Modify

Opened 6 years ago

Closed 5 years ago

#3788 closed defect (invalid)

method does not forward to main url if request not known

Reported by: arnuschky Owned by: pedro
Priority: normal Component: NoAnonymousPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

This bug is interrelated with the TracAccountManager plugin, I think.

The form based login of the AccoutManager does not forward to the main page
correctly upon a successful login. This happens when the original request is not
known. I think it's not properly forwarded by the "noanonymous" plugin.

In my special case, the original request is never known, as I redirect
unencrypted requests to the login form to a encrypted connection. On the
way, the original request gets lost.

Result: The user ends up on the login screen again, even after the login
was successful. Additionally, no message indicates that the login was
successful.

Trac-0.11.1, TracAccountManager-0.2.1dev_r3857-py2.4, noanonymous=current svn version

Attachments (0)

Change History (5)

comment:1 Changed 6 years ago by pedro

My usage of the NoAnonymousPlugin plugin is similar to what you describe:

  • all HTTP requests are redirected to HTTPS
  • redirection from the NoAnonymousPlugin kicks in and user is sent to login page
  • after login the user is sent to the Home page in this case the Wiki.

I could not reproduce your problem. Could you provide more details?

comment:2 follow-up: Changed 6 years ago by arnuschky

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

comment:3 in reply to: ↑ 2 ; follow-up: Changed 6 years ago by pedro

Replying to arnuschky:

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

If you try to do https://yourserver/login?referer=report directly on your site the NoAnonymous plugin will not activate. In this case will AccountManagerPlugin redirect to the reprots page? Mine does not

comment:4 in reply to: ↑ 3 Changed 6 years ago by arnuschky

Replying to pedro:

No, mine neither, you are right. I checked and notified the plugin author of AccountManagerPlugin (see #3783).

comment:5 Changed 5 years ago by techtonik

  • Resolution set to invalid
  • Status changed from new to closed

Closing this as invalid, because redirection part on login form is handled by AccountManagerPlugin.

Add Comment

Modify Ticket

Action
as closed .
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from pedro. Next status will be 'closed'.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.