Details
-
Type: Improvement
-
Status: Closed
-
Priority: Blocker
-
Resolution: Fixed
-
Affects Version/s: 4.0.0-b1
-
Fix Version/s: 4.0.0-b1
-
Component/s: None
-
Labels:None
Description
After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.
This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.
I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.
I mapped the following work flow of logging in and subsequent requests/redirects:
*Logging in* CONTROLLER/ACTION: admin_login/ request URI:/admin/login redirect to: http://domain.com/admin/ *Loading admin theme/widgets* CONTROLLER/ACTION: admin_main/ request URI: /admin/ CONTROLLER/ACTION: admin_theme/ request URI: /admin/theme/theme.css?dir= CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section1 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section2 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section3 CONTROLLER/ACTION: admin_main/geteventcounts request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01 CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/ *At this point, nvd3 appears to load some resource from a non-admin portal. This causes a redirect to the client URI, which saves that client URI as the auto-forward URI* CONTROLLER/ACTION: main/index request URI: /app/views/admin/default/javascript/nv.d3.min.js.map redirect to: http://domain.com/client/ CONTROLLER/ACTION: client_main/ request URI: /client/ -updates session 'blesta_forward_to' to URI: /client/ redirect from: /client/ redirect to: http://domain.com/client/login/ CONTROLLER/ACTION: client_login/ request URI: /blesta-minphp/public_html/client/login/
Activity
Field | Original Value | New Value |
---|---|---|
Assignee | Tyson Phillips [ tyson ] |
Status | Open [ 1 ] | In Progress [ 3 ] |
Description |
After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.
This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. This appears to be due to the use of nvd3 from one of the admin dashboard widgets. I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client. I mapped the following work flow of logging in and subsequent requests/redirects: {noformat} *Logging in* CONTROLLER/ACTION: admin_login/ request URI:/admin/login redirect to: http://domain.com/admin/ *Loading admin theme/widgets* CONTROLLER/ACTION: admin_main/ request URI: /admin/ CONTROLLER/ACTION: admin_theme/ request URI: /admin/theme/theme.css?dir= CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section1 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section2 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section3 CONTROLLER/ACTION: admin_main/geteventcounts request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01 CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/ *At this point, nvd3 appears to load some resource from a non-admin portal. This causes a redirect to the client URI, which saves that client URI as the auto-forward URI* CONTROLLER/ACTION: main/index request URI: /app/views/admin/default/javascript/nv.d3.min.js.map redirect to: http://domain.com/client/ CONTROLLER/ACTION: client_main/ request URI: /client/ -updates session 'blesta_forward_to' to URI: /client/ redirect from: /client/ redirect to: http://domain.com/client/login/ CONTROLLER/ACTION: client_login/ request URI: /blesta-minphp/public_html/client/login/ {noformat} |
After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.
-This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to.- The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface. I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client. I mapped the following work flow of logging in and subsequent requests/redirects: {noformat} *Logging in* CONTROLLER/ACTION: admin_login/ request URI:/admin/login redirect to: http://domain.com/admin/ *Loading admin theme/widgets* CONTROLLER/ACTION: admin_main/ request URI: /admin/ CONTROLLER/ACTION: admin_theme/ request URI: /admin/theme/theme.css?dir= CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section1 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section2 CONTROLLER/ACTION: admin_main/getwidgets request URI: /admin/main/getwidgets/?section=section3 CONTROLLER/ACTION: admin_main/geteventcounts request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01 CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/ CONTROLLER/ACTION: admin_main/ request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/ *At this point, nvd3 appears to load some resource from a non-admin portal. This causes a redirect to the client URI, which saves that client URI as the auto-forward URI* CONTROLLER/ACTION: main/index request URI: /app/views/admin/default/javascript/nv.d3.min.js.map redirect to: http://domain.com/client/ CONTROLLER/ACTION: client_main/ request URI: /client/ -updates session 'blesta_forward_to' to URI: /client/ redirect from: /client/ redirect to: http://domain.com/client/login/ CONTROLLER/ACTION: client_login/ request URI: /blesta-minphp/public_html/client/login/ {noformat} |
Status | In Progress [ 3 ] | In Review [ 5 ] |
Resolution | Fixed [ 1 ] |
Status | In Review [ 5 ] | Closed [ 6 ] |