Joomla! Issue Tracker | Joomla! CMS #30620 - [3] Incorrect message when not providing credentials to Gmail Auth Plugin

No Code Attached Yet

Closed
18 Aug 2021
Medium
Build: staging
# 30620

PhilETaylor
12 Sep 2020

Steps to reproduce the issue

Code review here

joomla-cms/plugins/authentication/gmail/gmail.php

Line 69 in b6f11d8

if ($credentials['username'] === '' || $credentials['password'] === '')

The code is checking if the username or password is a blank string, and if either are, then it fails authentication with a message, the bug is that the message says they are blacklisted, which is incorrect.

Expected result

A message that says that the provided credentials cannot be blank.

Actual result

The resultant string says JGLOBAL_AUTH_USER_BLACKLISTED, which is not accurate. The user is NOT blacklisted (blacklisting is checked later on line 66 and results in a correct error if blacklisted.)

joomla-cms/plugins/authentication/gmail/gmail.php

Line 73 in b6f11d8

    
           $response->error_message = JText::sprintf('JGLOBAL_AUTH_FAILED', JText::_('JGLOBAL_AUTH_USER_BLACKLISTED'));

System information (as much as possible)

Joomla 3.9.x

PhilETaylor - open - 12 Sep 2020

joomla-cms-bot - change - 12 Sep 2020

Labels

Added: ?

joomla-cms-bot - labeled - 12 Sep 2020

PhilETaylor - change - 18 Aug 2021

Status	New	⇒	Closed
Closed_Date	0000-00-00 00:00:00	⇒	2021-08-18 08:55:23
Closed_By		⇒	PhilETaylor
Labels	Added: No Code Attached Yet Removed: ?

PhilETaylor - close - 18 Aug 2021

PhilETaylor - comment - 18 Aug 2021

Gmail Auth Plugin no longer a feature in Joomla 4

Maybe one dat @joomla/security will also fix the security issue - been over a year now... maybe its time for disclosure.

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#30620] - [3] Incorrect message when not providing credentials to Gmail Auth Plugin

Steps to reproduce the issue

Expected result

Actual result

System information (as much as possible)

Add a Comment