Octoprint: [1.4.0rc1] Local autologin not working

Created on 28 Nov 2019  路  5Comments  路  Source: OctoPrint/OctoPrint

Problem

As reported by @schnello in https://github.com/foosel/OctoPrint/issues/3347#issuecomment-559239539:

Looks like the autologin function is not always working.
accessControl: autologinAs: admin autologinLocal: true localNetworks: - 127.0.0.1/8 - 192.168.1.0/24

image

Pre 1.4 i need never any login informations with the settings above. Now with 1.4 i have to enter the login information once per day.

Solution

Needs further analysis first.

bug done
Source
picture foosel
👍2

All 5 comments

Not sure if I observe the same item with this:

  • logon (as user octoadm)
  • Then close browser (alt-F4)
  • Then open browser again and open the octoprint webpage

result: I have to logon by manually entering user and password.

I thought it's a security feature :). But looks similar to what is described here.

The log states it actually is logging on a user passively. Username "None".

<>

2019-11-28 21:35:20,132 - octoprint.server.util.sockjs - INFO - New connection from client: ::ffff:192.168.33.129
2019-11-28 21:35:20,393 - octoprint.server.util.flask - INFO - Passively logging in user None from ::ffff:192.168.33.129

<>

2019-11-28 21:35:29,765 - octoprint.server.api - INFO - Actively logging in user octoadm from ::ffff:192.168.33.129
2019-11-28 21:35:31,567 - octoprint.server.util.sockjs - INFO - User octoadm logged in on the socket from client ::ffff:192.168.33.129

code for the message at "21:35:20,393" seems to be in ./oprint/lib/python2.7/site-packages/octoprint/server/util/flask.py, lines 593-595. (only matching location for that message above I found).

        if user is not None and user.is_active:
                # login known user
                logger.info("Passively logging in user {} from {}".format(user.get_id(), remote_address))
                user = login(user)

Interestingly code checks IF user is NOT "None" and then logs the user as "None" in octoprint.log. Are "if user" and "user.get_id()" intentionally two different things?
(I don;t know python, thats how understand that line. Maybe it should read ..if user.get_id() is not None... ?).

It's not even reaching the autologin parts for me in the following lines that @schnello reported, so maybe a different case.

Just an observation reading this thread. Not a problem for me.
Observed with chrome and firefox.

Edit: tested - testing against user.get_id does not show "passively logging in None" in log.
Logon still needed (and might be intentional).

loskexos picture loskexos on 28 Nov 2019

@loskexos that's a good hint actually... there might be a logic issue here in that code block due to anonymous users no longer being None but having no id. Hence the passive login will trigger even for them and the autologin won't even initiate.

I'll have to take a close look at things here, I'm fairly certain there was a reason why I don't check if the user is anonymous here, but I'm not 100% sure.

foosel picture foosel on 29 Nov 2019

Should be fixed by the above commit.

foosel picture foosel on 29 Nov 2019
1

tested and i can confirm. Autologin is now working again.

schnello picture schnello on 29 Nov 2019
🎉1

1.4.0rc2 is out.

foosel picture foosel on 2 Dec 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

noahwilliamsson picture noahwilliamsson  路  5Comments
gege2b picture gege2b  路  3Comments
halkeye picture halkeye  路  4Comments
Lino77 picture Lino77  路  4Comments
HarlemSquirrel picture HarlemSquirrel  路  6Comments