method does not forward to main url if request not known

[arnuschky]

This bug is interrelated with the TracAccountManager plugin, I think.

The form based login of the AccoutManager does not forward to the main page correctly upon a successful login. This happens when the original request is not known. I think it's not properly forwarded by the "noanonymous" plugin.

In my special case, the original request is never known, as I redirect unencrypted requests to the login form to a encrypted connection. On the way, the original request gets lost.

Result: The user ends up on the login screen again, even after the login was successful. Additionally, no message indicates that the login was successful.

Trac-0.11.1, TracAccountManager-0.2.1dev_r3857-py2.4, noanonymous=current svn version

[Pedro Paixao]

My usage of the NoAnonymousPlugin plugin is similar to what you describe:

• all HTTP requests are redirected to HTTPS
• redirection from the NoAnonymousPlugin kicks in and user is sent to login page
• after login the user is sent to the Home page in this case the Wiki.

I could not reproduce your problem. Could you provide more details?

[arnuschky]

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

​http://../trac/ -> ​http://../trac/login -> ​https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (​https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

[Pedro Paixao]

Replying to arnuschky:

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

​http://../trac/ -> ​http://../trac/login -> ​https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (​https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

If you try to do ​https://yourserver/login?referer=report directly on your site the NoAnonymous plugin will not activate. In this case will AccountManagerPlugin redirect to the reprots page? Mine does not

[arnuschky]

Replying to pedro:

No, mine neither, you are right. I checked and notified the plugin author of AccountManagerPlugin (see #3783).

[anatoly techtonik]

Closing this as invalid, because redirection part on login form is handled by AccountManagerPlugin.