Project

General

Profile

Actions
Copy link

Bug #66399

closed

Backend OpenID login does not work anymore

Added by Christian Weiske over 9 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Markus Klein
Category:
Miscellaneous
Target version:
7.2 (Frontend)
Start date:
2015-04-13
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
7
PHP Version:
Tags:
Complexity:
hard
Is Regression:
Yes
Sprint Focus:
Stabilization Sprint

Description

The OpenID login in the backend in git master does not work anymore. The OpenID wizard works.

This is since

$ git bisect visualize
commit c6f16016a8ac5fcfe6df47015151e141a681e0c3
Author: Wouter Wolters <typo3@wouterwolters.nl>
Date:   Tue Mar 31 19:24:49 2015 +0200

    [TASK] Make openid return script dispatched

    Resolves: #66192
    Releases: master
    Change-Id: Ie2bb18cdceaf893b181c428bf762e3ac9b232a0b
    Reviewed-on: http://review.typo3.org/38382
    Reviewed-by: Markus Klein <klein.t3@reelworx.at>
    Tested-by: Markus Klein <klein.t3@reelworx.at>
    Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
    Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>

Related issues 3 (0 open3 closed)

Related to TYPO3 Core - Task #66192: Make openid return script dispatchedClosed2015-03-31

Actions
Related to TYPO3 Core - Bug #66404: Switching between OpenID and normal login doesn't clear inputsClosed2015-04-13

Actions
Blocks TYPO3 Core - Feature #50545: Store OpenID URL in cookieRejectedChristian Weiske2013-07-30

Actions
Actions
Copy link
 #1

Updated by Markus Klein over 9 years ago

The issue is that the module url generated for the returnUrl passed on to the provider has to contain a moduleToken.
This token is currently "dummyToken", since the FormProtectionFactory calls FormProtectionFactory::isBackendSession() which return FALSE.
The reason is that isset($GLOBALS['BE_USER']->user['uid']) is still FALSE at this point in execution.

Actions
Copy link
 #2

Updated by Markus Klein over 9 years ago

Moreover we have the issue that mod.php does not even run try to validate the token, as we do not reach that point.
BackendModuleRequestHandler.php only works with an authenticated BE user!

Actions
Copy link
 #3

Updated by Markus Klein over 9 years ago

  • Status changed from New to Accepted
  • Priority changed from Should have to Must have
  • Target version set to 7.2 (Frontend)
  • Complexity set to hard
  • Sprint Focus set to Stabilization Sprint
Actions
Copy link
 #4

Updated by Markus Klein over 9 years ago

#66404 needs to be fixed as well!

Actions
Copy link
 #5

Updated by Markus Klein over 9 years ago

  • Assignee set to Markus Klein
Actions
Copy link
 #6

Updated by Markus Klein over 9 years ago

Ok, the real issues:

  • the return url from openid sets the login_status=login via GET, which is not allowed in BE. (this was fixed in the old entry point)
  • fixing the above the lets the CRSF form protection fail
Actions
Copy link
 #7

Updated by Gerrit Code Review over 9 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863

Actions
Copy link
 #8

Updated by Gerrit Code Review over 9 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863

Actions
Copy link
 #9

Updated by Gerrit Code Review over 9 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863

Actions
Copy link
 #10

Updated by Markus Klein over 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions
Copy link
 #11

Updated by Riccardo De Contardi about 7 years ago

  • Status changed from Resolved to Closed
Actions
Copy link

Also available in: Atom PDF