Project

General

Profile

Actions

Bug #84991

closed

Accessing localhost/typo3 while being logged in shows a strange login form

Added by Markus Klein over 6 years ago. Updated about 6 years ago.

Status:
Closed
Priority:
Must have
Assignee:
Category:
Backend User Interface
Target version:
Start date:
2018-05-12
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
medium
Is Regression:
Sprint Focus:

Description

This is due to a wrong condition in the LoginController.

A bit of history:

Before the new BE login API was introduced with v7 the condition in LoginController:checkRedirect was
if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->interfaceSelector)) { // do the redirect stuff

This condition was furthermore later documented in the phpdoc header of the function.
Over time this condition has been adjusted (falsely improved) multiple times, up until recently, where we got back to
if (empty($this->getBackendUserAuthentication()->user['uid']) || (!($this->isLoginInProgress($request) || $this->loginRefresh))) { return; }
as a guard clause.

The only difference between the v6 and v9 code is the $this->interfaceSelector member.
While the condition worked correctly in v6 it does not work in v9.

The reason is hidden within $this->interfaceSelector, which was only set if $this->isLoginInProgress() == true.
So the v6 condition could actually be sort of
if (!empty($GLOBALS['BE_USER']->user['uid']) && ($this->isLoginInProgress() || $this->loginRefresh || !$this->isLoginInProgress())) { // do the redirect stuff
making the second part of the conjunction always true.
Consequently, the condition is therefore only dependent on a BE user being present.

In contrast, the condition in v9 does not reflect this fact anymore as the $this->interfaceSelector part was removed while refactoring the code during v7 development.


Related issues 1 (0 open1 closed)

Related to TYPO3 Core - Bug #83430: Frameset still used for relogin popupClosedBenni Mack2017-12-27

Actions
Actions #1

Updated by Gerrit Code Review over 6 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56949

Actions #2

Updated by Christian Kuhn over 6 years ago

  • Related to Bug #83430: Frameset still used for relogin popup added
Actions #3

Updated by Gerrit Code Review over 6 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56949

Actions #4

Updated by Gerrit Code Review over 6 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56949

Actions #5

Updated by Markus Klein over 6 years ago

  • Description updated (diff)
Actions #6

Updated by Gerrit Code Review over 6 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56949

Actions #7

Updated by Gerrit Code Review over 6 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/56949

Actions #8

Updated by Anja Leichsenring over 6 years ago

Information to reproduce the error:

- log into BE
- click on the Logo in the header of BE
or
- remove everything after domain.tld/typo3 from your address and reload

you will end up with a view that features the username and a Login Button.

Actions #9

Updated by Markus Klein over 6 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #10

Updated by Benni Mack about 6 years ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF