Exception page shown when login with wrong userid

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
2/5/2012 10:10:44 AM
Ngo Hung
Gravatar
Total Posts 6
View Posts

Exception page shown when login with wrong userid

Hi Joe,

I change the login from email address to user id and try to login with a non-existent user id.

The page will show a Null pointer exception at this line:

 public override bool ValidateUser(string userName, string password){

 SiteUser siteUser = GetSiteUser(siteSettings, userName); // line 1313 of mojoMembershipProvider.cs

if ((siteUser.IsLockedOut) && (WebConfigSettings.ReturnFalseInValidateUserIfAccountLocked))
{
return false;
}

.....

}

The fix is simply to return false if site user is null:

  // invalid login
if (siteUser == null)
return false;

2/5/2012 10:59:15 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: Exception page shown when login with wrong userid

Hi Hung,

This is now fixed in the source code repository. Note that this issue does not affect the 2.3.8.1 release, this is from a recent change in the repository.

Also my fix is not the same  as yours because your suggested fix would have broken LDAP authentication where the user may be null but if we have successful LDAP authentication then we create the user. Returning false would have prevented LDAP auth for new users.

My fix is like this:

if ((siteUser != null) && (siteUser.IsLockedOut) && (WebConfigSettings.ReturnFalseInValidateUserIfAccountLocked))
{
return false;
}

Best,

Joe

2/5/2012 11:27:41 AM
Ngo Hung
Gravatar
Total Posts 6
View Posts

Re: Exception page shown when login with wrong userid

Thanks Joe.

Noted about the LDAP part.

 

-Hung

You must sign in to post in the forums. This thread is closed to new posts.