Project

General

Profile

Actions

Bug #91844

closed

Epic #92636: felogin bug collection

felogin Redirect to referer is not working at all with Site config 403 errorHandler

Added by Stefan P almost 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Must have
Assignee:
-
Category:
Link Handling, Site Handling & Routing
Target version:
-
Start date:
2020-07-23
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Yes
Sprint Focus:
On Location Sprint

Description

When having protected pages which should show the login form for non-authenticated users you need to have this erroHandler:

    errorCode: '403'
    errorHandler: Page
    errorContentSource: 't3://page?uid=12345'

This page has a felogin plugin configured to redirect back to the referer. This does not work at all: the login itself works but you just stay on the login page instead of being returned.

On v8 everything worked fine -> regression.

Probably related: #90157


Related issues 6 (0 open6 closed)

Related to TYPO3 Core - Bug #90157: missing possibility to send return_url Parameter with 403 standard errorhandlerClosed2020-01-20

Actions
Related to TYPO3 Core - Bug #92068: felogin (extbase) redirect from GET/POST is not working properlyClosed2020-08-21

Actions
Related to TYPO3 Core - Bug #96813: BeforeRedirectEvent is not useful at all because it accepts no arguments and the return value is ignoredResolved2022-02-10

Actions
Related to TYPO3 Core - Epic #96814: Totally broken felogin redirect mechanismClosed2022-02-10

Actions
Related to TYPO3 Core - Bug #99920: Referer redirect broken after update to 11.5.23ClosedTorben Hansen2023-02-10

Actions
Related to TYPO3 Core - Bug #100715: felogin redirect mode by http referer is not workingResolvedTorben Hansen2023-04-23

Actions
Actions #1

Updated by Stefan P almost 4 years ago

  • Related to Bug #90157: missing possibility to send return_url Parameter with 403 standard errorhandler added
Actions #2

Updated by Stefan P almost 4 years ago

My current workaround is this:

Extend \TYPO3\CMS\Core\Error\PageErrorHandler\PageContentErrorHandler and use it as :

  -
    errorCode: '403'
    errorHandler: PHP
    errorContentSource: 't3://page?uid=123'
    errorPhpClassFQCN: 'Vendor\Package\AccessDeniedPageContentErrorHandler'

Override handlePageError in there and alter the resolved url like this:

$parsedUrlParts = \parse_url($resolvedUrl);
$resolvedUrl .= (isset($parsedUrlParts['query']) ? '&' : '?') . 'referer=' . \urlencode((string)$request->getUri());

Other use cases may need other changes to the url, this one is working for referer mode of felogin.

Actions #3

Updated by Markus Klein almost 4 years ago

  • Status changed from New to Needs Feedback

The PageContentErrorHandler makes an internal request to the specified page, hence there is of course no referrer.

The feature you would like to have is presumably
https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Setup/Config/Index.html#typolinklinkaccessrestrictedpages

Actions #4

Updated by Stefan P almost 4 years ago

Markus Klein wrote:

The PageContentErrorHandler makes an internal request to the specified page, hence there is of course no referrer.

The feature you would like to have is presumably
https://docs.typo3.org/m/typo3/reference-typoscript/10.4/en-us/Setup/Config/Index.html#typolinklinkaccessrestrictedpages

felogin: loginMode=referer does not use HTTP Referer header... It uses an URL parameter named "referer" which the core could append for sure (see my workaround, I exactly do this). The core error handler does not append it. TYPO3 8 did this, however. That's the bug (see description and my current workaround).

felogin is pure core. We upgraded from 8 to 9 and loginMode=referer stopped working (without any config change on our side). What further information is needed here? v9 just broke this feature.

Actions #5

Updated by Stefan P almost 4 years ago

And what does typolinkLinkAccessRestrictedPages has to do with this issue? I already build links to access restricted pages. That's the whole story behind this issue (a user clicks on a access restricted link to get redirected back to it after login - that's promised core functionality).

The bug is that felogin expects a GET parameter that the core does not deliver anymore.

Actions #7

Updated by Markus Klein almost 4 years ago

Okay, I obviously misunderstood your report then.

Can you please describe the setup that is needed to reproduce the issue?
So felogin config, plugin settings, requested page where the redirect to the login is expected, error handler config that does the redirect, and so forth.
Thanks.

felogin: loginMode=referer does not use HTTP Referer header...

citing from the source code of v8 $referer = $this->referer ? $this->referer : GeneralUtility::getIndpEnv('HTTP_REFERER');

Actions #8

Updated by Stefan P almost 4 years ago

The setup is easy:

  • Have a menu pointing to an access restricted page ("access when logged in" or for a specific user group). Totally core.
  • Have a the core 403 error handler configured for this site. Totally core
        errorCode: '403'
        errorHandler: Page
        errorContentSource: 't3://page?uid=12345'
    
  • on this pages.uid=12345 have a felogin plugin, totally core
  • configure this plugin in its flexform as redirectMode=referer, totally core
  • In the FE be logged out and click on the menu pointing to the restricted page, totally core
  • The 12345 with felogin plugin is shown, totally core
  • Login, totally core
  • TYPO3 8 redirected back to the restricted page (now unrestricted), TYPO3 9 stays on the error page (but being logged in)

The referenced issue #90157 is basically exactly the same, but for loginMode=getpost (it sets the return url by a GET parameter redirect_url which the 403 error handler does not send as well):
https://docs.typo3.org/c/typo3/cms-felogin/9.5/en-us/LoginMechanism/RedirectModes/Index.html#defined-by-get-post-vars

Yes, you are right about the referer, it actually can fall back to HTTP referer. Didn't know this, because in our case it was always the referer parameter. Not sure what the core did to decide between query param or HTTP header when doing the 403 action. But anyways, this is just HTTP: just as you can add a GET paremeter for an "internal" request you could also append any HTTP header (including Referer) to the "internal" request, if you prefer this. HTTP is just a text document in the end.

felogin relies on the core to send specific parameters (either GET or, as I just learned, also HTTP header). TYPO3 9 dropped this without warning.

Actions #9

Updated by Markus Klein over 3 years ago

  • Category changed from Authentication to Link Handling, Site Handling & Routing
  • Status changed from Needs Feedback to Accepted
  • Priority changed from Should have to Must have
Actions #10

Updated by Markus Klein over 3 years ago

  • Parent task set to #92636
Actions #11

Updated by Markus Kappe over 2 years ago

This bug still exists in 10.4.21
Any progress?

Actions #12

Updated by Benni Mack over 2 years ago

  • Status changed from Accepted to Needs Feedback

Can you explain how this is related to "fe_login_mode" in your installation? I did not find the details in this issue on how the pages setup is (with fe_login_mode)

Actions #13

Updated by Stefan P over 2 years ago

  • Subject changed from felogin Redirect to referer is not working at all in combination with fe_login_mode and Site config 403 errorHandler to felogin Redirect to referer is not working at all with Site config 403 errorHandler
Actions #14

Updated by Stefan P over 2 years ago

This was probably a "typo". The variable meant is settings.redirectMode from teh flexform, I probably mixed it up in my head with pages.fe_login_mode.

Actions #15

Updated by Wolfgang Wagner over 2 years ago

It seems, that this problem still exists in TYPO3 11.

Actions #16

Updated by Stefan P over 2 years ago

  • Related to Bug #92068: felogin (extbase) redirect from GET/POST is not working properly added
Actions #17

Updated by Stefan P over 2 years ago

  • TYPO3 Version changed from 9 to 10

Changed to v10 because v9 is dead.

Actions #18

Updated by Stefan P over 2 years ago

  • Related to Bug #96813: BeforeRedirectEvent is not useful at all because it accepts no arguments and the return value is ignored added
Actions #19

Updated by Stefan P over 2 years ago

  • Related to Epic #96814: Totally broken felogin redirect mechanism added
Actions #20

Updated by Anonymous about 2 years ago

This bug still exists in 10.4.26

Actions #21

Updated by Felix Nagel almost 2 years ago

Still an issue in TYPO3 11.5.14.

Actions #22

Updated by Oliver Hader over 1 year ago

  • Sprint Focus set to On Location Sprint
Actions #23

Updated by Oliver Hader over 1 year ago

Still an issue in TYPO3 v12.0.0! Why isn't somebody picking this up? I've been waiting very long already...

Actions #24

Updated by Gerrit Code Review over 1 year ago

  • Status changed from Needs Feedback to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77204

Actions #25

Updated by Torben Hansen over 1 year ago

There is a patch available now. Please test carefully and vote to get the bug fixed.

Actions #26

Updated by Torben Hansen over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #27

Updated by Gerrit Code Review over 1 year ago

  • Status changed from Resolved to Under Review

Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77401

Actions #28

Updated by Gerrit Code Review over 1 year ago

Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77401

Actions #29

Updated by Torben Hansen over 1 year ago

  • Status changed from Under Review to Resolved
Actions #30

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed
Actions #31

Updated by Markus Klein over 1 year ago

  • Related to Bug #99920: Referer redirect broken after update to 11.5.23 added
Actions #32

Updated by Marvin Müller about 1 year ago

  • Related to Bug #100715: felogin redirect mode by http referer is not working added
Actions #33

Updated by Wolfgang Wagner about 1 year ago

The problem reappears for me in a 12.4.1 installation. Can anyone confirm this?

Actions #34

Updated by Markus Klein about 1 year ago

Wolfgang Wagner wrote in #note-33:

The problem reappears for me in a 12.4.1 installation. Can anyone confirm this?

Is this probably the same as #100715?

(I assume at least. There were at least 2 patches for the whole referrer stuff and all went into v11 and v12)

Actions

Also available in: Atom PDF