[
https://issues.apache.org/jira/browse/GUACAMOLE-1199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17255698#comment-17255698
]
Nick Couchman commented on GUACAMOLE-1199:
------------------------------------------
Yep, this behavior seems reasonably easy to reproduce - I was able to do it
pretty quickly. I'll look into it and see if I can figure out what's going on -
an initial look makes me think that, because `TOTPUser` extends
`DelegatingUser`, and that `DelegatingUser` is unaware of the profile
information associated with the JDBC users, it loses the information in the
process of saving the user account.
I've been wanting to tackle providing some of this profile information from
other modules (LDAP, SSO, etc.), so maybe it's a good opportunity to try to
move that information down a layer.
> User Profile Information Lost after user logon
> ----------------------------------------------
>
> Key: GUACAMOLE-1199
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1199
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 1.1.0, 1.2.0
> Environment: Centos 7 (7.8.2003)
> Guacamole 1.2.0
> LDAP
> MariaDB 5.5.65
> TOTP
> Reporter: Felipe Pereira
> Priority: Major
> Attachments: Screenshot from 2020-10-28 10-13-21.png
>
>
> Hi.
> I'm having a problem with user profile info (full_name,email,organization)
> vanishing after the user's first login. (with TOTP at least).
> Steps to recreate the issue:
> * Create a user in AD.
> * Log Out and Log in Guacamole to refresh LDAP users. (very, VERY annoying).
> * Insert the new user profile info in guacamole (full_name, email,
> organization) and [save].
> * On an incognito tab, log in with the new user.
> * Register TOTP in Google Authenticator and proceed with the login.
> * The login succeeds (good for the user).
> *
> * POOOF! User Profile info is gone from the database. (very, VERY bad for
> us).
> Don't really know what to do.
>
> Other variations of the preceding steps gave me the same result, like
> creating the user in MySQL first without a password and then creating the
> user on the AD.
> After the TOTP registration/ first login, the user profile info vanishes, but
> other fields like "Enable account after:" is still present.
> Appears to affect only the "PROFILE" portion of the user.
>
> [UPDATE]
> Found where it happens exactly, both in 1.1.0 and 1.2.0.
> PS: My 1.1.0 server is MySQL only.
>
> Profile info vanishes when the user reaches this TOTP page:
> !Screenshot from 2020-10-28 10-13-21.png!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
