Bug #31905

getInterceptedRequest is NULL but ACL matches correctly DENY

Added by Carsten Bleicker almost 10 years ago. Updated over 9 years ago.

Status:
Resolved
Priority:
Should have
Assignee:
-
Category:
Security
Start date:
2011-11-18
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:

Description

hi folks,
i had defined an policy for one method wich allows only access if a role exists.
if i call this method without any matching token i will be redirected to the defined WebRedirect.
so anything works fine. but the getInterceptedRequest() of the security contenxt is NULL. it only holds
an interceptRequest if the security matches a second time again. I think there is something wrong with the session?

f.e:
getInterceptedRequest() is NULL if:
  1. init very first visit of my site provides a form wich sends to the controller with policy.
  2. submitting this form
  3. i will get redirected to login
  4. getInterceptedRequest() is NULL
getInterceptedRequest() is filled correctly if:
  1. init very first visit of my site provides a form wich sends to the controller with policy.
  2. submitting this form
  3. i will get redirected to login
  4. getInterceptedRequest() is NULL
  5. going back
  6. submitting again
  7. getInterceptedRequest() is filled correctly

any ideas?


Related issues

Related to TYPO3.Flow - Bug #31931: AuthenticationController is not working anymoreResolvedChristian Müller2011-11-18

Actions
Has duplicate TYPO3.Flow - Bug #33311: AuthenticationProviderManager::isAuthenticated does not work in authentication requestResolvedChristian Müller2012-01-19

Actions
#1

Updated by Carsten Bleicker almost 10 years ago

On first Init there is no cookie named FLOW3.

so the Bootstrap->initializeSession() tries to resume the session.
But because of missing $_COOKIE[session_name()] its not resumed.
This results the getInterceptedRequest() with NULL.

public function resume() {
if ($this->started === FALSE && isset($_COOKIE[session_name()])) {
$this->startOrResume();
}
}

appendix:
this wording of methods confusing me a little bit.
resume calls a startOrResume?
if i call a resume i expect to resume and not start something.
why does the bootstrap not call startOrResume and this one decides between start or resume?
or do i expect this wrong?

#2

Updated by Karsten Dambekalns almost 10 years ago

  • Target version changed from 1.0.1 to 1.0.2
#3

Updated by Karsten Dambekalns almost 10 years ago

  • Target version changed from 1.0.2 to 1.0.3
#4

Updated by Gerrit Code Review almost 10 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7635

#5

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7635

#6

Updated by Karsten Dambekalns over 9 years ago

  • Target version changed from 1.0.3 to 1.0.4
#7

Updated by Karsten Dambekalns over 9 years ago

  • Target version changed from 1.0.4 to 1.0.5
#8

Updated by Gerrit Code Review over 9 years ago

Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7635

#9

Updated by Gerrit Code Review over 9 years ago

Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7635

#10

Updated by Johannes K over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF