developer.jelix.org is not used any more and exists only for history. Post new tickets on the Github account.
developer.jelix.org n'est plus utilisée, et existe uniquement pour son historique. Postez les nouveaux tickets sur le compte github.

Opened 12 years ago

Closed 12 years ago

#658 closed enhancement (fixed)

jauth~login:form should support auth_url_return in the form

Reported by: laurentj Owned by:
Priority: normal Milestone: jelix 1.1
Component: module:jauth Version: 1.0.5
Severity: normal Keywords:
Cc: Blocked By:
Blocking: Documentation needed: no
Hosting Provider: Php version:

Description

We cannot use the auth_url_return feature with the zone loginform and with the action login:form. So we can redirect to a "dynamic" url. We could get this url, through a parameter, or by reading the http referer (I think this is my prefered solution).

Attachments (2)

patch.diff (3.7 KB) - added by ametaireau 12 years ago.
now, it's works !
patch.2.diff (4.6 KB) - added by ametaireau 12 years ago.
@contributor

Download all attachments as: .zip

Change History (5)

Changed 12 years ago by ametaireau

now, it's works !

Changed 12 years ago by ametaireau

@contributor

comment:1 Changed 12 years ago by ametaireau

  • review set to review?

comment:2 Changed 12 years ago by laurentj

  • review changed from review? to review-
@@ -55,7 +60,7 @@
             throw new jException ('jauth~autherror.no.auth_logout');
 
         if (!($conf['enable_after_logout_override'] && $url_return= $this->param('auth_url_return'))){
-            $url_return =  jUrl::get($conf['after_logout']);
+            $url_return =  jUrl::get($conf['after_logout'], array('auth_url_return' => jUrl::get($this->param('module').'~'.$this->param('action'))));
         }
         $rep = $this->getResponse('redirectUrl');
         $rep->url = $url_return;

I understand that you use the module and action parameter here because it is relevant in the case of login:out is launch by the auth plugin (authentification required for the asked action). But you have two issue :

  • first, you forgot the current url parameters. So you should use directly the current url (see jRequest properties, or $_SERVER)
  • Second, the generated url is bad if we arrive on login:out directly or after a redirection. Then the value of auth_url_return will be the url of login:out (a thing we don't want I think)
+       {if !empty($auth_url_return)}
+       <input type="hidden" name="auth_url_return" value="{$auth_url_return}" />
+       {/if}

You should escape the value of auth_url_return here :

       <input type="hidden" name="auth_url_return" value="{$auth_url_return|eschtml}" />

comment:3 Changed 12 years ago by laurentj

  • Resolution set to fixed
  • Status changed from new to closed

I didn't include your patch, but I made modification in the auth coord plugin to fix the ticket, and in the template/zone.

svn 1168.

Note: See TracTickets for help on using tickets.