Ticket #2210 (new defect)

Opened 2 years ago

Last modified 7 months ago

After redirecting to the login screen, trac always loads the default page.

Reported by: jspencer@vpac.org Assigned to: coderanger
Priority: normal Component: PermRedirectPlugin
Severity: normal Keywords: patch
Cc: sascha_silbe Trac Release: 0.10

Description

If you follow a link (from an email for example) the login page comes up as expected, but after logging in the specific link is forgotten and you are taken to the default page (main wiki page).

I'm not sure if this is specifically a PermRedirectPlugin problem or a Trac problem in general, but it does affect RSS feeds quite a bit.

Attachments

permredirect.diff (2.5 kB) - added by garth@deadlybloodyserious.com on 03/28/08 18:46:20.
Proposed fix
PermRedirect-urlfix.diff (0.9 kB) - added by nathan@acceleration.net on 10/06/08 22:31:06.
Patch to the 0.11 branch to use the referer querystring parameter
PermRedirect-urlfix.2.diff (1.1 kB) - added by UnwashedMeme on 12/02/08 23:42:18.
Patch to the 0.11 branch to use the referer querystring parameter (now slightly improved to also capture the querystring of the original request instead of just the request path).

Change History

12/01/07 03:53:01 changed by coderanger

This is due to how the HTTP referer header works with redirects. Unfortunately there isn't much I can do.

03/28/08 18:46:20 changed by garth@deadlybloodyserious.com

  • attachment permredirect.diff added.

Proposed fix

03/28/08 18:50:08 changed by garth@deadlybloodyserious.com

I've attached a patch for a fix. When you request a page and fail authentication, it sets a cookie to the URL you asked for. A wrapper around LoginModule._redirect_back adjusts the Referer header if it finds that cookie. _redirect_back then redirects back to the original page if authentication succeeds.

06/26/08 11:59:12 changed by anonymous

I couldn't get your patch file to apply to v0.11 of PermRedirectPlugin - I think the line numbering might be out?

(follow-up: ↓ 5 ) 06/26/08 12:10:07 changed by anonymous

Hmm... no, I think your patch must be for an earlier version.

(in reply to: ↑ 4 ) 06/26/08 12:16:10 changed by anonymous

Replying to anonymous:

Hmm... no, I think your patch must be for an earlier version.

It's a patch for 0.10 - you'll have to write your own patch for 0.11

09/22/08 23:52:24 changed by rblank

This could now be fixed by using the referer= argument to /login, added to Trac 0.11-stable in [T7493].

09/29/08 18:41:00 changed by bzhu@sitesell.com

Hi, Sir,

If you can provide a patch for 0.11 independently? We don't want to update the Trac, only want the the redirect problem fix. I searched but can't find the patch down. THanks in advance.

Bill

10/06/08 22:31:06 changed by nathan@acceleration.net

  • attachment PermRedirect-urlfix.diff added.

Patch to the 0.11 branch to use the referer querystring parameter

10/06/08 22:39:13 changed by nathan@acceleration.net

The patch I added above implements what rblank referred to in comment:6

10/06/08 22:54:55 changed by Bill

After implement the PermRedirect?-urlfix.diff , I got this. I am not developer, could you check what it is please?

Oops...

Trac detected an internal error: invalid syntax (filter.py, line 27)

Traceback (most recent call last):

File "/usr/lib/python2.4/site-packages/trac/admin/templates/deploy_trac.cgi", line 27, in ?

cgi_frontend.run()

File "/usr/lib/python2.4/site-packages/trac/web/cgi_frontend.py", line 71, in run

gateway.run(dispatch_request)

File "/usr/lib/python2.4/site-packages/trac/web/wsgi.py", line 87, in run

response = application(self.environ, self._start_response)

File "/usr/lib/python2.4/site-packages/trac/web/main.py", line 381, in dispatch_request

env = open_environment(env_path, use_cache=not run_once)

File "/usr/lib/python2.4/site-packages/trac/env.py", line 571, in open_environment

env = Environment(env_path)

File "/usr/lib/python2.4/site-packages/trac/env.py", line 185, in init

load_components(self, plugins_dir and (plugins_dir,))

File "/usr/lib/python2.4/site-packages/trac/loader.py", line 108, in load_components

loadfunc(env, search_path, auto_enable=plugins_dir)

File "/usr/lib/python2.4/site-packages/trac/loader.py", line 65, in _load_eggs

entry.load(require=True)

File "/usr/lib/python2.4/site-packages/pkg_resources.py", line 1912, in load

entry = import(self.module_name, globals(),globals(), __name__?)

File "/usr/lib/python2.4/site-packages/permredirect/filter.py", line 27

login_url = req.href.login(referer=req.base_url + req.path_info)

SyntaxError?: invalid syntax

10/06/08 23:00:45 changed by anonymous

I am using AccountManager, so can't load trac.web.auth LoginModule? in your first patch. If this will have problem for your new patch?

Bill

10/07/08 00:08:52 changed by anonymous

Replying to Bill :

After implement the PermRedirect?-urlfix.diff , I got this. I am not developer, could you check what it is please? 

   File "/usr/lib/python2.4/site-packages/permredirect/filter.py", line 27
      login_url = req.href.login(referer=req.base_url + req.path_info)
      ^
  SyntaxError: invalid syntax

Not too sure here; the best I can suggest is to check the syntax in the resulting file, maybe the patch applied incorrectly? I inserted that line 27 ('login_url...') in the patch, make sure it is indented the same as the line above('exctype...') and below it('if...').

Replying to anonymous:

I am using AccountManager, so can't load trac.web.auth LoginModule? in your first patch. If this will have problem for your new patch? Bill

The two patches proposed here are entirely independent. If you have already applied attachment:permredirect.diff you should get a clean version(I have this one) of PermRedirectPlugin before applying attachment:PermRedirect-urlfix.diff. I don't reference LoginModule? anywhere in this code; other dependencies/incompatibilities I don't know anything about.

10/07/08 19:55:01 changed by Bill

I have rechecked the /usr/lib/python2.4/site-packages/permredirect/filter.py and sure it is same with your PermRedirect?-urlfix.diff.

Before when I search for this problem, I did see one patch for AccountManager plugin. But that patch was old and didn't work ( I tested by myself).

PermRedirect? plugin should fix this problem, that is why I installed it, but still have some problem. If anyone in your group and help to figure this out? Thanks anyway.

Bill

11/25/08 16:30:10 changed by mjpieters

I can confirm that the PermRedirect?-urlfix.diff patch works like a charm for 0.11. What is needed to have this applied to the repository? Can I assist in any way?

12/02/08 23:42:18 changed by UnwashedMeme

  • attachment PermRedirect-urlfix.2.diff added.

Patch to the 0.11 branch to use the referer querystring parameter (now slightly improved to also capture the querystring of the original request instead of just the request path).

(follow-up: ↓ 16 ) 01/29/09 05:19:24 changed by jouvin@lal.in2p3.fr

Is there any change for this patch to be included in Trac trunk ? If not, why ?

I am using Trac trunk (0.12dev) and have a similar problem : the redirect is not necessarily to the start page but if you were in an "edit" page (wiki edit, ticket modification) and when submitting your changes a perm redirect occurs, the modification is lost and you have to reapply it.

If you think this is not the same problem, I'll open a new ticket.

Cheers,

Michel

01/29/09 05:22:24 changed by coderanger

The situation you describe doesn't make any sense though, since there is no permission check that could fail at that time that wouldn't fail when opening the edit screen (unless you manually delete the auth cookie I suppose).

(in reply to: ↑ 14 ) 01/29/09 13:02:49 changed by UnwashedMeme

Replying to jouvin@lal.in2p3.fr:

Is there any change for this patch to be included in Trac trunk ? If not, why ?

I made the patch against browser:permredirectplugin/0.11#4929 running against trac version 0.11stable-r7510 (from about). I was just able to update my permredirectplugin checkout to browser:permredirectplugin/0.11#5162 (doesn't appear to be any changes). We've been using this for the past couple of months and are very happy with it. coderanger: is there anything blocking acceptance of this patch?

I am using Trac trunk (0.12dev) and have a similar problem : the redirect is not necessarily to the start page but if you were in an "edit" page (wiki edit, ticket modification) and when submitting your changes a perm redirect occurs, the modification is lost and you have to reapply it. If you think this is not the same problem, I'll open a new ticket.

The fact that your permission has expired is definitely a different problem. I'm somewhat in agreement with coderanger it doesn't make much sense; the only thing I could think of would be if your permission token expired due to time. Hitting refresh before editing might help? I've let tickets sit for a while without doing anything and then edited without a problem but this might be very dependent on what authentication scheme you are using.

Because ticket modification data is POSTed whereas this is just doing redirects (GET) that don't carry the post data along with it, this plugin (with or without the proposed patch here) will *not* solve the lost data problem.

Event Order

  1. Trac has a permission error
    • PermRedirectPlugin without the above patch, no referrer info is passed (in our setup at least). This is confirmed through firebug and apache logs.
    • With the patch, when we do the redirect we add a QueryString? parameter named "referer" with the value of the page that was requested.
    • Trac w/o the plugin renders an error page, that when you click the link to go to login, the Http Header "referer" is added because you followed a standard link.
  2. Login url does what it is supposed to (http basic auth over ssl in my setup).
  3. When you get to the login page under recent Tracs(slightly after .11 was released there was a fixup patch so that it would read referer from all params not just the headers) it redirects you to whatever location is given in the "referer" request parameter.

In any of the above scenarios under point 1, POST data is lost. From what I know of HTTP redirects there isn't a good way to thread the POST data. A couple not good options: keeping it in the server's session memory, sticking it in a cookie, trying to create querystring parameters out of everything posted.

03/14/09 14:43:30 changed by sascha_silbe

  • cc set to sascha_silbe.

04/08/09 18:48:23 changed by doug.patterson

I applied UnwashedMeme's PermRedirect?-urlfix.2.diff patch, works great against Trac 0.11.2.

08/11/09 19:20:40 changed by bobbysmith007

  • keywords set to patch.

Is there any chance of getting this patch applied?

We have been using it successfully for months, it sounds like others have had success as well, and it just worked again on an entirely fresh install.

Thanks,

Russ

Add/Change #2210 (After redirecting to the login screen, trac always loads the default page.)




Change Properties
Action