Bug #27735

Felogin redirection does not work after login

Added by Prakash A Bhat almost 9 years ago. Updated over 5 years ago.

Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2011-06-28
Due date:
% Done:

0%

TYPO3 Version:
4.5
PHP Version:
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

When we try to use the redirection after successful login, the redirection did not work.
I found that this was because the redirectUrl was getting set to empty string by the method $this->showLogin();

Infact, this method should not get called when there was a value for $this->logintype.

I have applied a patch that should correct this issue.

Please review.

class.tx_felogin_pi1.php.patch View (413 Bytes) Prakash A Bhat, 2011-06-28 12:45


Related issues

Duplicates TYPO3 Core - Bug #25142: Redirections do not work in TYPO3 4.5 Closed 2011-02-23

History

#1 Updated by Matthias Nagl over 8 years ago

The patch solves the problem but creates a new one: If a user enters a wrong password the wrong-password-messages are not shown anymore.

#2 Updated by Felix Nagel over 8 years ago

Problem and patch confirmed in TYPO3 4.5.5 and 4.5.6. Tested on different installations and servers.

@Matthias
Im not able to reproduce the "wrong password message not shown" issue.

#3 Updated by Jigal van Hemert over 8 years ago

  • Status changed from New to Needs Feedback

Is this still a problem with the current version of 4.5? I couldn't reproduce it.
redirectUrl is only emptied if showLogoutFormAfterLogin is set. This is by design because you can't show a logout form if you redirect a user.

Furthermore, a value in logintype only indicates that an attempt to login or logout is done. If log-in fails the login form with a wrong password message should be shown, so the statement that "this method [showLogin] should not get called when there was a value for $this->logintype" is incorrect.

#4 Updated by Prakash A Bhat over 8 years ago

I could not check this issue recently, so cannot confirm 100%.
However, I do remember solving this kind of issue recently on a recent project that used 4.5.
This time, the location which caused the issue was quite different indeed, and was not same as original!

redirectUrl is only emptied if showLogoutFormAfterLogin is set.

Yes, this seems like the exact issue we were facing.

Even when "showLogoutFormAfterLogin" is set, we might wish to redirect the user to an Access restricted issue.
Then on the access restricted page, we wish to show logout button.

Seems logical?

#5 Updated by Prakash A Bhat over 8 years ago

By the way, I forgot to inform that the patch attached is quite old! Almost 5 months, and the code has changed a lot since then.

Unfortunately, there are some issue related to redirect.

I will try to find out the exact issue from the last patch and update you soon.

Hope it may not take another 5 months ;)

#6 Updated by Jigal van Hemert over 8 years ago

If you do a redirect to an access restricted page and have an instance of felogin on that page it will show the logout button.
Only if you stay on the same page the felogin plugin will show the 'you-have-successfully-logged-in' message without showing the logout button. If you visit the same page again (without sending a login request) it will show the normal logout form. The option "showLogoutFormAfterLogin" will skip the message that you have successfully logged in and go directly to the logout form.
I just tested both scenarios and everything worked as expected. Maybe we need to add some help texts to the form and add some examples to the manual.

#7 Updated by Sebastian Steinmetz over 7 years ago

I can confirm some kind of redirection bug with TYPO3 4.5.19. The following scenario:

  • we have a login-form on each page inserted via TypoScript. When the user is logged in, this form turns into a logout-button.
  • when the user logs in, he should be redirected to a restricted page.
  • the user may browse around and hit the logout button on the page, at a later point in time
  • when the user logs out, he shall be taken to a certain page.

All the pages are to be configured via TypoScript.

Problem:
  • the $this->redirectUrl gets resolved correctly. But then in the calls to $this->showLogout() and $this->showLogin() in lines 126 ff. of class.tx_felogin_pi1.php it gets erased. :(
Resolution:
  • remove the lines that reset $this->redirectUrl = '';
Possible negative side-effects:
  • plenty, I guess. Please have a deep look into this. For our installation it seems to work. I'll report back any problems we discover. This should be subject to thorough unit testing...

It seems that TYPO3 4.7 is affected as well. At least the code that does the redirection handling seems to be similar.
Also the current master seems to be affected. Though the code looks a lot different because of the namespace patches, the critical points remain untouched.

#8 Updated by Jan Loderhose over 7 years ago

Sebastian Steinmetz wrote:

It seems that TYPO3 4.7 is affected as well.

It is. I just spend a good deal of time with that issue.
After switching "showLogoutFormAfterLogin" from 1 to 0 redirection works again. This applies to all redirection modes.

#9 Updated by Jigal van Hemert over 7 years ago

  • Status changed from Needs Feedback to Rejected

Closing this issue because it's caused by incorrect configuration.

The manual explains that showLogoutFormAfterLogin disables redirects. This is correct behaviour because felogin can't be sure that on the redirect page a logout form is present; it keeps the user on the login page and shows the logout form.
If you have a login form plugin on the redirect page it will show the logout button after the redirect; that already works with showLogoutFormAfterLogin=0 .

#10 Updated by Vincent Mans over 7 years ago

Problem still exists in 4.7.7 despite off the showLogoutFormAfterLogin=0 and everything described here.

What I want to achieve is that the menu button "Login" is replaced by "Logout". This is a de facto standard method.
On page Login there is the login form for login. On page Logout the logout button is placed.

So far it works well: after log in, feusers are redirected to another page. But in the navigation menu I have both "Login" and "Logout".

To complete the required behaviour, access rules for the page "Login" is set to "Hide at login".
On page "Logout" the access rule is "Show at any login".

Obviously, I need the redirection to work in this case. Because the page "Inloggen" doesn't exist for a logged in feuser. But now the the redirect fails: no redirect to logout page or normal page.

It even gives a 404 because the feuser stays on page "Login".

After visiting another page, the navigation shows "Logout", finally.

I have tried all the redirect options, except for "referrer".

Is this a bug or my configuration mistake? Anyway, it should be a "click and play" situation, we cannot explain this to new backend Admins. I see many people struggling and complaining in Google while it's a basic function.

#11 Updated by Aimeos no-lastname-given over 5 years ago

I've found out that the problem occurs if the login page should be hidden after a successful login (if set to "Hide at login"). Otherwise, the redirect works.

#12 Updated by Jigal van Hemert over 5 years ago

  • Is Regression set to No

Aimeos no-lastname-given wrote:

I've found out that the problem occurs if the login page should be hidden after a successful login (if set to "Hide at login"). Otherwise, the redirect works.

This is in the manual of felogin
http://docs.typo3.org/typo3cms/extensions/felogin/Examples/Index.html#access-restrictions-on-the-felogin-plugin

The plugin handles the redirects, so it (and the page it's on) must be accessible to the user who is just logged in.

Also available in: Atom PDF