Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2166

Remove automatic login forwarding to login pages

        Details

        • Type: Improvement
        • Status: Closed
        • Priority: Blocker
        • Resolution: Fixed
        • Affects Version/s: 4.0.0-b1
        • Fix Version/s: 4.0.0-b1
        • Component/s: None
        • Labels:
          None

          Description

          After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

          This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

          I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

          I mapped the following work flow of logging in and subsequent requests/redirects:

          *Logging in*
CONTROLLER/ACTION: admin_login/
request URI:/admin/login
redirect to: http://domain.com/admin/

*Loading admin theme/widgets*
CONTROLLER/ACTION: admin_main/
request URI: /admin/

CONTROLLER/ACTION: admin_theme/
request URI: /admin/theme/theme.css?dir=

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section1

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section2

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section3

CONTROLLER/ACTION: admin_main/geteventcounts
request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


*At this point, nvd3 appears to load some resource from a non-admin portal.
This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

CONTROLLER/ACTION: main/index
request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
redirect to: http://domain.com/client/

CONTROLLER/ACTION: client_main/
request URI: /client/
-updates session 'blesta_forward_to' to URI: /client/
redirect from: /client/
redirect to: http://domain.com/client/login/

CONTROLLER/ACTION: client_login/
request URI: /blesta-minphp/public_html/client/login/

            Activity

            There are no comments yet on this issue.

              People

              • Assignee:
                tyson Tyson Phillips (Inactive)
                Reporter:
                tyson Tyson Phillips (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  15/Sep/16