Project

General

Profile

Actions

Bug #90986

closed

Epic #92636: felogin bug collection

Felogin redirects on failed login when redirectMode is unset [patch]

Added by Volker Diels-Grabsch almost 4 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2020-04-09
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Steps to reproduce:

  1. Create a Typo3 setup where no redirectMode is configured (e.g. $conf['redirectMode'] === '').
  2. Open the login form with a redirect_url=/some-page GET parameter.
  3. Enter wrong credentials.

Current result:

  • No error message is shown, and the user is redirected to /some-page even though not logged in.

Expected result:

  • The user is not redirected, but stays on the login page where the error message is shown.

Analysis:

The bug is caused in FrontendLoginController::main(). When redirectMode is empty or not set, the $this->redirectUrl is taken directly from the redirect_url GET/POST parameter, and processRedirect() is not called. Then, there is a final condition that checks whether to actually perform the redirect to $this->redirectUrl or not:

if (($this->logintype === LoginType::LOGIN || $this->logintype === LoginType::LOGOUT) && ...) {

The problem is: This condition is true on a failed login.

This bug does not appear when redirectMode is set, as in that case processRedirect() will take care of failed logins.

The patch fixes this issue by adding the missing additional check for a successful login, i.e. $this->userIsLoggedIn.


Files

fix-felogin-redirect.patch (904 Bytes) fix-felogin-redirect.patch Volker Diels-Grabsch, 2020-04-09 13:44
Actions #1

Updated by Volker Diels-Grabsch almost 4 years ago

  • Description updated (diff)
Actions #2

Updated by Volker Diels-Grabsch almost 4 years ago

  • Description updated (diff)
Actions #3

Updated by Volker Diels-Grabsch almost 4 years ago

  • Description updated (diff)
Actions #4

Updated by Volker Diels-Grabsch almost 4 years ago

  • Subject changed from Felogin redirects on failed login when redirectMode is unset to Felogin redirects on failed login when redirectMode is unset [patch]
Actions #5

Updated by Gerrit Code Review almost 4 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64111

Actions #6

Updated by Gerrit Code Review almost 4 years ago

Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64111

Actions #7

Updated by Gerrit Code Review almost 4 years ago

Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64111

Actions #8

Updated by Gerrit Code Review almost 4 years ago

Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64111

Actions #9

Updated by Riccardo De Contardi almost 4 years ago

  • Category set to felogin
Actions #10

Updated by Joerg Kummer almost 4 years ago

  • TYPO3 Version changed from 9 to 10

The issue is also in version 10

Actions #11

Updated by Gerrit Code Review almost 4 years ago

Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/64111

Actions #12

Updated by Markus Klein over 3 years ago

  • Parent task set to #92636
Actions #13

Updated by Gerrit Code Review over 2 years ago

Patch set 1 for branch 10.4 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/70976

Actions #14

Updated by Volker Diels-Grabsch over 2 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #15

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed
Actions

Also available in: Atom PDF