Modify

Opened 16 years ago

Closed 15 years ago

#3788 closed defect (invalid)

method does not forward to main url if request not known

Reported by: arnuschky Owned by: Pedro Paixao
Priority: normal Component: NoAnonymousPlugin
Severity: normal Keywords:
Cc: Trac Release: 0.11

Description

This bug is interrelated with the TracAccountManager plugin, I think.

The form based login of the AccoutManager does not forward to the main page correctly upon a successful login. This happens when the original request is not known. I think it's not properly forwarded by the "noanonymous" plugin.

In my special case, the original request is never known, as I redirect unencrypted requests to the login form to a encrypted connection. On the way, the original request gets lost.

Result: The user ends up on the login screen again, even after the login was successful. Additionally, no message indicates that the login was successful.

Trac-0.11.1, TracAccountManager-0.2.1dev_r3857-py2.4, noanonymous=current svn version

Attachments (0)

Change History (5)

comment:1 Changed 16 years ago by Pedro Paixao

My usage of the NoAnonymousPlugin plugin is similar to what you describe:

  • all HTTP requests are redirected to HTTPS
  • redirection from the NoAnonymousPlugin kicks in and user is sent to login page
  • after login the user is sent to the Home page in this case the Wiki.

I could not reproduce your problem. Could you provide more details?

comment:2 Changed 16 years ago by arnuschky

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

comment:3 in reply to:  2 ; Changed 16 years ago by Pedro Paixao

Replying to arnuschky:

The problem is that I do not want to have all http requests converted to https requests. The reason for this is performance. Actually, I redirect all request to http, except the ones with '/trac/login' in the URI. These are redirected to https. Blow are the apache redirect rules.

RewriteEngine On
# rewrite all request to the login screen to use https
RewriteCond %{REQUEST_URI}   ^.*/trac/login.*$
RewriteCond %{SERVER_PORT}   !^443$
RewriteRule ^(.*)$           https://%{HTTP_HOST}$1 [L,R]
# rewrite all other requests NOT to use https
RewriteCond %{REQUEST_URI}   !^.*/trac/login$
RewriteCond %{SERVER_PORT}   !^80$
RewriteRule ^(.*)$           http://%{HTTP_HOST}$1 [L,R]

So we redirect usually twice.

http://../trac/ -> http://../trac/login -> https://../trac/

On the way, the original request is lost. I asked the author of the AccountManager plugin in ticket #3783, he says that the request needs to be set as a parameter (https://yourserver/login?referer=<whatever>). Is it possible to include this in the noanonymous plugin?

If you try to do https://yourserver/login?referer=report directly on your site the NoAnonymous plugin will not activate. In this case will AccountManagerPlugin redirect to the reprots page? Mine does not

comment:4 in reply to:  3 Changed 16 years ago by arnuschky

Replying to pedro:

No, mine neither, you are right. I checked and notified the plugin author of AccountManagerPlugin (see #3783).

comment:5 Changed 15 years ago by anatoly techtonik

Resolution: invalid
Status: newclosed

Closing this as invalid, because redirection part on login form is handled by AccountManagerPlugin.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Pedro Paixao.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.