Bug #37001

Catch Exception from inactivityTimeout

Added by Carsten Bleicker about 9 years ago. Updated almost 9 years ago.

Status:
Resolved
Priority:
Must have
Category:
Security
Target version:
-
Start date:
2012-05-09
Due date:
% Done:

100%

Estimated time:
PHP Version:
5.3
Has patch:
No
Complexity:

Description

i played around a little bit with the session lifetime.
setting inactivityTimeout: 30
on inactivity for about 30 seconds flow3 throws the exception:
"#1258721059: The security context contained no tokens which could be authenticated"
Should this be catched and force a redirect to the default configured auth provider?


Related issues

Related to TYPO3.Flow - Feature #39423: Custom Error RenderersResolvedBastian Waidelich2012-12-25

Actions
Related to TYPO3.Flow - Feature #29907: Redirect to /login instead of raising a "Entity not found." exception if the userdata of an active session has been deletedResolvedKarsten Dambekalns2011-09-16

Actions
Has duplicate TYPO3.Flow - Feature #37243: Authentication after long time of inactivityClosedKarsten Dambekalns2012-05-17

Actions
Has duplicate TYPO3.Flow - Bug #40563: When session times out, Exception occurs instead of WebRedirectClosed2012-09-03

Actions
#1

Updated by Martin Brüggemann about 9 years ago

  • Assignee changed from Robert Lemke to Andreas Förthner
  • Priority changed from Should have to Must have
  • Target version set to 1.1 RC1

+1

#2

Updated by Karsten Dambekalns about 9 years ago

  • Target version changed from 1.1 RC1 to 1.1
#3

Updated by Karsten Dambekalns about 9 years ago

  • Assignee deleted (Andreas Förthner)
#4

Updated by Karsten Dambekalns about 9 years ago

  • Status changed from New to Needs Feedback
  • Assignee set to Karsten Dambekalns

I just tried this, and at least in the context of Phoenix I get no exception when the session times out. Is this still an issue for you?

#5

Updated by Carsten Bleicker about 9 years ago

Karsten Dambekalns wrote:

I just tried this, and at least in the context of Phoenix I get no exception when the session times out. Is this still an issue for you?

I don't know. I am out of development with FLOW3 atm because of daily business, sorry.

#6

Updated by Karsten Dambekalns about 9 years ago

  • Target version deleted (1.1)
#7

Updated by Martin Brüggemann about 9 years ago

This is still an issue for me with the default session timeout setting. Even in production context FLOW3 throws an exception, after a session has timed out. The only workaround that works is setting the inactivityTimeout to 0:

TYPO3:
  FLOW3:
    session:
      inactivityTimeout: 0

Here's an example exception:

Uncaught exception #1258721059 in line 160 of /MyPath/Data/Temporary/Development/Cache/Code/FLOW3_Object_Classes/TYPO3_FLOW3_Security_Authentication_AuthenticationProviderManager.php: The security context contained no tokens which could be authenticated.

27 TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager_Original::authenticate()
26 TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager::authenticate()
25 call_user_func_array(array, array)
24 TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager::FLOW3_Aop_Proxy_invokeJoinPoint(TYPO3\FLOW3\Aop\JoinPoint)
23 TYPO3\FLOW3\Security\Authentication\AuthenticationProviderManager::authenticate()
22 TYPO3\FLOW3\Security\Authorization\Interceptor\PolicyEnforcement_Original::invoke()
21 TYPO3\FLOW3\Security\Aspect\PolicyEnforcementAspect_Original::enforcePolicy(TYPO3\FLOW3\Aop\JoinPoint)
20 TYPO3\FLOW3\Aop\Advice\AroundAdvice::invoke(TYPO3\FLOW3\Aop\JoinPoint)
19 TYPO3\FLOW3\Aop\Advice\AdviceChain::proceed(TYPO3\FLOW3\Aop\JoinPoint)
18 MyCompany\MyProject\Controller\Project\TicketController::__construct()
17 TYPO3\FLOW3\Object\ObjectManager::instantiateClass((MyCompany\MyProject\Controller\Project\TicketController)MyCompany\MyProject\Controller\Project\TicketController, array)
16 TYPO3\FLOW3\Object\ObjectManager::get((MyCompany\MyProject\Controller\Project\TicketController)MyCompany\MyProject\Controller\Project\TicketController)
15 TYPO3\FLOW3\Mvc\Dispatcher_Original::resolveController(TYPO3\FLOW3\Mvc\ActionRequest)
14 TYPO3\FLOW3\Mvc\Dispatcher_Original::dispatch(TYPO3\FLOW3\Mvc\ActionRequest, TYPO3\FLOW3\Http\Response)
13 TYPO3\FLOW3\Mvc\Dispatcher::dispatch(TYPO3\FLOW3\Mvc\ActionRequest, TYPO3\FLOW3\Http\Response)
12 call_user_func_array(array, array)
11 TYPO3\FLOW3\Mvc\Dispatcher::FLOW3_Aop_Proxy_invokeJoinPoint(TYPO3\FLOW3\Aop\JoinPoint)
10 TYPO3\FLOW3\Aop\Advice\AdviceChain::proceed(TYPO3\FLOW3\Aop\JoinPoint)
9 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::setAccessDeniedResponseHeader(TYPO3\FLOW3\Aop\JoinPoint)
8 TYPO3\FLOW3\Aop\Advice\AroundAdvice::invoke(TYPO3\FLOW3\Aop\JoinPoint)
7 TYPO3\FLOW3\Aop\Advice\AdviceChain::proceed(TYPO3\FLOW3\Aop\JoinPoint)
6 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\FLOW3\Aop\JoinPoint)
5 TYPO3\FLOW3\Aop\Advice\AroundAdvice::invoke(TYPO3\FLOW3\Aop\JoinPoint)
4 TYPO3\FLOW3\Aop\Advice\AdviceChain::proceed(TYPO3\FLOW3\Aop\JoinPoint)
3 TYPO3\FLOW3\Mvc\Dispatcher::dispatch(TYPO3\FLOW3\Mvc\ActionRequest, TYPO3\FLOW3\Http\Response)
2 TYPO3\FLOW3\Http\RequestHandler::handleRequest()
1 TYPO3\FLOW3\Core\Bootstrap::run()

#8

Updated by Bastian Waidelich almost 9 years ago

This is still a blocker.
The problem occurs in \TYPO3\FLOW3\Security\Authorization\Interceptor\PolicyEnforcement::invoke().
Adding a try/catch block here "solves" the issue for me:

public function invoke() {
    try {
        $this->authenticationManager->authenticate();
        $this->accessDecisionManager->decideOnJoinPoint($this->joinPoint);
    } catch (\TYPO3\FLOW3\Security\Exception $exception) {
        header('Location: http://foo/login');
        exit;
    }
}

Maybe #39423 could be a clean solution?

#9

Updated by Bastian Waidelich almost 9 years ago

  • Status changed from Needs Feedback to Under Review
#10

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/14379

#11

Updated by Gerrit Code Review almost 9 years ago

Patch set 1 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/14383

#12

Updated by Robert Lemke almost 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#13

Updated by Gerrit Code Review almost 9 years ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/14383

#14

Updated by Gerrit Code Review almost 9 years ago

Patch set 3 for branch FLOW3-1.1 has been pushed to the review server.
It is available at http://review.typo3.org/14383

#15

Updated by Robert Lemke almost 9 years ago

  • Status changed from Under Review to Resolved

Also available in: Atom PDF