Can you please elaborate on the issue mentioned here with regards to Enketo not supporting the username function? I hope it is okay for me to piggyback my issue here in this post as it may be somewhat relevant. I am experiencing this issue where a username previously logged on in the past is pulled using the username function for a form which I have not granted it access to. Please note my account setting has been set to require authentication to see the form on the humanitarian response server. I have tried various ways to logout of the account to no avail. I hope and imagine this issue is with the username function pulling an old cache (even after I have cleared cookies and caches) and not that it is granting access to random accounts with the link. So I still struggle to see how it could open a form whereby this old username has no permission to view. I feel this poses a security threat especially for systems which are accessed by multiple users through the same browser.
This issue persists even after troubleshooting through these ways:
Clearing all cookies and cache
3 Tried different browsers - between Google Chrome and Microsoft Edge
Accessing the form through the link, and also by logging in to kobo.humanitarianresponse.info and using FORM->OPEN, and FORM-> COPY
Ctrl + Shift + R to do a hard refresh
This appears to only be an issue in Enketo and seems to work fine on the app. However, for the form I am creating the preference is to use the browser. There is a lot of information to display of which I am using the dynamic link function to pull, so will be unworkable on the app on the tablet. Grateful for any advice on how to address this issue. Thanks!
Welcome to the community, @barcar! Did you mean username referring tot he metadata that is supported in Collect android app but not supported in Enketo?
Hi @Kal_Lam! Thanks for picking up the request. In general I would like to dive down into the issue on why the username function is showing an old username which I canāt seem to log out of, and how enketo is allowing access to a username which does not have access to the form. Any light you can shed on this and any suggested workflows will be appreciated!
@barcar, could you also share a screenshot of the username you are referring to with the community? This should help the community to understand your issue pictorially and help you out.
Thanks @Kal_Lam This issue seems to be inherent within the Kobo infrastructure for Enketo so I think there would be more insights from the core team. Are you able to shed any light on how this is occuring?
Attaching the screenshot below. Often the username displayed is the old username which I canāt log out of, OR āusername not foundā as is shown in the picture. Iterating again the old username has no permission to view this form. And for sure the form should not open for cases where āuser not foundā as this poses a security risk.
Hi @Kal_Lam the screenshot already shared should suffice as the old username will be showing where the above screenshot says āusername not foundā. Grateful for any insights into how this is happening.
@barcar, you should see the username not found if you collect your data through Enketo and have not set Require authentication to see forms and submitted data under the ACCOUNT SETTINGS.
You should, however, see your account username under the username if you are collecting your data via the Collect android app even if you have not checked Require authentication to see forms and submitted data under the ACCOUNT SETTINGS.
My account IS set to require authentication to see forms. As mentioned usually this is either showing the old username or username not found after a couple of refreshes. In any case I donāt think this explains why it is providing access to the form through an old username I have not provided permission to access the form. And why I canāt seem to log out of it after clearing cache etc.
Unfortunately for this purpose we need to do it via Enketo.
This problem is still occurring on the Enketo web app, showing āusername not foundā, I have to scroll down, select āSubmit,ā and only then am I asked to authenticate. After authentication, I find the pending submission, but the āUserā column displays āUsername not found,ā and any column that depends on the username using pull data is empty.
Why isnāt authentication required when the user accesses the Enketo web app link? I believe enforcing authentication at the start would resolve this issue.
Also i think this issue is present only when online and offline submissions are chosen as an option