[Trac-tickets] [The Trac Project] #3048: Issue with redirect after login

The Trac Project noreply at edgewall.com
Sun Apr 16 21:12:08 CDT 2006 

#3048: Issue with redirect after login
-------------------------------------+--------------------------------------
 Reporter:  simon-code at bvnetwork.no  |       Owner:  jonas
     Type:  defect                   |      Status:  new  
 Priority:  normal                   |   Milestone:       
Component:  general                  |     Version:  0.9.4
 Severity:  normal                   |    Keywords:       
-------------------------------------+--------------------------------------
 Regarding [source:/trunk/trac/web/auth.py at 3174#L190] - auth.py /
 !LoginModule / {{{def _redirect_back(self.req)}}}

 The test for "same site" is not quite sufficient, as it will get the
 result wrong when directly linking to /login when one projectname is a
 substring of another. A simple example is "sandbox" and "sandbox2". It
 actually gives errors both ways:
  1. Link from sandbox to sandbox2/login will get you to the project, but
 not actually logged in properly. Why this happens, I have not been able to
 figure out. It just sees me as 'anonymous', even after doing the "login"
 link manually afterwards. Any ideas? Something else comparing projectnames
 giving false positives? I have a "home" module that I've made for front
 page replacement (default component), but it does not receive the
 authentication information. It is build to "Trac standards", and doesn't
 do anything complicated that should suggest a problem here.
  1. Linking from /sandbox2 to /sandbox/login will actually not take you
 anywhere, as it does not get caught by the if-test (substring match). The
 redirect back does not make sense. I made a small change to the if-test,
 and this issue seems to work correctly:
 {{{
         if referer and not (referer == req.base_url \
                     or referer.startswith(req.base_url + '/')):
 }}}
 This fix for issue 2 will catch both where the referrer is just /sandbox2
 (no specific module/page) and where it is like /sandbox2/wiki/WikiStart
 (by closing the projectname with a '/' testing for /sandbox/).

 I have made a cross-project personalised navigation, and have no issues of
 any kind with projects that are not substrings of each other.

-- 
Ticket URL: <http://projects.edgewall.com/trac/ticket/3048>
The Trac Project <http://trac.edgewall.com/>

More information about the Trac-Tickets mailing list