Do not do redirect handling when loggin out #12573
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
I dislike this patch a bit, because if you are on a page which is publicly accessible, it loads that page, instead of redirecting to the login form. In my head the following should have worked: public function showLoginForm(string $user = null, string $redirect_url = null): Http\Response {
if ($this->session->exists('clearingExecutionContexts')) {
$this->session->remove('clearingExecutionContexts');
$response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
return $response;
}But while your request is on |
Member
Author
|
Do you have a logout button on a public page? |
Member
|
Well on Talk the same URL is used for a room independent of your login state. |
Member
|
@rullzer @nickvergessen What is the status here? Continue it or close it? |
Member
Author
|
Let me have another look. I might have a more elegant way |
Member
Author
|
@nickvergessen can you verify that this seems fixed with the latest firefox? |
Member
|
No, it is still the same with ff 65. |
Member
|
Same here, still broken with FF 65.0 |
rullzer
force-pushed
the
fix/12568/special_handling_of_logout
branch
from
9e1061d to
689adc8
Compare
Member
Author
|
Ok this is now a bit more elegant I think. @nickvergessen please check it out |
MorrisJobke
reviewed
Feb 6, 2019
MorrisJobke
reviewed
Feb 6, 2019
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <[email protected]>
rullzer
force-pushed
the
fix/12568/special_handling_of_logout
branch
from
689adc8 to
60e5a5e
Compare
Member
|
Backport? |
Member
Author
|
Fine by me. It is mainly an added middleware. So should not cause issues. |
Member
|
/backport to stable15 |
|
The backport to stable15 failed. Please do this backport manually. |
haslersn
added a commit
to haslersn/nextcloud-oidc-login
that referenced
this pull request
Sep 14, 2023
See https://github.com/nextcloud/server/blob/b085803c0bfe8c568e5710525e49d5f6378833b6/core/Controller/LoginController.php#L99 and following lines. Also note that setting `clearingExecutionContexts` is no longer required, because it had to do with the executionContexts feature which is no longer used by nextcloud since nextcloud/server#16310. Furthermore, with the behavior introduced in nextcloud/server#12573, setting `clearingExecutionContexts` breaks our logout redirects, because the middleware subsequently (after the logout redirect) returns another redirects to `/login?clear=1`.
haslersn
added a commit
to haslersn/nextcloud-oidc-login
that referenced
this pull request
Sep 14, 2023
See https://github.com/nextcloud/server/blob/b085803c0bfe8c568e5710525e49d5f6378833b6/core/Controller/LoginController.php#L99 and following lines. Also note that setting `clearingExecutionContexts` is no longer required, because it had to do with the executionContexts feature which is no longer used by nextcloud since nextcloud/server#16310. Furthermore, with the behavior introduced in nextcloud/server#12573, setting `clearingExecutionContexts` breaks our logout redirects, because the middleware subsequently (after the logout redirect) returns another redirects to `/login?clear=1`.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.
Signed-off-by: Roeland Jago Douma [email protected]