Uploaded image for project: 'Blesta Core'
  1. Blesta Core
  2. CORE-2166

Remove automatic login forwarding to login pages

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 4.0.0-b1
    • Fix Version/s: 4.0.0-b1
    • Component/s: None
    • Labels:
      None

      Description

      After logging in to Blesta, it's possible to be automatically forwarded to a previously-visited URL prior to being logged out.

      This auto-redirect now always redirects admins to the client login page after logging in if there is no other URL to forward to. The admin can be redirected to the client UI if a forward URL is set to the client interface. In some cases, it appears to be due to the use of nvd3 from one of the admin dashboard widgets. It's also possible when navigating to a admin or client URI when not logged in, then logging into the other interface.

      I think it would be best to not save a 'blesta_forward_to' URI that is to a login page, either admin or client.

      I mapped the following work flow of logging in and subsequent requests/redirects:

      *Logging in*
      CONTROLLER/ACTION: admin_login/
      request URI:/admin/login
      redirect to: http://domain.com/admin/
      
      *Loading admin theme/widgets*
      CONTROLLER/ACTION: admin_main/
      request URI: /admin/
      
      CONTROLLER/ACTION: admin_theme/
      request URI: /admin/theme/theme.css?dir=
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section1
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section2
      
      CONTROLLER/ACTION: admin_main/getwidgets
      request URI: /admin/main/getwidgets/?section=section3
      
      CONTROLLER/ACTION: admin_main/geteventcounts
      request URI: /admin/main/geteventcounts/?start_date=2016-04-01&end_date=2016-05-01
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/feed_reader/admin_main/
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/system_status/admin_main/
      
      CONTROLLER/ACTION: admin_main/
      request URI: /blesta-minphp/public_html/admin/widget/system_overview/admin_main/
      
      
      *At this point, nvd3 appears to load some resource from a non-admin portal.
      This causes a redirect to the client URI, which saves that client URI as the auto-forward URI*
      
      CONTROLLER/ACTION: main/index
      request URI: /app/views/admin/default/javascript/nv.d3.min.js.map
      redirect to: http://domain.com/client/
      
      CONTROLLER/ACTION: client_main/
      request URI: /client/
      -updates session 'blesta_forward_to' to URI: /client/
      redirect from: /client/
      redirect to: http://domain.com/client/login/
      
      CONTROLLER/ACTION: client_login/
      request URI: /blesta-minphp/public_html/client/login/
      
      

        Activity

          People

          • Assignee:
            tyson Tyson Phillips (Inactive)
            Reporter:
            tyson Tyson Phillips (Inactive)
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:
              Fix Release Date:
              15/Sep/16