Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2166

Remove automatic login forwarding to login pages

        Details

        • Type: Improvement
        • Status: Closed
        • Priority: Blocker
        • Resolution: Fixed
        • Affects Version/s: 4.0.0-b1
        • Fix Version/s: 4.0.0-b1
        • Component/s: None
        • Labels:
          None

          Description

          After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

          This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

          I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

          I mapped the following work flow of logging in and subsequent requests/redirects:

          *Logging in*
CONTROLLER/ACTION: admin_login/
request URI:/admin/login
redirect to: http://domain.com/admin/

*Loading admin theme/widgets*
CONTROLLER/ACTION: admin_main/
request URI: /admin/

CONTROLLER/ACTION: admin_theme/
request URI: /admin/theme/theme.css?dir=

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section1

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section2

CONTROLLER/ACTION: admin_main/getwidgets
request URI: /admin/main/getwidgets/?section=section3

CONTROLLER/ACTION: admin_main/geteventcounts
request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

CONTROLLER/ACTION: admin_main/
request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


*At this point, nvd3 appears to load some resource from a non-admin portal.
This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

CONTROLLER/ACTION: main/index
request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
redirect to: http://domain.com/client/

CONTROLLER/ACTION: client_main/
request URI: /client/
-updates session 'blesta_forward_to' to URI: /client/
redirect from: /client/
redirect to: http://domain.com/client/login/

CONTROLLER/ACTION: client_login/
request URI: /blesta-minphp/public_html/client/login/

            Activity

            Ascending order - Click to sort in descending order
            tyson Tyson Phillips (Inactive) created issue -
            tyson Tyson Phillips (Inactive) made changes -
            Field Original Value New Value
            Assignee Tyson Phillips [ tyson ]
            Automated transition triggered when Tyson Phillips (Inactive) created a branch in Stash -
            Status Open [ 1 ] In Progress [ 3 ]
            tyson Tyson Phillips (Inactive) made changes -
            Description After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

            This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. This appears to be due to the use of nvd3 from one of the admin dashboard widgets.

            I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

            I mapped the following work flow of logging in and subsequent requests/redirects:

            {noformat}
            *Logging in*
            CONTROLLER/ACTION: admin_login/
            request URI:/admin/login
            redirect to: http://domain.com/admin/

            *Loading admin theme/widgets*
            CONTROLLER/ACTION: admin_main/
            request URI: /admin/

            CONTROLLER/ACTION: admin_theme/
            request URI: /admin/theme/theme.css?dir=

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section1

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section2

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section3

            CONTROLLER/ACTION: admin_main/geteventcounts
            request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


            *At this point, nvd3 appears to load some resource from a non-admin portal.
            This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

            CONTROLLER/ACTION: main/index
            request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
            redirect to: http://domain.com/client/

            CONTROLLER/ACTION: client_main/
            request URI: /client/
            -updates session 'blesta_forward_to' to URI: /client/
            redirect from: /client/
            redirect to: http://domain.com/client/login/

            CONTROLLER/ACTION: client_login/
            request URI: /blesta-minphp/public_html/client/login/

            {noformat}







            		After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

            -This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to.- The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

            I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

            I mapped the following work flow of logging in and subsequent requests/redirects:

            {noformat}
            *Logging in*
            CONTROLLER/ACTION: admin_login/
            request URI:/admin/login
            redirect to: http://domain.com/admin/

            *Loading admin theme/widgets*
            CONTROLLER/ACTION: admin_main/
            request URI: /admin/

            CONTROLLER/ACTION: admin_theme/
            request URI: /admin/theme/theme.css?dir=

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section1

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section2

            CONTROLLER/ACTION: admin_main/getwidgets
            request URI: /admin/main/getwidgets/?section=section3

            CONTROLLER/ACTION: admin_main/geteventcounts
            request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/

            CONTROLLER/ACTION: admin_main/
            request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/


            *At this point, nvd3 appears to load some resource from a non-admin portal.
            This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*

            CONTROLLER/ACTION: main/index
            request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
            redirect to: http://domain.com/client/

            CONTROLLER/ACTION: client_main/
            request URI: /client/
            -updates session 'blesta_forward_to' to URI: /client/
            redirect from: /client/
            redirect to: http://domain.com/client/login/

            CONTROLLER/ACTION: client_login/
            request URI: /blesta-minphp/public_html/client/login/

            {noformat}







            Automated transition triggered when Tyson Phillips (Inactive) created pull request #120 in Stash -
            Status In Progress [ 3 ] In Review [ 5 ]
            Resolution Fixed [ 1 ]
            Automated transition triggered when Cody Phillips (Inactive) merged pull request #120 in Stash -
            Status In Review [ 5 ] Closed [ 6 ]

              People

              • Assignee:
                tyson Tyson Phillips (Inactive)
                Reporter:
                tyson Tyson Phillips (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  15/Sep/16