• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item6510: forceAuthentication can create invalid URL

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine LoginManager Normal New   n/a  

Edit Form Data

Summary:
Reported By:
Codebase:
Applies To:
Component:
Priority:
Current State:
Waiting For:
Target Release:
Released In:
 

Detail

We are using a TWiki 5.0.0 setup with short urls. For us the automatic redirection from 'view' to 'viewauth' generates an invalid URL of the form

https://serverhttps://server/bin/viewauth

I have tracked down the issue to forceAuthentication() in lib/TWiki/LoginManager/ApacheLogin.pm. In there it sais:

   my $url = $twiki->getScriptUrl(1, $scriptName);
   if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
      # $url should not contain query string as it gets appended
      # in TWiki::redirect. Script gets 'auth' appended.
      $url = "$twiki->{urlHost}${1}auth$2";

This is wrong because getScriptUrl(1,...) will already return an absolute URL and there is no need to prepend urlHost.

I did not find a fix to get the function working properly though. The easiest workaround for me was to use the function code from Foswiki and adjust it

like this:

sub forceAuthentication {



    my $this = shift;



    my $twiki = $this->{twiki};



    my $query = $twiki->{request};







    # See if there is an 'auth' version



    # of this script, may be a result of not being logged in.



    my $newAction = $query->action() . 'auth';







    if ( !$query->remote_user()



        && exists $TWiki::cfg{SwitchBoard}{$newAction} )



    {







        # Assemble the new URL using the host, the changed script name,



        # and the path info.



        my $url = $twiki->getScriptUrl( 1, $newAction );



        if ( $query->path_info() ) {



            $url .= '/'



              unless $url =~ m#/$# || $query->path_info() =~ m#^/#;



            $url .= $query->path_info();



        }







        # Redirect with passthrough so we don't lose the original query params



        $twiki->redirect( $url, 1 );



        return 1;



    }



    return 0;



}

This works for me.

-- TWiki:Main/StefanWalter - 30 Jun 2010

Found the same problem. Here are the changes I made that fixed the problem for us.

*** ApacheLogin.pm.ORIG Sat May 29 09:33:36 2010
--- ApacheLogin.pm      Tue Jul 13 13:30:44 2010
***************
*** 91,97 ****
          if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
              # $url should not contain query string as it gets appended
              # in TWiki::redirect. Script gets 'auth' appended.
!             $url = "$twiki->{urlHost}${1}auth$2";
          } else {
              if( $twiki->{request}->action !~ /auth$/ ) {
                  $url = $twiki->{urlHost}.'/'.$twiki->{request}->action . 'auth';
--- 91,97 ----
          if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
              # $url should not contain query string as it gets appended
              # in TWiki::redirect. Script gets 'auth' appended.
!             $url = "${1}auth$2";
          } else {
              if( $twiki->{request}->action !~ /auth$/ ) {
                  $url = $twiki->{urlHost}.'/'.$twiki->{request}->action . 'auth';
***************
*** 102,112 ****
                  $url = $twiki->{urlHost}.$twiki->{scriptUrlPath}.'/'.
                         $scriptName.'auth'.$TWiki::cfg{ScriptSuffix};
              }
-             if ($query->path_info()) {
-                 $url .= '/' unless $url =~ m#/$# || $query->path_info() =~ m#^/#;
-                 $url .= $query->path_info();
-             }
          }
          # Redirect with passthrough so we don't lose the original query params
          $twiki->redirect( $url, 1 );
          return 1;
--- 102,112 ----
                  $url = $twiki->{urlHost}.$twiki->{scriptUrlPath}.'/'.
                         $scriptName.'auth'.$TWiki::cfg{ScriptSuffix};
              }
          }
+       if ($query->path_info()) {
+           $url .= '/' unless $url =~ m#/$# || $query->path_info() =~ m#^/#;
+           $url .= $query->path_info();
+       }
          # Redirect with passthrough so we don't lose the original query params
          $twiki->redirect( $url, 1 );
          return 1;

-- TWiki:Main.MikeSchwarz - 2010-07-13

Thanks for the patch Mike! Any chances that this gets its way into 5.0.1?

-- TWiki:Main.StefanWalter - 2010-08-16

ItemTemplate
Summary forceAuthentication can create invalid URL
ReportedBy TWiki:Main.StefanWalter
Codebase 5.0.0
SVN Range TWiki-5.0.0, Sun, 20 Jun 2010, build 19085
AppliesTo Engine
Component LoginManager
Priority Normal
CurrentState New
WaitingFor

Checkins

TargetRelease n/a
ReleasedIn

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions
Topic revision: r4 - 2010-08-16 - StefanWalter
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2018 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback