[
https://issues.apache.org/jira/browse/GUACAMOLE-1199?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17317985#comment-17317985
]
Philippe MARASSE commented on GUACAMOLE-1199:
---------------------------------------------
+1
On our instance (1.3.0 + github bc76ef) with only TOTP + JDBC (MariaDB), once
the QR-Code is shown, an update of the user is done with all profile data as
null :
{{2021-04-09 15:13:42,960 [http-nio-8180-exec-2] DEBUG
o.a.g.auth.jdbc.user.UserMapper.update - ==> Preparing: UPDATE guacamole_user
SET password_hash = ?, password_salt = ?, password_date = ?, disabled = ?,
expired = ?, access_window_start = ?, access_window_end = ?, valid_from = ?,
valid_until = ?, timezone = ?, *full_name = ?, email_address = ?, organization
= ?, organizational_role = ?* WHERE user_id = ? }}
{{2021-04-09 15:13:42,960 [http-nio-8180-exec-2] DEBUG
o.a.g.auth.jdbc.user.UserMapper.update - ==> Parameters: [B@709fec5b(byte[]),
[B@6ef57260(byte[]), 2021-04-09 14:55:10.0(Timestamp), false(Boolean),
false(Boolean), null, null, null, 2021-12-31(Date), Europe/Paris(String),
*null, null, null, null*, 2(Integer)}}
{{}}
> User Profile Information Lost after user logon
> ----------------------------------------------
>
> Key: GUACAMOLE-1199
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1199
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 1.1.0, 1.2.0
> Environment: Centos 7 (7.8.2003)
> Guacamole 1.2.0
> LDAP
> MariaDB 5.5.65
> TOTP
> Reporter: Felipe Pereira
> Assignee: Nick Couchman
> Priority: Major
> Fix For: 1.4.0
>
> Attachments: Screenshot from 2020-10-28 10-13-21.png
>
>
> Hi.
> I'm having a problem with user profile info (full_name,email,organization)
> vanishing after the user's first login. (with TOTP at least).
> Steps to recreate the issue:
> * Create a user in AD.
> * Log Out and Log in Guacamole to refresh LDAP users. (very, VERY annoying).
> * Insert the new user profile info in guacamole (full_name, email,
> organization) and [save].
> * On an incognito tab, log in with the new user.
> * Register TOTP in Google Authenticator and proceed with the login.
> * The login succeeds (good for the user).
> *
> * POOOF! User Profile info is gone from the database. (very, VERY bad for
> us).
> Don't really know what to do.
>
> Other variations of the preceding steps gave me the same result, like
> creating the user in MySQL first without a password and then creating the
> user on the AD.
> After the TOTP registration/ first login, the user profile info vanishes, but
> other fields like "Enable account after:" is still present.
> Appears to affect only the "PROFILE" portion of the user.
>
> [UPDATE]
> Found where it happens exactly, both in 1.1.0 and 1.2.0.
> PS: My 1.1.0 server is MySQL only.
>
> Profile info vanishes when the user reaches this TOTP page:
> !Screenshot from 2020-10-28 10-13-21.png!
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
