From 1acc6411faca4048fa5e9d85019bf39dd08c1649 Mon Sep 17 00:00:00 2001 From: Colin Kuskie Date: Thu, 8 Sep 2011 19:34:52 -0700 Subject: [PATCH] encryptLogin should not trump showMessageOnLogin. Fixes bug #12245. --- docs/changelog/7.x.x.txt | 1 + lib/WebGUI/Auth.pm | 32 +++++++++++++++++++------------- 2 files changed, 20 insertions(+), 13 deletions(-) diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt index 77d7880fe..2d86cd654 100644 --- a/docs/changelog/7.x.x.txt +++ b/docs/changelog/7.x.x.txt @@ -10,6 +10,7 @@ - fixed #12246: Layout inherits mobileStyleTemplateId and mobileTemplateId from parent Layouts - fixed #12246: added extra_www_add_properties as properties fix-up hook in child for www_add - fixed #12231: Thingy reindex fails on upgrade + - fixed #12245: Encrypt Login and Display Message on Login conflict 7.10.22 - rfe #12223: Add date type to content profiling (metadata) diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm index acf003d03..4cd99db95 100644 --- a/lib/WebGUI/Auth.pm +++ b/lib/WebGUI/Auth.pm @@ -32,6 +32,7 @@ use WebGUI::Workflow::Instance; use WebGUI::Shop::AddressBook; use WebGUI::Inbox; use WebGUI::Friends; +use URI; # Profile field name for the number of times the showMessageOnLogin has been # seen. @@ -894,12 +895,6 @@ sub login { $u->karma($self->session->setting->get("karmaPerLogin"),"Login","Just for logging in.") if ($self->session->setting->get("useKarma")); $self->_logLogin($uid,"success"); - if ($self->session->setting->get('encryptLogin')) { - my $currentUrl = $self->session->url->page(undef,1); - $currentUrl =~ s/^https:/http:/; - $self->session->http->setRedirect($currentUrl); - } - # Run on login my $command = $self->session->config->get("runOnLogin"); if ($command ne "") { @@ -927,6 +922,11 @@ sub login { $self->session->http->setRedirect($self->session->setting->get("redirectAfterLoginUrl")); $self->session->scratch->delete("redirectAfterLogin"); } + elsif ($self->session->setting->get('encryptLogin')) { + my $currentUrl = $self->session->url->page(undef,1); + $currentUrl =~ s/^https:/http:/; + $self->session->http->setRedirect($currentUrl); + } # Get open version tag. This is needed if we want # to reclaim a version right after login (singlePerUser and siteWide mode) @@ -1100,20 +1100,26 @@ sub showMessageOnLogin { # Add the link to continue my $session = $self->session; - $session->log->warn("returnUrl: >".$self->session->form->get( 'returnUrl' )."<"); - $session->log->warn("redirectAfterLoginUrl: >".$self->session->form->get( 'returnUrl' )."<"); - my $redirectUrl = $self->session->form->get( 'returnUrl' ) - || $self->session->setting->get("redirectAfterLoginUrl") - || $self->session->scratch->get( 'redirectAfterLogin' ) - || $self->session->url->getBackToSiteURL + my $redirectUrl = $session->form->get( 'returnUrl' ) + || $session->setting->get("redirectAfterLoginUrl") + || $session->scratch->get( 'redirectAfterLogin' ) + || $session->url->getBackToSiteURL ; + if ($session->setting->get('encryptLogin') && ( ! $redirectUrl =~ /^http/)) { + ##A scheme-less URL has been supplied. We need to make it an absolute one + ##with a non-encrypted scheme. Otherwise the user will stay in SSL mode. + ##We assume that the user put the gateway URL into their URL. + my $uri = URI->new_abs($redirectUrl, $session->url->getSiteURL); + $uri->scheme('http'); + $redirectUrl = $uri->as_string; + } $output .= '

' . $i18n->get( 'showMessageOnLogin return' ) . '

' ; # No matter what, we won't be redirecting after this - $self->session->scratch->delete( 'redirectAfterLogin' ); + $session->scratch->delete( 'redirectAfterLogin' ); return $output; }