login_text in webui policy is not applied about privacyidea HOT 12 CLOSED

I have the same problem and therefore looked at the source code:

# ./lib/python3.8/site-packages/privacyidea/webui/login.py:161
    login_text = Match.action_only(g, action=ACTION.LOGIN_TEXT, scope=SCOPE.WEBUI) \
        .action_values(unique=True, allow_white_space_in_action=True, write_to_audit_log=False)
    if len(login_text) and list(login_text)[0] and sub_state not in [1, 2]:
        login_text = list(login_text)[0]
    else:
        login_text = ""

login_text is apparently only set if sub_state has neither the value 1 nor the value 2.

sub_state is defined here using subscription_status():

# ./lib/python3.8/site-packages/privacyidea/webui/login.py:143
   sub_state = subscription_status()

And subscription_status() is this:

# ./lib/python3.8/site-packages/privacyidea/lib/subscriptions.py:93
def subscription_status(component="privacyidea", tokentype=None):
    """
    Return the status of the subscription

    0: Token count <= 50
    1: Token count > 50, no subscription at all
    2: subscription expired
    3: subscription OK

    :return: subscription state
    """
...

Conclusion

login_text can only be used if there are less than 50 tokens or if there is an active subscription.

from privacyidea.

Thank you for filing an issue and sharing your observations or ideas. Please be sure to provide as much information as possible to help us to work on this issue.

from privacyidea.

Hi @gerdesj i can not reproduce this. The login text is properly displayed. Did You reload the browser-tab? The text gets pulled in on fresh (re-)load of the page, after that it isn't changed.

from privacyidea.

I've tried multiple browser and their private mode and another two computers that have never seen our PI. I'll (re)double check the policies, given you can't reproduce. There must be something odd on my instance.

Thank you for your time.

from privacyidea.

@gerdesj How does your policy look like in detail? Note, that the login text can not e.g. handle realms, users and resolvers for reasons.

from privacyidea.

@gerdesj How does your policy look like in detail? Note, that the login text can not e.g. handle realms, users and resolvers for reasons.

It is two simple plain text words. I've just tried removing it and adding in something random - no change.

I'm now looking to see where form-signin-heading gets piLoginText from ...

from privacyidea.

I've checked what the action column for the policy looks like in the database and login_text is set correctly and changes when I update the policy in the web UI. I changed the token_page_size and user_page_size in the web UI and that took effect.

from privacyidea.

Hi @gerdesj Do You use a customized index.html? The login text gets injected into the index.html before it is send to the browser.
Can You verify that there is something like

<input type=hidden id="LOGIN_TEXT" value="the login text">

in the index.html sent from the server?

from privacyidea.

I have not customized index.html. The main part of it looks like this on disc - /opt/privacyidea/lib/python3.10/site-packages/privacyidea/static/templates/index.html:

<input type=hidden id=REMOTE_USER value="{{ remote_user }}">
...
<input type=hidden id="LOGIN_TEXT" value="{{ login_text }}">
...
<input type=hidden id=PI_TRANSLATION_WARNING value="{{ translation_warning }}">

and that includes the input you mention. I see the same in dev tools in my browser.

from privacyidea.

and that includes the input you mention. I see the same in dev tools in my browser.

So when viewing the main page in the dev-tools there is a line <input id="LOGIN_TEXT" type=hidden value="Your custom text">?
But the custom text is not displayed?
We use JavaScript to extract the custom text and insert it here:

from privacyidea.

The only messages in the console are:

InstallTrigger is deprecated and will be removed in the future. constants.js:50:14
This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”.

I'm not an expert with dev tools 8) I have found loginControllers.js?v=20240112T233317 in the sources tab in dev tools. That code is on line 76-77 here and not 70-71 as within your comment.

(Edit) Also in the html output I can see in body:

<input type="hidden" id="LOGIN_TEXT" value="" autocomplete="off">

The value is blank.

from privacyidea.

I have the same problem and therefore looked at the source code:

...

Conclusion

login_text can only be used if there are less than 50 tokens or if there is an active subscription.

Well spotted. I have a fix and I think we can safely mark this issue as: "working as intended".

from privacyidea.