View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0010930 | mantisbt | signup | public | 2009-09-12 20:19 | 2016-05-10 06:30 |
Reporter | jreese | Assigned To | jreese | ||
Priority | urgent | Severity | block | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0rc2 | ||||
Target Version | 1.2.0rc2 | Fixed in Version | 1.2.0rc2 | ||
Summary | 0010930: User verification results in redirection loop | ||||
Description | User verification was logging out the user, and then calling auth_api functions that implicitly logged in the anonymous user, resulting in an endless redirection loop. By adding a parameter to the appropriate auth_api function, the verification page can specify that the anonymous user should not be implicitly logged in. | ||||
Tags | No tags attached. | ||||
has duplicate | 0011292 | closed | jreese | Not able to create new account in MantisBT own tracker |
related to | 0010926 | closed | dhx | Login problems, logging crashes httpd.exe |
related to | 0011031 | closed | jreese | Can not view changelog page without login as user |
related to | 0020893 | closed | dregad | Redirection Loop on Signup link [already saw the bug 0010930] |
Fix committed to 1.2.x and master branches. |
|
Are you able to explain a step-by-step process for replicating this bug? I have reverted this patch (locally) to fix 0011031 and haven't noticed any side effects with respect to endless login loops. |
|
This is required when an already-logged-in user (including an anonymous user) is visiting the signup verification url, and I think other places as well. I'll simply take the original fix a bit further to resolve both issues. |
|
Hi! I am currently running mantis from git master 1.2.x and this issue reappeared when opening the url to complete a registration (cyclic link found...). The recent fix for bug 0011031 made this issue appear again, and user sign up is now impossible! |
|
On what page are you getting the redirect loop? The fix for 11031 should not have regressed this issue. |
|
This happens when trying to open the link in the email sent after completing the signup page. The email says:Thank you for registering. You have an account with username "jb_test". In order http://www.kdenlive.org/mantis/verify.php?id=684&confirm_hash=20aa1e6db59eb06cf24a1be193f959c3 If you did not request any registration, ignore this message and nothing will
|
|
This regression has been fixed in 1.2.x and master branches. |
|
MantisBT: master-1.2.x aa34cdfd 2009-09-12 20:13 Details Diff |
Fix 0010930: Fix verification redirect loop User verification was logging out the user, and then calling auth_api functions that implicitly logged in the anonymous user, resulting in an endless redirection loop. By adding a parameter to the appropriate auth_api function, the verification page can specify that the anonymous user should not be implicitly logged in. |
Affected Issues 0010930 |
|
mod - core/authentication_api.php | Diff File | ||
MantisBT: master 0abe9b45 2009-09-12 20:13 Details Diff |
Fix 0010930: Fix verification redirect loop User verification was logging out the user, and then calling auth_api functions that implicitly logged in the anonymous user, resulting in an endless redirection loop. By adding a parameter to the appropriate auth_api function, the verification page can specify that the anonymous user should not be implicitly logged in. |
Affected Issues 0010930 |
|
mod - core/authentication_api.php | Diff File | ||
MantisBT: master-1.2.x 0085bcd7 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
mod - verify.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
MantisBT: master aa042ae6 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
mod - verify.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
MantisBT: master-1.2.x 4dab8016 2009-12-17 16:17 Details Diff |
Fix regression of issue 0010930 in commit 0085bcd7 The initial fixes for 0010930 and issue 0011031 did not take into account the usage of auth_is_user_authenticated() in multiple locations during the core bootstrap routines. By defining and looking for a global flag, rather than an argument to the function, we fix both the problems and the regression. |
Affected Issues 0010930, 0011031 |
|
mod - core/authentication_api.php | Diff File | ||
mod - core.php | Diff File | ||
mod - verify.php | Diff File | ||
MantisBT: master 429448ee 2009-12-17 16:17 Details Diff |
Fix regression of issue 0010930 in commit 0085bcd7 The initial fixes for 0010930 and issue 0011031 did not take into account the usage of auth_is_user_authenticated() in multiple locations during the core bootstrap routines. By defining and looking for a global flag, rather than an argument to the function, we fix both the problems and the regression. |
Affected Issues 0010930, 0011031 |
|
mod - core.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - verify.php | Diff File |