Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2166

Remove automatic login forwarding to login pages

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.0.0-b1
    • Fix Version/s: 4.0.0-b1
    • Component/s: None
    • Labels:
      None

      Description

      After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

      This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

      I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

      I mapped the following work flow of logging in and subsequent requests/redirects:

      *Logging in*
      CONTROLLER/ACTION: admin_login/
      request URI:/admin/login
      redirect to: http://domain.com/admin/
      
      *Loading admin theme/widgets*
      CONTROLLER/ACTION: admin_main/
      request URI: /admin/
      
      CONTROLLER/ACTION: admin_theme/
      request URI: /admin/theme/theme.css?dir=
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section1
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section2
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section3
      
      CONTROLLER/ACTION: admin_main/geteventcounts
      request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/
      
      
      *At this point, nvd3 appears to load some resource from a non-admin portal.
      This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*
      
      CONTROLLER/ACTION: main/index
      request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
      redirect to: http://domain.com/client/
      
      CONTROLLER/ACTION: client_main/
      request URI: /client/
      -updates session 'blesta_forward_to' to URI: /client/
      redirect from: /client/
      redirect to: http://domain.com/client/login/
      
      CONTROLLER/ACTION: client_login/
      request URI: /blesta-minphp/public_html/client/login/
      
      

        Activity

        tyson Tyson Phillips (Inactive) created issue -
        tyson Tyson Phillips (Inactive) made changes -
        Field Original Value New Value
        Assignee Tyson Phillips [ tyson ]
        Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash -
        Status Open [ 1 ] In Progress [ 3 ]
        tyson Tyson Phillips (Inactive) made changes -
        Description After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

        This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. This appears to be due to the use of nvd3 from one of the admin dashboard widgets.

        I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

        I mapped the following work flow of logging in and subsequent requests/redirects:

        {noformat}
        *Logging in*
        CONTROLLER/ACTION: admin_login/
        request URI:/admin/login
        redirect to: http://domain.com/admin/

        *Loading admin theme/widgets*
        CONTROLLER/ACTION: admin_main/
        request URI: /admin/

        CONTROLLER/ACTION: admin_theme/
        request URI: /admin/theme/theme.css?dir=

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section1

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section2

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section3

        CONTROLLER/ACTION: admin_main/geteventcounts
        request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


        *At this point, nvd3 appears to load some resource from a non-admin portal.
        This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

        CONTROLLER/ACTION: main/index
        request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
        redirect to: http://domain.com/client/

        CONTROLLER/ACTION: client_main/
        request URI: /client/
        -updates session 'blesta_forward_to' to URI: /client/
        redirect from: /client/
        redirect to: http://domain.com/client/login/

        CONTROLLER/ACTION: client_login/
        request URI: /blesta-minphp/public_html/client/login/

        {noformat}







        After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

        -This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to.- The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

        I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

        I mapped the following work flow of logging in and subsequent requests/redirects:

        {noformat}
        *Logging in*
        CONTROLLER/ACTION: admin_login/
        request URI:/admin/login
        redirect to: http://domain.com/admin/

        *Loading admin theme/widgets*
        CONTROLLER/ACTION: admin_main/
        request URI: /admin/

        CONTROLLER/ACTION: admin_theme/
        request URI: /admin/theme/theme.css?dir=

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section1

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section2

        CONTROLLER/ACTION: admin_main/getwidgets
        request URI: /admin/main/getwidgets/?section=section3

        CONTROLLER/ACTION: admin_main/geteventcounts
        request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

        CONTROLLER/ACTION: admin_main/
        request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


        *At this point, nvd3 appears to load some resource from a non-admin portal.
        This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

        CONTROLLER/ACTION: main/index
        request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
        redirect to: http://domain.com/client/

        CONTROLLER/ACTION: client_main/
        request URI: /client/
        -updates session 'blesta_forward_to' to URI: /client/
        redirect from: /client/
        redirect to: http://domain.com/client/login/

        CONTROLLER/ACTION: client_login/
        request URI: /blesta-minphp/public_html/client/login/

        {noformat}







        Automated transition triggered when Tyson Phillips (Inactive) created pull request #120 in Stash -
        Status In Progress [ 3 ] In Review [ 5 ]
        Resolution Fixed [ 1 ]
        Automated transition triggered when Cody Phillips (Inactive) merged pull request #120 in Stash -
        Status In Review [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            tyson Tyson Phillips (Inactive)
            Reporter:
            tyson Tyson Phillips (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              15/Sep/16