72,7 +72,9 @@
      $response = new Horde_Core_Ajax_Response_HordeCore_NoAuth($app, 
$e->getCode());
      $response->sendAndExit();
  } catch (Exception $e) {
-    $notification->push($e->getMessage(), 'horde.error');
-    $response = new Horde_Core_Ajax_Response_HordeCore();
+//    $notification->push($e->getMessage(), 'horde.error');
+//    $response = new Horde_Core_Ajax_Response_HordeCore();
+    $response = new Horde_Core_Ajax_Response_HordeCore_NoAuth($app, 
$e->getCode());
      $response->sendAndExit();
  }

Again, these would not be the right fix, but have been proven to allow 
us to continue on once the errors are found. We have just started 
digging in to these over the last 2 days so this is just a work around 
at this point ;).

JES

More information about the horde mailing list