Download & Extend
CAS » Issues

Blocked users can still login

Posted by greensky on October 3, 2007 at 8:12pm
Project:CAS
Version:master
Component:Code
Category:bug report
Priority:normal
Assigned:metzlerd
Status:closed (fixed)

Issue Summary

When I have CAS setup with the following settings, it allows blocked users to login.

The settings I have enabled under "User account settings" are:
* If CAS is not the user repository, should cas highjack users with the same name?
* Users canot change password

Login or register to post comments

Comments

#1

Posted by treksler on March 11, 2008 at 8:56pm
Version:5.x-2.2» 5.x-3.0
Status:active» needs review

here's a patch that fixes this (and also the access rules denials hopefully)
ported from ldapauth.module

AttachmentSizeStatusTest resultOperations
cas-blocked.diff714 bytesIgnored: Check issue status.NoneNone

#2

Posted by metzlerd on March 12, 2008 at 1:59am
Version:5.x-3.0» master

Applied this to head as well as the 5.x branch. Will consider rolling a new release for this functionality.

#3

Posted by metzlerd on March 12, 2008 at 2:24am
Status:needs review» fixed

Woops forgot to mark as fixed.

#4

Posted by treksler on March 12, 2008 at 9:00pm

just did CVS update
somehow the code is indented a little too much in CVS
here's a trivial patch that lines things up nicely..

It's probably worth a new release, since blocked users should not get in and that was a nasty bug
not sure if you want to include some of the other stuff in there as part of the release as well, .. like the filtering

Risto

AttachmentSizeStatusTest resultOperations
cas-blocked-indent.diff1.27 KBIgnored: Check issue status.NoneNone

#5

Posted by metzlerd on March 13, 2008 at 2:37pm

Yes, that was because I didn't use the patch command to apply it. It's important to know that Head is Drupal6 now, so I manually put this in so that I could get it into HEAD. I still need to find the time to reproduce what you did with the coding standards patch. If it's not too much trouble, it would greatly reduce my work if you provided patches against HEAD as well, so that these features will be available for 6.x as well.

#6

Posted by treksler on March 14, 2008 at 4:22pm
Status:fixed» active

marking as active, because of the issue where user's who can edit their username aren't blocked by this patch

what if we save whatever comes back after the ttransform hook into the user object
and then check for blocked users after we load the user into a temporary $account variable and if the current or the original is blocked then deny access .. might work

ps
no problem :)
i'll roll patches for both DRUAPL-5 and head from now on

#7

Posted by metzlerd on May 29, 2009 at 9:12pm
Status:active» needs review

Here's a patch against HEAD that takes care of this issue. I wrote a copy of _cas_external_user_is_blocked which probably should be in core, but I don't have the patience ;).

AttachmentSizeStatusTest resultOperations
cas-180608.patch2.81 KBIgnored: Check issue status.NoneNone

#8

Posted by metzlerd on May 29, 2009 at 10:48pm
Assigned to:Anonymous» metzlerd
Status:needs review» fixed

Tested this pretty thorougly so committing. Review still welcome.

#9

Posted by System Message on June 12, 2009 at 10:50pm
Status:fixed» closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.