Enketo not supporting the username function

Can you please elaborate on the issue mentioned here with regards to Enketo not supporting the username function? I hope it is okay for me to piggyback my issue here in this post as it may be somewhat relevant. I am experiencing this issue where a username previously logged on in the past is pulled using the username function for a form which I have not granted it access to. Please note my account setting has been set to require authentication to see the form on the humanitarian response server. I have tried various ways to logout of the account to no avail. I hope and imagine this issue is with the username function pulling an old cache (even after I have cleared cookies and caches) and not that it is granting access to random accounts with the link. So I still struggle to see how it could open a form whereby this old username has no permission to view. I feel this poses a security threat especially for systems which are accessed by multiple users through the same browser.

This issue persists even after troubleshooting through these ways:

  1. Using the logout link expressed in this link Enketo Express for KoboToolbox
  2. Clearing all cookies and cache
    3 Tried different browsers - between Google Chrome and Microsoft Edge
  3. Accessing the form through the link, and also by logging in to kobo.humanitarianresponse.info and using FORM->OPEN, and FORM-> COPY
  4. Ctrl + Shift + R to do a hard refresh

This appears to only be an issue in Enketo and seems to work fine on the app. However, for the form I am creating the preference is to use the browser. There is a lot of information to display of which I am using the dynamic link function to pull, so will be unworkable on the app on the tablet. Grateful for any advice on how to address this issue. Thanks!

Welcome to the community, @barcar! Did you mean username referring tot he metadata that is supported in Collect android app but not supported in Enketo?

Hi @Kal_Lam! Thanks for picking up the request. In general I would like to dive down into the issue on why the username function is showing an old username which I can’t seem to log out of, and how enketo is allowing access to a username which does not have access to the form. Any light you can shed on this and any suggested workflows will be appreciated!

@barcar, could you also share a screenshot of the username you are referring to with the community? This should help the community to understand your issue pictorially and help you out.

Thanks @Kal_Lam This issue seems to be inherent within the Kobo infrastructure for Enketo so I think there would be more insights from the core team. Are you able to shed any light on how this is occuring?

Attaching the screenshot below. Often the username displayed is the old username which I can’t log out of, OR “username not found” as is shown in the picture. Iterating again the old username has no permission to view this form. And for sure the form should not open for cases where “user not found” as this poses a security risk.

@barcar, thank you for sharing the screenshot from your XLSForm and also from a data entry form (Enketo).

Now, could you also share with us a screenshot of the following that you had stated previously?

The screenshot should also provide more details about your issue.

Hi @Kal_Lam the screenshot already shared should suffice as the old username will be showing where the above screenshot says “username not found”. Grateful for any insights into how this is happening.

@barcar, you should see the username not found if you collect your data through Enketo and have not set Require authentication to see forms and submitted data under the ACCOUNT SETTINGS.

You should, however, see your account username under the username if you are collecting your data via the Collect android app even if you have not checked Require authentication to see forms and submitted data under the ACCOUNT SETTINGS.

My account IS set to require authentication to see forms. As mentioned usually this is either showing the old username or username not found after a couple of refreshes. In any case I don’t think this explains why it is providing access to the form through an old username I have not provided permission to access the form. And why I can’t seem to log out of it after clearing cache etc.

Unfortunately for this purpose we need to do it via Enketo.

Hi @barcar, can you please send me the following details in a private message so that I can investigate on your account:

  • server (humanitarian/non-humanitarian)
  • username
  • project name
1 Like