Project

General

Profile

Actions

Bug #99920

closed

Referer redirect broken after update to 11.5.23

Added by Felix Nagel almost 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
felogin
Target version:
-
Start date:
2023-02-10
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
11
PHP Version:
8.1
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

After updating to TYPO3 11.5.23 the redirect after login with redirectMode configured to "referer" and "login" does no longer work as expected.

When using "redirectFirstMethod" one would expect that the system redirects the user to the page configured in "redirectPageLogin" when no referer is given. This does no longer work. When removing "referer" mode from the list, the user is redirected again.

Downgrading to 11.5.22 fixes the issue.


Files

Unbenannt.PNG (32 KB) Unbenannt.PNG Felix Nagel, 2023-02-10 12:42

Related issues 2 (0 open2 closed)

Related to TYPO3 Core - Bug #91844: felogin Redirect to referer is not working at all with Site config 403 errorHandlerClosed2020-07-23

Actions
Related to TYPO3 Core - Bug #100715: felogin redirect mode by http referer is not workingClosedTorben Hansen2023-04-23

Actions
Actions #1

Updated by Georg Ringer almost 2 years ago

  • Status changed from New to Accepted
  • Is Regression set to No

could you do a git blame to find the faulty commit? that would be amazing!

Actions #2

Updated by Torben Hansen almost 2 years ago

  • Assignee set to Torben Hansen

I was on this a few weeks ago and this was introduced with https://review.typo3.org/c/Packages/TYPO3.CMS/+/77204

Actions #3

Updated by Torben Hansen almost 2 years ago

Well, looking at the issue for this commit, the patch actually should fix the (old) HTTP referer bug, which it obviously not does correctly.

The login mode referer redirect check does the following:

1. It checks, if either the attribute referer is defined in GET or POST
2. If not, it falls back to HTTP_REFERER (this is new - and wrong)

Instead, the fix should have been to actually fallback to request->getServerParams()['HTTP_REFERER'] in loginAction, so we are able to handle the HTTP_REFERER to the template, where it afterwards can be processed by the RedirectModeHandler

I'll take care of a patch for this.

Actions #4

Updated by Markus Klein almost 2 years ago

  • Related to Bug #91844: felogin Redirect to referer is not working at all with Site config 403 errorHandler added
Actions #5

Updated by Felix Nagel almost 2 years ago

Thanks for checking on this Torben!

I did not have the time yet to really test as Georg asked me to, but afaics this commit should be the problematic one: https://github.com/TYPO3-CMS/felogin/commit/eaff29d4b74628bdb6b67c2de670053c5d8cf70b (same as posted by Torben)

Actions #6

Updated by Torben Hansen almost 2 years ago

Just to make clear, what the problem is: The felogin redirect mode "referer" has been fixed with #91844. This means, having configured settings.redirectMode to referer as shown on the screenshot in this ticket will always perform a redirect on referer basis (since now the HTTP_REFERER is also considered and a HTTP request always should have a HTTP_REFERER).

The actually (new) bug here is, that the HTTP_REFERER is evaluated wrong, when the user did enter the password incorrect. This lead to the situation, that the user will be redirected to the page containing the felogin plugin (HTTP_REFERER for failed extbase validation) instead of the original HTTP_REFERER (page the user got redirected to page with felogin)

Actions #7

Updated by Gerrit Code Review almost 2 years ago

  • Status changed from Accepted to Under Review

Patch set 1 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859

Actions #8

Updated by Gerrit Code Review almost 2 years ago

Patch set 2 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859

Actions #9

Updated by Gerrit Code Review almost 2 years ago

Patch set 3 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77859

Actions #10

Updated by Felix Nagel almost 2 years ago

When reading your latest comment, I'm not so sure about the bug you described. This ticket is about the fact that using referer redirect breaks the redirect fallback chain.

Before TYPO3 11.5.23, when no referer was given, the next redirect mode was used. In my example screenshot a PID defined in "redirectPageLogin". This does no longer work. The user stays on the login page (the page with the plugin) after being successful logged in instead of being redirected to the "redirectPageLogin" PID.

This is still an issue in TYPO3 11.5.24. Downgrading to 11.5.22 fixes the issue.

I've tested patch set 2 in TYPO3 11 and it does fix the issue! Both, redirect on login and referer redirect on login does work again. Thanks a lot!

Actions #11

Updated by Gerrit Code Review over 1 year ago

Patch set 1 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969

Actions #12

Updated by Torben Hansen over 1 year ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
Actions #13

Updated by Gerrit Code Review over 1 year ago

  • Status changed from Resolved to Under Review

Patch set 2 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969

Actions #14

Updated by Gerrit Code Review over 1 year ago

Patch set 3 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969

Actions #15

Updated by Gerrit Code Review over 1 year ago

Patch set 4 for branch 11.5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/77969

Actions #16

Updated by Torben Hansen over 1 year ago

  • Status changed from Under Review to Resolved
Actions #17

Updated by Benni Mack over 1 year ago

  • Status changed from Resolved to Closed
Actions #18

Updated by Markus Klein over 1 year ago

  • Related to Bug #100715: felogin redirect mode by http referer is not working added
Actions

Also available in: Atom PDF