#189 Wrong file ID with LDAP

[BatMat]

Dear Alessandro,

I tried the SVN version (0.5beta) with the following setup:

• openupload svn (398)
• Linux Debian 7.3
• LDAP authentification over SSL
• MySQL 5.5.3
• PHP 5.4.4
• Apache 2.2.22

I succeed in setting up this SVN version with ldap auth, no problem to authenticate. (had to struggle a little with the database and ldaps, but it is ok now)

My problem is each time i upload a file, i got "Wrong file id!" error, same error when i try to download the file, even if the file is present on the server.

In file upload.inc.php, i added the line number after the error message, trying to understand the problem.

function elementDetail() {
    global $_GET;

    if (!isset($_GET['id'])) {
      $this->nextStep(1);
    }
    $upload = $this->_loadFile($_GET['id']);
    if ($upload['id']!=$_GET['id']) {
      app()->error(tr('Wrong file id 526!'));
      $this->nextStep(1);
    } else if ($upload['user']!=app()->user->info('login')) {
      /* the user has no right to access this file !!! */
      app()->error(tr('Wrong file id 530!'));
      $this->nextStep(1);
    } else if ($upload['group']!=app()->user->group()) {
      /* it's a group file */
      app()->error(tr('Wrong file id 534!'));
      $this->nextStep(1);
    }
    $this->setupLinks($upload);
    if (app()->user->info('login')=='') {
      unset($upload['removelink']);
    }
    $this->tpl->assign('upload',$upload);
    $result = app()->pluginAction('uploadDisplayElementDetail',$upload,false);
    if (!$result) {
      $this->nextStep(1);
    }

My error is at line 534, but i don't understand the cause...

Could you point me into the right direction to diagnose this problem ?

Note : I saw someone with a similar problem (AD instead of LDAP) on the mailing list https://sourceforge.net/mailarchive/forum.php?thread_name=9C8E8B77B6BAD3418C916FFE11851893059F98B9%40actl11.AD.ACTL.BE&forum_name=openupload-devel

Thanks, Mathieu

[Alessandro Briosi]

Well, it seems a problem retrieving the user groups.
Actually I never tested LDAP in the SVN version ...

I'd be adding some more echo like.

print_r($upload);
print_r($_SESSION['user']);

and see what's the output there (specially for the group field)

Probably it's a bug in the code. Probably should be checking if the group field in the user is an array ...

One thing you could do is simply remove the code for group checking.

/ else if ($upload['group']!=app()->user->group()) {
/ it's a group file */
app()->error(tr('Wrong file id 534!'));
$this->nextStep(1);
} *

This should fix the problem.

[BatMat]

Thanks for your answer.

It appears that depending of the auth config (LOCAL or LDAP), when uploading a file, $upload =

LOCAL

Array ( [id] => 1 [login] => admin [password] => $1$sLCQ3aFR$rCIb4Owhgi3mIHgYnbA351 [name] => Administrator [group_name] => admins [email] => openupload@yourdomain.com [lang] => en [reg_date] => 2014-01-27 10:19:22 [regid] => [active] => 1 [group] => admins [messages] => Array ( [0] => Files where successfully uploaded! ) )

LDAP

Array ( [login] => myusername [name] => My Fullname [group_id] => Array ( [count] => 1 [0] => 513 ) [email] => myemailaddr@mydomain.tld [group] => Array ( [0] => Domain Users [1] => administratif [2] => informatique [3] => Backup Operators [4] => diffusion ) [uid] => myusername [lang] => fr [messages] => Array ( [0] => Files where successfully uploaded! )
[errors] => Array ( [0] => Wrong file id 534! ) ) Array ( [0] => Domain Users [1] => administratif [2] => informatique [3] => Backup Operators [4] => diffusion )

And when monitoring the mysql requests, i see that the group field is empty in the LDAP authentification case:

REQUEST

INSERT INTO `uploads` (`id`,`remove`,`upload_date`,`expire_date`,`description`,`user`,`group`,`ip`,`size`) VALUES ("3205218195","2553735368","2014-01-27 12:53:45","9999-31-12","TestFile.zip","myusername","","192.168.1.69","3845")

Looks like the problem is in the code involved in retrieving the group of the user when authentification uses LDAP.
It does not work because the group value retrieved from the LDAP is an Array and the array is not parsed.

I followed your guidelines to bypass the "Wrong file id!" error so i was able to upload files and invitations.

DIRTY FIX FOR MODULE ACTIVATION
But i was still unable to display the captcha and mail modules ui while uploading, so i made a quick and very dirty fix.
Just to force OpenUpload to use the first group found in the array as default group.

In my LDAP, the first group is the main group of the user, it is "Domain Users", "Domain Admins" or "Domain Guests".

/lib/user.inc.php - Line 45, changed :

  function group() {
    if ($this->info('group')!='')
//      $group = $this->info('group');
        if (isset(app()->config['auth']) && (app()->config['auth']='ldap')) {
                $group = $_SESSION['user']['group']['0'];
        }
...

/lib/modules/default/upload.inc.php - Line 202, added this:

        if (isset(app()->config['auth']) && app()->config['auth']=='ldap') {
          $upload['group']=$_SESSION['user']['group']['0'];
        }

It looks like there is still some work before making this 0.5 beta ready for release candidate in ldap auth mode, maybe i can help, just ask.

Even if i see GREAT features i'd love to have like the "invitations" feature, i will stick with 0.4.2 for production use.

Note: I got several russian speaking people around me, when you will release 0.5, i can ask them to translate it.

[Alessandro Briosi]

Well, 0.5 has been a long time coming, and I haven't worked on it for a long time.
In the mean while many other things have grown (html5, owncloud and similar), and openupload development is stalled.
I have been even thinking on migrating it to some framework, which would simplify things. Right now I don't have much time to dedicate to the development though. Maybe when yii2 will be released, I'll check if it's easy to port the code there.

In the meanwhile I think that the solution I gave above should do the trick.
The initial idea was to give a group to the upload, so it could be shared with others in the group. Probably though it would have been better to have a separate table so the same file can be shared between many groups- But if that's not necessary you can simply skip it.