Bug #92068

Epic #92636: felogin bug collection

felogin (extbase) redirect from GET/POST is not working properly

Added by DANIEL Rémy about 1 year ago. Updated 12 days ago.

Status:
Needs Feedback
Priority:
Must have
Assignee:
-
Category:
felogin
Target version:
-
Start date:
2020-08-21
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
10
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

Take a felogin form (the new one of TYPO3 v10 made with Extbase)
Add it to a /login page with the following flexform settings:

Redirect modes:
- Defined by GET/POST parameter
- After login
Check "Use First Supported Mode from Selection"
Set a page from your page tree in "After Successful Login Redirect to Page"

With those settings, I expect two things:

A. I access directly the /login page, I should see the login form.
Then I log in and I should be redirected to the page set in "After Successful Login Redirect to Page"

B. I access a restricted page /private-page with a non logged-in user.
Now TYPO3 should trigger a 403 error, and my custom PageErrorHandler should redirect me to /login?redirect_url=/private-page
Now I should see the login form.
Then I log in, and should be redirected to /private-page

On TYPO3 v10.4.6, the scenario B is not working.
The ?redirect_url=/private-page GET parameter is not propagated to the <input hidden name="redirect_url">,
so the redirect_url is lost when the form is posted.

This scenario used to work with the pi_base version in v9.


Files

fe_login-debug.jpg (65.4 KB) fe_login-debug.jpg Simone Hamm, 2020-09-11 12:14
#1

Updated by Oliver Hader about 1 year ago

  • Status changed from New to Needs Feedback
#2

Updated by DANIEL Rémy about 1 year ago

This option typolinkLinkAccessRestrictedPages does not influence the way felogin handle the return_url/redirect_url GET parameter.
It just allows typolink to link access restricted page with the add of the return_url/redirect_url GET parameter.

The bug I describe resides in felogin and is a regression introduced with the extbase refactoring of the plugin.

#3

Updated by Simone Hamm about 1 year ago

I have exactly the same configuration with the same problem. In v9 everything works fine.
Attached is a screenshot of the debug output.

#4

Updated by Markus Klein 12 months ago

  • Parent task set to #92636
#5

Updated by Chris W 8 months ago

I can confirm this problem in TYPO3 10.4.12

A q&d workaround: /typo3/sysext/felogin/Classes/Controller/LoginController.php

- 'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->configuration, $this->isRedirectDisabled()),
+ 'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->configuration,TRUE),

#6

Updated by Wolfgang Klinger 8 months ago

The problem is simple to explain:
there's this condition in \TYPO3\CMS\FrontendLogin\Controller\LoginController::initializeAction

if ($this->isLoginOrLogoutInProgress() && !$this->isRedirectDisabled()) {

which fails (no login, just a redirect to the login form) and then LoginController::loginAction calls
'redirectURL' => $this->redirectHandler->getLoginFormRedirectUrl($this->configuration, $this->isRedirectDisabled()),

which only handles the configured after login URL and not the also configured get/post parameter (or any other mode).

#7

Updated by Patrick no-lastname-given 7 months ago

I can also confirm this issue and not working scenario B. I use the extension pagenotfoundhandling with additional get param redirect_url=###CURRENT_URL###. The extbase felogin hidden form element is not filled anymore with TYPO3 10.4 and there is no redirect after login to the login protected page.

#8

Updated by Christian Futterlieb 7 months ago

Just noticed, that /login?return_url=/private-page works as expected, while redirect_url doesn't (as stated above). hth

#9

Updated by Markus Klein 7 months ago

  • Subject changed from felogin redirect from GET/POST is not working properly to felogin (extbase) redirect from GET/POST is not working properly
#10

Updated by Patrick no-lastname-given 3 months ago

This issue still exists with TYPO3 10.4.17. Any news here? thanks

#11

Updated by Patrick no-lastname-given 23 days ago

This issue still exists with TYPO3 10.4.21. Any news here? thanks

#12

Updated by Harald Witt 12 days ago

  • Priority changed from Should have to Must have

There are actually two problems mixed together. I'll try to explain.

1st problem:
The first problem is, that the redirection to the login page does not take place.

2nd Problem:
Felogin should redirect to a referer after login if configured so. But it doesn't do so although return_url is set as a GET-parameter.

Solution for the 2'nd problem:
The example in in the documentation of felogin and also in the DOC of the CONFIG-object is old or at least not valid for the login-fluid-template. Simply have a look at the login template.

<f:if condition="{referer}!=''">
    <f:form.hidden name="referer" value="{referer}" />
</f:if>

The old return_url is now better called as referer. So the following works perfect:
www.your-domain.de/login?referer=WhereYouWantToGotoAfterLogin

Greetings
Harald

Also available in: Atom PDF