Bug #102653
open
felogin acts wrong after a redirect error from Middleware RedirectHandler.php
0%
Description
I discovered this during an update from v10 to v12
The Frontend Login always displayed the "wrong password or user-name" message while all this was OK.
I found some Errors in the log File like
[ERROR] request="b39bc2034d2ca" component="TYPO3.CMS.Redirects.Http.Middleware.RedirectHandler": Redirect /login points to itself! Aborting. - {"record": ...
In fact there was such a nonsense redirect pointing from /login to domain.com/login. Editors do strange things. After disabling it all worked fine.
I think this should better lead to some 500 status rather than to a "wrong password" Message. I could open the login page (producing first error log record) but after entering user name and pw (producing second error log record) the redirect error causes obviously a strange behaviour of EXT:felogin. Did not happen with v10.
Updated by Rolf Nakielski 5 months ago
- File deleted (
clipboard-202312111839-awd4h.png)
Updated by
Updated by Torben Hansen 5 months ago
- Category changed from felogin to Authentication
ext:felogin can not do much to handle the described situation. Due to the wrong redirect, the FrontendUserAuthentication Middleware is reprocessed with the same data and while the first processing is successful and creates a valid user session, the second processing "thinks" that a login is in progress LoginType === 'login' and therefore does not set checkPid_value to null. This results in checkPid_value in AbstractUserAuthentication being 0, which leads to the fact, that TYPO3 can not pick up the current frontend user session correctly.
The felogin extension evaluates at this point the result of the login process and since there is no valid user session for the login attempt, the message is shown, that credentials are wrong.
I did not find the main reason, why the second processing of the FrontendUserAuthentication is handled as a login attempt, but this is in generel not a something ext:felogin should take care of. I therefore change the category to "authentication"