1

Topic: User can't login to iRedAdmin-Pro's Self-Service

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 0.9.3
- Linux/BSD distribution name and version: Ubuntu 14.04.3
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue: Can't  find any log for iRedAdmin-Pro
====

Hello

I enabled SelfService on latest iRedAdmin-Pro MySQL, but no one can login to https://x.x.x.x/iredadmin/ except postmaster@. I enabled Selfservice in Advanced tab in Profile of domain. Can't debug anything no log about user unable to login. I get "Error: Login required" when normal user tries to log in. Same user can login to Roundcube.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: User can't login to iRedAdmin-Pro's Self-Service

Sounds like a bug, I will try to reproduce this issue and come back with a fix. Sorry about this trouble.

3

Re: User can't login to iRedAdmin-Pro's Self-Service

Confirmed, it's a bug of the latest iRedAdmin-Pro release. Please try this patch:

diff -r 1f0b91fa0455 libs/sqllib/domain.py
--- a/libs/sqllib/domain.py    Wed Dec 23 21:36:39 2015 +0800
+++ b/libs/sqllib/domain.py    Wed Dec 23 22:54:10 2015 +0800
@@ -323,15 +323,21 @@
         return (False, str(e))
 
 
-@decorators.require_domain_access
 def get_domain_settings(conn, domain):
-    qr = simple_profile(conn, domain, columns=['settings'])
-    if qr[0]:
-        profile = qr[1]
+    try:
+        qr = conn.select('domain',
+                         vars={'domain': domain},
+                         what='settings',
+                         where='domain=$domain',
+                         limit=1)
+    except Exception, e:
+        return (False, str(e))
+
+    if qr:
+        profile = qr[0]
+        return sqlutils.account_settings_string_to_dict(profile.settings)
     else:
-        return {}
-
-    return sqlutils.account_settings_string_to_dict(profile.settings)
+        return (True, {})
 
 
 @decorators.require_domain_access

4

Re: User can't login to iRedAdmin-Pro's Self-Service

It worked!!! Thank you.

But I think I found another bug or bad feature. I disabled everything in "Disabled self-service preferences", except  "Personal information" and "Change password". When regular user logs-in there is "Preferences" and "Received Mails" tabs.  "Received Mails" tab has combo box with several whitelist blacklist actions, but as I disabled this feature whole tab is not needed anymore. It is useles for just listing incoming mails. Is it possible to disable this tab also with "Manage per-user white/blacklists" tab?

5

Re: User can't login to iRedAdmin-Pro's Self-Service

It works as designed, it always show user the basic info of received emails, so that users can easily whitelist/blacklist senders.

Anyway, below patch makes it an option under 'Disabled self-service preferences':

diff -r 3dde95201f7f templates/default/macros/general.html
--- a/templates/default/macros/general.html    Wed Dec 23 23:05:22 2015 +0800
+++ b/templates/default/macros/general.html    Fri Dec 25 19:56:23 2015 +0800
@@ -1067,6 +1067,7 @@
                            ('forwarding', _('Set mail forwarding')),
                            ('wblist', _('Manage per-user white/blacklists')),
                            ('quarantine', _('Manage quarantined mails')),
+                           ('rcvd_mails', _('View received mails and white/blacklist senders')),
                            ('spampolicy', _('Spam Policy')),
                            ] %}
 {% endif %}

After applied patch, please go to domain profile page, disable 'View basic info of received mails', then the tab will disappear when user login.

Note: this patch will be available in upcoming iRedAdmin-Pro release.

6

Re: User can't login to iRedAdmin-Pro's Self-Service

i just wonder, What is going to happen if you try to log in with user from nonexistent domain . for example a@sega.de ?
wouldn't you get something like internal server error ?

7

Re: User can't login to iRedAdmin-Pro's Self-Service

Not "internal server error", but "Username or password is incorrect".

8

Re: User can't login to iRedAdmin-Pro's Self-Service

ZhangHuangbin wrote:

Not "internal server error", but "Username or password is incorrect".

Hello Zhang

I applied only the first patch you provided and now i can login into Selfservice interface, but indeed
after i try to login with non existent user and domain i receive "internal server error". This is the output
from uwsgi.log :

edadmin/login?msg=SESSION_EXPIRED => generated 5027 bytes in 275 msecs (HTTP/1.1 200) 1 headers in 121 bytes (2 switches on core 0)
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/web/application.py", line 239, in process
    return self.handle()
  File "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle
    return self._delegate(fn, self.fvars, args)
  File "/usr/lib/python2.6/site-packages/web/application.py", line 420, in _delegate
    return handle_class(cls)
  File "/usr/lib/python2.6/site-packages/web/application.py", line 396, in handle_class
    return tocall(*args)
  File "/var/www/iRedAdmin-Pro-SQL-2.2.0/controllers/sql/basic.py", line 85, in POST
    if not 'self-service' in domain_settings.get('enabled_services', []):
AttributeError: 'tuple' object has no attribute 'get'

My Setup is iRedmail 0.9.3 (upgraded from 0.9.2 following the tutorial) SOGo is my default frontend.

9

Re: User can't login to iRedAdmin-Pro's Self-Service

ivuzunov wrote:
ZhangHuangbin wrote:

Not "internal server error", but "Username or password is incorrect".

Hello Zhang

I applied only the first patch you provided and now i can login into Selfservice interface, but indeed
after i try to login with non existent user and domain i receive "internal server error". This is the output
from uwsgi.log :

edadmin/login?msg=SESSION_EXPIRED => generated 5027 bytes in 275 msecs (HTTP/1.1 200) 1 headers in 121 bytes (2 switches on core 0)
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/web/application.py", line 239, in process
    return self.handle()
  File "/usr/lib/python2.6/site-packages/web/application.py", line 230, in handle
    return self._delegate(fn, self.fvars, args)
  File "/usr/lib/python2.6/site-packages/web/application.py", line 420, in _delegate
    return handle_class(cls)
  File "/usr/lib/python2.6/site-packages/web/application.py", line 396, in handle_class
    return tocall(*args)
  File "/var/www/iRedAdmin-Pro-SQL-2.2.0/controllers/sql/basic.py", line 85, in POST
    if not 'self-service' in domain_settings.get('enabled_services', []):
AttributeError: 'tuple' object has no attribute 'get'

My Setup is iRedmail 0.9.3 (upgraded from 0.9.2 following the tutorial) SOGo is my default frontend.

Just tested with fresh 0.9.3 installation and first patch only. Same internal server error when i try with non existent domain . So its not the upgrade procedure problem.

10

Re: User can't login to iRedAdmin-Pro's Self-Service

Confirmed, it's bug in the latest iRedAdmin-Pro-SQL. Here's patch to fix it:

--- a/controllers/sql/basic.py    2015-12-30 20:10:02.000000000 +0800
+++ b/controllers/sql/basic.py    2015-12-30 20:16:29.000000000 +0800
@@ -81,8 +81,12 @@
                 raise web.seeother('/dashboard/checknew')
         else:
             # User login for self-service
-            domain_settings = sql_lib_domain.get_domain_settings(conn=sql_wrap.conn, domain=domain)
-            if not 'self-service' in domain_settings.get('enabled_services', []):
+            qr = sql_lib_domain.get_domain_settings(conn=sql_wrap.conn, domain=domain)
+            if qr[0] is True:
+                domain_settings = qr[1]
+                if not 'self-service' in domain_settings.get('enabled_services', []):
+                    raise web.seeother('/login?msg=INVALID_CREDENTIALS')
+            else:
                 raise web.seeother('/login?msg=INVALID_CREDENTIALS')
 
             user_auth_result = auth.auth(conn=sql_wrap.conn,
--- a/libs/sqllib/domain.py    2015-12-30 20:18:45.000000000 +0800
+++ b/libs/sqllib/domain.py    2015-12-30 20:18:30.000000000 +0800
@@ -335,7 +335,7 @@
 
     if qr:
         profile = qr[0]
-        return sqlutils.account_settings_string_to_dict(profile.settings)
+        return (True, sqlutils.account_settings_string_to_dict(profile.settings))
     else:
         return (True, {})