View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0011031 | mantisbt | authentication | public | 2009-10-12 21:02 | 2010-02-22 14:34 |
Reporter | hubdog | Assigned To | jreese | ||
Priority | urgent | Severity | block | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.2.0rc2 | ||||
Target Version | 1.2.0 | Fixed in Version | 1.2.0 | ||
Summary | 0011031: Can not view changelog page without login as user | ||||
Description | I just upgraded my mantis system to 1.2rc2.After I upgraded to new version, When I click the changelog page url, the mantis will always redirect me to the login page(http://xxx.com/login_page.php?return=changelog_page.php%3Fproject_id%3D5) which is not oberserved in the previous 1.2 rc1. I checked the Permissions Report and found that View Change Log permission is setted to viewer as before. Because I am not familiar with php. Would you please tell me what is wrong ? best regards | ||||
Tags | No tags attached. | ||||
By the way , anonymous login is already enabled which is ok in the previous version. but not ok in the rc2 |
|
I've tested it on this bug tracker and confirmed the behavior. The change log shows: "No Change Log information available". |
|
<pre>jreese@kepler[~/workspace/mantisbt] git bisect good
:040000 040000 0832500f52409821b04b2b9264feac35b767314d 622121dd85df3564399c3041d5fc4a3feb9beada M core |
|
@jreese, did you get a chance to look at this? This is one of the bad bugs that we need to fix before the next release drop. Also would be nice to update this bug tracker once it is fixed. |
|
I've had a look at authentication_api to see if I could work out what was going wrong. However, it's not the most trivial thing to understand. Which developer(s) wrote and/or understand this part of the MantisBT codebase? |
|
Bumping priority and severity as this is a big problem for trackers that are open to anonymous users. |
|
Fix committed to 1.2.x and master branches. |
|
MantisBT: master-1.2.x 0085bcd7 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
mod - verify.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
MantisBT: master aa042ae6 2009-12-03 09:33 Details Diff |
Fix 0011031, 10930: fix anonymous user auto-login The original issue with 10930 was that user verification, when checking to see if a user was logged in, would trigger automatic login of the anonymous user account, which would lead to a redirect loop, where each page load would auto-login the anonymous user and immediately log them out and redirect. The original fix for this disabled auto-login of the anonymous user account when calling auth_is_user_authenticated(), which broke expectations of much of the codebase. By re-enabling auto-login, but offering optional bypass of this process, it fixes both issues. Any page expecting to correctly work with unauthenticated users will need to pass a False parameter to the function to bypass automatic anonymous login. |
Affected Issues 0010930, 0011031 |
|
mod - verify.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
MantisBT: master-1.2.x 4dab8016 2009-12-17 16:17 Details Diff |
Fix regression of issue 0010930 in commit 0085bcd7 The initial fixes for 0010930 and issue 0011031 did not take into account the usage of auth_is_user_authenticated() in multiple locations during the core bootstrap routines. By defining and looking for a global flag, rather than an argument to the function, we fix both the problems and the regression. |
Affected Issues 0010930, 0011031 |
|
mod - core/authentication_api.php | Diff File | ||
mod - core.php | Diff File | ||
mod - verify.php | Diff File | ||
MantisBT: master 429448ee 2009-12-17 16:17 Details Diff |
Fix regression of issue 0010930 in commit 0085bcd7 The initial fixes for 0010930 and issue 0011031 did not take into account the usage of auth_is_user_authenticated() in multiple locations during the core bootstrap routines. By defining and looking for a global flag, rather than an argument to the function, we fix both the problems and the regression. |
Affected Issues 0010930, 0011031 |
|
mod - core.php | Diff File | ||
mod - core/authentication_api.php | Diff File | ||
mod - verify.php | Diff File |