action #89710
closedAdd redirection after login compatible to the new IDP login system size:M
0%
Description
Motivation¶
Before there was a new IDP login system put in place at SUSE redirection to the page where a user started a login from still worked. This seems to have regressed as the user is always redirected to the openQA index page after login, see #68287 . We can try to support the new IDP login system with adding necessary config to the openid.return-to value or something
Acceptance criteria¶
- AC1: After login from a subpage, e.g. /tests, the user is redirected to the same page
Suggestions¶
- Try the suggestion from #68287#note-5
- Configure local instance to use the openID authentication, try it out, mock for tests
Updated by okurz almost 4 years ago
- Related to tickets #68287: openqa redirects to startpage after login since new IDP was introduced added
Updated by dheidler over 3 years ago
https://progress.opensuse.org/issues/68287 #68287 was rejected with the note that this is something we can fix.
So I would increase the priority here and handle it in the next estimating.
Updated by okurz over 3 years ago
- Subject changed from Add redirection after login compatible to the new IDP login system to Add redirection after login compatible to the new IDP login system size:M
- Description updated (diff)
- Status changed from New to Workable
- Priority changed from Low to Normal
- Target version changed from future to Ready
Updated by dheidler over 3 years ago
- Status changed from Workable to In Progress
- Assignee set to dheidler
Updated by dheidler over 3 years ago
- Status changed from In Progress to Feedback
Updated by livdywan over 3 years ago
dheidler wrote:
Did you test that this works in production? I just tried to visit https://openqa.opensuse.org/admin/users which prompted me to login and then sent me back to the homepage.
Updated by dheidler over 3 years ago
It works when you are on a non-admin page before you login.
It seems that the automated redirect to login that happens when accessing an admin page without being already logged in is not working.
I will have a look.
Updated by dheidler over 3 years ago
- Status changed from Resolved to In Progress
Updated by dheidler over 3 years ago
The problem is that if an admin-only or operator-only page is accessed without a session the user is redirected to /login
:
sub ensure_operator {
my ($self) = @_;
$self->redirect_to('login') and return undef unless $self->current_user;
$self->render(text => "Forbidden", status => 403) and return undef unless $self->is_operator;
return 1 if $self->req->method eq 'GET' || $self->valid_csrf;
$self->render(text => 'Bad CSRF token!', status => 403);
return undef;
}
sub ensure_admin {
my ($self) = @_;
$self->redirect_to('login') and return undef unless $self->current_user;
$self->render(text => "Forbidden", status => 403) and return undef unless $self->is_admin;
return 1 if $self->req->method eq 'GET' || $self->valid_csrf;
$self->render(text => 'Bad CSRF token!', status => 403);
return undef;
}
When a 302-redirect is performed, the browser is sending the original referrer (the page that the user was on before he clicked the link pointing to the admin page) and not the admin page itself, which initiated the redirect.
Updated by dheidler over 3 years ago
- Status changed from In Progress to Feedback