Redirect to login page for authenticated user can cause redirect loop

Created on 30 August 2017, almost 7 years ago

Updated 16 March 2023, over 1 year ago

Problem/Motivation

When the user is authenticated and in the blacklist of urls there is path like /admin/* , user will get redirect loop because there is no check for authentication when trying to redirect to login page.

Proposed resolution

As it is said in the settings form for "Access denied action" Redirect to the login page: "Action to be performed when access is permitted by role, but the user is not logged in." it is needed to check if the user is logged in before redirecting to login page in Event Subscriber.

Remaining tasks

- review the patch

User interface changes

- no changes

API changes

- I propose to add getCurrentUser method to RestrictIpService to avoid injecting current_user service into EventSubscriber, because it is already injected into restrictip service.

Data model changes

- no changes

🐛 Bug report

Status

Needs review

Version

3.0

Component

Code

Created by

🇩🇪Germany a.dmitriiev

Live updates comments and jobs are added and updated live.

Incomplete comments

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

First commit to issue fork.
@hosterholz opened merge request.
Status changed to Needs review over 1 year ago10:28am 13 March 2023
Comment over 1 year ago →
🇩🇪Germany Anybody Porta Westfalica
Comment over 1 year ago →
🇩🇪Germany Anybody Porta Westfalica
@a.dmitriiev is this still an issue in 4.x? Then we should switch the version.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024