Regression related to InvalidArgumentException

Created on 25 October 2023, about 1 year ago
Updated 14 August 2024, 4 months ago

It looks like https://www.drupal.org/project/r4032login/issues/3256427 β†’ is an issue again in 2.2.1 on 10.1.5.

InvalidArgumentException: The user-entered string 'saml_login' must begin with a '/', '?', or '#'. in Drupal\Core\Url::fromUserInput() (line 216 of /code/web/core/lib/Drupal/Core/Url.php).

Problem/Motivation

While the field description does say "Include the leading slash", failing to do so shouldn't result in a fatal error.

Steps to reproduce

  1. Go to /admin/config/system/r4032login/settings/anonymous
  2. Enter `saml_login` in the edit-user-login-path field
  3. Click Save configuration

What you'd expect to happen is the form would either post or a validation error describing what's wrong with the values. Instead, it returns a fatal error logging the InvalidArgumentException.

Proposed resolution

Add validation to the form or add / to value before attempting to process it.

πŸ› Bug report
Status

Needs review

Version

2.2

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States kreynen

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Merge Requests

Comments & Activities

  • Issue created by @kreynen
  • First commit to issue fork.
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.1.x + Environment: PHP 8.1 & MySQL 8
    last update about 1 year ago
    47 pass, 2 fail
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 10.1.x + Environment: PHP 8.1 & MySQL 8
    last update about 1 year ago
    49 pass
  • πŸ‡΅πŸ‡±Poland ad0z

    I think validation condition is overcomplicated:

          // Check the path validity
          // and whether the anonymous user can access the entered path.
          if (!UrlHelper::isExternal($r4032loginUserLoginPath)
            && (($r4032loginUserLoginPath != '<front>') || ($r4032loginUserLoginPath = Url::fromRoute($r4032loginUserLoginPath)->toString()))
            && (!$this->pathValidator->getUrlIfValidWithoutAccessCheck($r4032loginUserLoginPath)
              || !($url = Url::fromUserInput($r4032loginUserLoginPath))
              || !$url->access(User::getAnonymousUser()))
          ) {
    

    The mentioned exception is throw by UrlHelper::isExternal, to check if url is external we could use:

    $url = $this->pathValidator->getUrlIfValidWithoutAccessCheck($r4032loginUserLoginPath);
    $url->isExternal();
    

    I've created fork and merge request to 2.x which simplify this condition and update form element description which is outdated after this change. Updated test as well, as it was failing.

  • Status changed to Needs review about 1 year ago
  • Status changed to Needs work 5 months ago
  • πŸ‡ΊπŸ‡ΈUnited States nmangold United States

    Although this fixes the exception, it allows for the path to be entered without the leading slash, which results in a fatal error when the user is redirected.

    Also, the steps to reproduce as written requires the path saml_login to exist. The issue can be reproduced by simply removing the leading slash from the default value, /user/login path, and submitting the form.

  • πŸ‡΅πŸ‡±Poland ad0z

    ad0z β†’ changed the visibility of the branch 3396702-regression-related-to to hidden.

  • Pipeline finished with Failed
    4 months ago
    Total: 645s
    #254344
  • Pipeline finished with Failed
    4 months ago
    Total: 203s
    #254369
  • Pipeline finished with Failed
    4 months ago
    Total: 415s
    #254371
  • Pipeline finished with Success
    4 months ago
    #254379
  • Status changed to Needs review 4 months ago
  • πŸ‡΅πŸ‡±Poland ad0z

    Updated MR to add leading zero for internal urls if not available, added mentioned scenario to tests cases as well.

Production build 0.71.5 2024