Project

General

Profile

Bug #5150

Incorrect UI Level behaviour when using universal '*' user with other users coming from same IP (allowed network)

Added by Yass T over 4 years ago. Updated almost 4 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
User Interface
Target version:
-
Start date:
2018-07-06
Due date:
% Done:

0%

Estimated time:
Found in version:
4.3-1273~g610c6fa74
Affected Versions:

Description

I came across a bug that took a few hours to figure out, I thought I will share it here in case someone else stumbles upon it. Using version 4.3-1273~g610c6fa74

When using the universal * user, you have to specify a correct IP or IP range (in Allowed networks field) in order for it to work. Let's say you disable Web interface access for this user, or specify 'Basic' Level.

If, in the same time, you have other users/admins with nothing specified in the Allowed network field, and especially if you specify at the global level UI Level = 'Expert', then you will observe a very weird behavior :
- Set global UI Level to Expert
- Login to the web interface with a normal user/admin (important to log in using a username and password)
- You expect to see expert Level everywhere, since it is defined as Global Level (you can even force ui level at user level, the bug will still happen)
- But instead, each time you login, you will have Basic view once logged in, and then won't be able to see some UI sections (tabs) like EPG Modules, Debugging, etc..
- You have the possibility to change the View in each tab through the drop-down, you will see new columns in the tables and the expert settings, but won't be able to see the missing tabs
- If you set Persistence, you WILL lock yourself out of all expert settings, since you won't have the View drop-down anymore

- Deleting the '*' user instantly brings back everything to normal when you log in to the web interface with a normal user/admin

I believe this is because when I created the '*' user, I did set up a unique IP in the Allowed networks like this one : 172.17.0.1/32 and since I am using a Dockerized version of tvheadend, all users have the same IP.

So there must be a problem with tvheadend matching the origin IP of named users and the case of a user that does not have web interface rights, or limited rights to Basic UI Level, like my '*' user.

Workaround is easy but I thought I will post this as a bug anyway, might save a few hours to someone.
Possible workarounds :
- Make sure a limited user can't have same IP than other users when specifying Allowed networks (especially when specifying single IPs with the 32 bits mask)
- Use another port and reverse proxy it to 9981 so your '*' will come from 127.0.0.1, and then communicate that port for the anonymous users instead of 9981
- Play with network settings when using Docker so that each client is correctly identified with his own IP
- ...

I take this opportunity to thank the devs for this nice and versatile piece of software !


Files

cap_tvh_pb.png (48.5 KB) cap_tvh_pb.png Yass T, 2018-07-08 22:36

History

#1

Updated by saen acro over 4 years ago

It is used simple logic
IF > THEN > ELSE

Allow just streaming to "*" user and UI will request autentification
problem is that UI and Streaming are on same port (9981)

#2

Updated by Yass T over 4 years ago

saen acro wrote:

It is used simple logic
IF > THEN > ELSE

Allow just streaming to "*" user and UI will request autentification
problem is that UI and Streaming are on same port (9981)

No, that is not right coming from what I have seen.

I was doing exactly that, and Yes, the UI will request authentication, but whatever user/admin you use to access UI, you WILL see the bug -> Impossible to access Expert Level tabs, whatever you do

#3

Updated by saen acro over 4 years ago

if user you use to login have permissions to have Expert level, then you will have.

#4

Updated by Yass T over 4 years ago

saen acro wrote:

if user you use to login have permissions to have Expert level, then you will have.

No... Sorry but no...

Please follow all the steps I described to reproduce, before you comment again :
- Set Global UI Level to Expert
- You can even set Expert Level for all NAMED users (not for *)
- Set a * user with 'allowed network' set as a specific IP, no UI rights, UI Level left as default (which I believe might be Basic)
- Have ALL YOUR OTHER CLIENTS / USERS connect to TVH server with that same IP (by being in a Docker container with network bridge mode for example)
- Try and login to UI with a named user
- You will enter UI with a Basic View
- You can change then it with the View drop-down, but you still won't have any of the Expert tabs, such as Debugging, or EPG Grabber channels, EPG Grabber Modules

If you still don't understand/ see it, I will provide screenshots...

#5

Updated by saen acro over 4 years ago

cannot reproduce error
my "*" user have permissions to 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
my ip is 172.16.20.140 i have permision to see epg, web player and version

next I can login /not with back-door admin/

#6

Updated by Yass T over 4 years ago

saen acro wrote:

cannot reproduce error
my "*" user have permissions to 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
my ip is 172.16.20.140 i have permision to see epg, web player and version

next I can login /not with back-door admin/

I tried to change my settings back to where I saw the bug to make screenshots for you but I don't have the same behaviour, now it would seem that I just can't get past the login step for a named user (an admin).
I fired a browser in Incognito mode to prevent cache issues, but this is the only screen I get when I enter valid credentials :

Then it just loops on the message 'Reconnected to Tvheadend' non stop. On the other hand when I connect to the web UI, using the same named user, and connecting through another way so that my IP differs, everything is back to normal. If I simply delete the * user, everything gets instantly back to normal, without the need to connect through another route.

Trust me, there was a bug, I just can't seem to reproduce exactly right now and don't have the time to start all over, but I believe there still is a problem. Everything I described in my first post was right, I was able to login with an admin user, but had a Basic view while UI level was set to Expert on the Global setting (and Default on the user setting).

I would understand if you close this ticket, but I hope if someone notices missing tabs, inconsistent UI levels, or weird web ui login screens, they might find an answer here.

Cheers

#7

Updated by Wild Penguin almost 4 years ago

I can confirm this bug happens;

it is possible to have tvheadend in a state where no setting for the UI is applied to the user (neither the global or per-user setting).

I am not sure what triggers it, but for me the UI level hasn't worked for a few years now (except from the drop-down menu, which needs to be set on each and every page if "Basic" is not enough).

I will take a snapshot of my configuration and then try to fix the issue with the information in this bug report. But there Certainly is a bug causing this!

#8

Updated by Wild Penguin almost 4 years ago

Ok,

I deleted user "*" and re-created it and ... now User Interface setting is remembered! For the first time in around 2 years!

I took a snapshot of /home/hts when this bug happened; now if you are interested I can send you any of the files in there to see what causes this actually.

Also available in: Atom PDF