Bug #66399
closed
Backend OpenID login does not work anymore
Added by Christian Weiske over 9 years ago.
Updated about 7 years ago.
Sprint Focus:
Stabilization Sprint
Description
The OpenID login in the backend in git master does not work anymore. The OpenID wizard works.
This is since
$ git bisect visualize
commit c6f16016a8ac5fcfe6df47015151e141a681e0c3
Author: Wouter Wolters <typo3@wouterwolters.nl>
Date: Tue Mar 31 19:24:49 2015 +0200
[TASK] Make openid return script dispatched
Resolves: #66192
Releases: master
Change-Id: Ie2bb18cdceaf893b181c428bf762e3ac9b232a0b
Reviewed-on: http://review.typo3.org/38382
Reviewed-by: Markus Klein <klein.t3@reelworx.at>
Tested-by: Markus Klein <klein.t3@reelworx.at>
Reviewed-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
Tested-by: Jigal van Hemert <jigal.van.hemert@typo3.org>
The issue is that the module url generated for the returnUrl passed on to the provider has to contain a moduleToken.
This token is currently "dummyToken", since the FormProtectionFactory calls FormProtectionFactory::isBackendSession() which return FALSE.
The reason is that isset($GLOBALS['BE_USER']->user['uid']) is still FALSE at this point in execution.
Moreover we have the issue that mod.php does not even run try to validate the token, as we do not reach that point.
BackendModuleRequestHandler.php only works with an authenticated BE user!
- Status changed from New to Accepted
- Priority changed from Should have to Must have
- Target version set to 7.2 (Frontend)
- Complexity set to hard
- Sprint Focus set to Stabilization Sprint
#66404 needs to be fixed as well!
- Assignee set to Markus Klein
Ok, the real issues:
- the return url from openid sets the login_status=login via GET, which is not allowed in BE. (this was fixed in the old entry point)
- fixing the above the lets the CRSF form protection fail
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at http://review.typo3.org/38863
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
- Status changed from Resolved to Closed
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by