Project

General

Profile

Actions

Bug #102653

open

felogin acts wrong after a redirect error from Middleware RedirectHandler.php

Added by Rolf Nakielski 6 months ago. Updated 6 months ago.

Status:
New
Priority:
Should have
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
2023-12-11
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
12
PHP Version:
8.2
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

I discovered this during an update from v10 to v12

The Frontend Login always displayed the "wrong password or user-name" message while all this was OK.

I found some Errors in the log File like

[ERROR] request="b39bc2034d2ca" component="TYPO3.CMS.Redirects.Http.Middleware.RedirectHandler": Redirect /login points to itself! Aborting. - {"record": ... 

In fact there was such a nonsense redirect pointing from /login to domain.com/login. Editors do strange things. After disabling it all worked fine.

I think this should better lead to some 500 status rather than to a "wrong password" Message. I could open the login page (producing first error log record) but after entering user name and pw (producing second error log record) the redirect error causes obviously a strange behaviour of EXT:felogin. Did not happen with v10.

Actions #1

Updated by Rolf Nakielski 6 months ago

  • File deleted (clipboard-202312111839-awd4h.png)
Actions #2

Updated by Chris Müller 6 months ago

  • Category set to felogin
Actions #3

Updated by Torben Hansen 6 months ago

  • Category changed from felogin to Authentication

ext:felogin can not do much to handle the described situation. Due to the wrong redirect, the FrontendUserAuthentication Middleware is reprocessed with the same data and while the first processing is successful and creates a valid user session, the second processing "thinks" that a login is in progress LoginType === 'login' and therefore does not set checkPid_value to null. This results in checkPid_value in AbstractUserAuthentication being 0, which leads to the fact, that TYPO3 can not pick up the current frontend user session correctly.

The felogin extension evaluates at this point the result of the login process and since there is no valid user session for the login attempt, the message is shown, that credentials are wrong.

I did not find the main reason, why the second processing of the FrontendUserAuthentication is handled as a login attempt, but this is in generel not a something ext:felogin should take care of. I therefore change the category to "authentication"

Actions #4

Updated by Torben Hansen 6 months ago

  • Tags deleted (fe_login)
Actions

Also available in: Atom PDF