Modify

Opened 6 years ago

Closed 5 years ago

#3788 closed defect (invalid)

method does not forward to main url if request not known

Reported by: arnuschky Owned by: pedro
Priority: normal Component: NoAnonymousPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

This bug is interrelated with the TracAccountManager plugin, I think.

The form based login of the AccoutManager does not forward to the main page
correctly upon a successful login. This happens when the original request is not
known. I think it's not properly forwarded by the "noanonymous" plugin.

In my special case, the original request is never known, as I redirect
unencrypted requests to the login form to a encrypted connection. On the
way, the original request gets lost.

Result: The user ends up on the login screen again, even after the login
was successful. Additionally, no message indicates that the login was
successful.

Trac-0.11.1, TracAccountManager-0.2.1dev_r3857-py2.4, noanonymous=current svn version

Attachments (0)

Change History (5)

comment:1 Changed 6 years ago by pedro

My usage of the NoAnonymousPlugin plugin is similar to what you describe:

  • all HTTP requests are redirected to HTTPS
  • redirection from the NoAnonymousPlugin kicks in and user is sent to login page
  • after login the user is sent to the Home page in this case the Wiki.

I could not reproduce your problem. Could you provide more details?

comment:2 follow-up: Changed 6 years ago by arnuschky

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

comment:3 in reply to: ↑ 2 ; follow-up: Changed 6 years ago by pedro

Replying to arnuschky:

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

If you try to do https://yourserver/login?referer=report directly on your site the NoAnonymous plugin will not activate. In this case will AccountManagerPlugin redirect to the reprots page? Mine does not

comment:4 in reply to: ↑ 3 Changed 6 years ago by arnuschky

Replying to pedro:

No, mine neither, you are right. I checked and notified the plugin author of AccountManagerPlugin (see #3783).

comment:5 Changed 5 years ago by techtonik

  • Resolution set to invalid
  • Status changed from new to closed

Closing this as invalid, because redirection part on login form is handled by AccountManagerPlugin.

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.