View Issue Details

IDProjectCategoryView StatusLast Update
0025110mantisbtauthenticationpublic2019-01-01 07:44
ReportercproensaAssigned Tocproensa 
PrioritynormalSeverityminorReproducibilityalways
Status assignedResolutionopen 
Product Version2.19.0 
Target VersionFixed in Version 
Summary0025110: Token error when login with a newly created user
Description

When login the first time with a new user, after setting the password, a token expiration error is displayed.

The problem is that the confirmation of account_update.php, after setting password, redirects again to account_update. The intended behaviour is to redirect to index.php.
On examination the page has two redirects:
<meta http-equiv="Refresh" content="2; URL='http://xxx/index.php'">
which is set by account_update, and the one that should exist and be triggered.
and:
<meta http-equiv="Refresh" content="2; URL='http://xxx/account_update.php'">
which is set by layout_api, layout_navbar_projects_menu(), and is wrong and the one the browser uses.
https://github.com/mantisbt/mantisbt/blob/release-2.18.0/core/layout_api.php#L559

so, this is related to the code that checks if the user only has one project, and his default is ALL_PROJECTS

Steps To Reproduce
  • Create a new user
  • Open the new link is a clean browser session without any previous session, cookies, etc. Use a clean private/temporary session.
  • After setting the user password, the error is displayed
TagsNo tags attached.

Relationships

related to 0007956 closedcproensa Disable project selection for users with only one project 
related to 0009826 closeddregad Single project user should default to the project, not All Projects 

Activities

cproensa

cproensa

2018-12-26 18:49

developer   ~0061106

@dregad
https://github.com/mantisbt/mantisbt/commit/cfa022bc1c7dd61d52ed22a8811811f14fbab5ae

Do you know why reloading the page is needed there?
Isn't it enough to change current project and default on the fly?

dregad

dregad

2018-12-28 11:06

developer   ~0061114

Do you know why reloading the page is needed there?

I might have added it to ensure that the project selector was correctly loaded after changing the current project, but honestly 6 years after the fact, I'm not really sure so your guess is as good as mine... ;-)

Note: with 2.0, that code moved to layout API layout_navbar_projects_menu(). The current code has an exception not to redirect if the page is manage_proj_create.php, so maybe another exception for your use case is needed here ? It is also possible that the redirect is no longer needed due to other changes in Mantis Core; and if it is maybe the same objective could be achieved with less intrusive logic than a page reload.

Issue History

Date Modified Username Field Change
2018-12-24 14:10 cproensa New Issue
2018-12-24 14:11 cproensa Description Updated View Revisions
2018-12-26 18:47 cproensa Description Updated View Revisions
2018-12-26 18:49 cproensa Note Added: 0061106
2018-12-28 11:06 dregad Note Added: 0061114
2019-01-01 07:43 cproensa Assigned To => cproensa
2019-01-01 07:43 cproensa Status new => assigned
2019-01-01 07:43 cproensa Relationship added related to 0007956
2019-01-01 07:44 cproensa Relationship added related to 0009826