Uploaded image for project: 'Magnolia'
  1. Magnolia
  2. MAGNOLIA-5955

RedirectClientCallback may duplicate the parameter in url and double the '?'

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Neutral
    • None
    • 5.3.4
    • security
    • None

    Description

      When the session has expired, the user has to be redirected to login page.
      Once the user is logged again, he has to be redirected to the last visited page. To do so we:

      • Add node /server/filters/securityCallback/clientCallbacks/cma-project@location=/cma-project/cma-login?continue= {0}
      • Add node /server/filters/securityCallback/clientCallbacks/cma-project@class=info.magnolia.cms.security.auth.callback.RedirectClientCallback

      Issue is that RedirectClientCallback duplicate the parameter:

                      if (StringUtils.isNotBlank(parameterString)) {
                          // cut off trailing "&"
                          url += StringUtils.contains(url, "?") ? "" : "?" + StringUtils.substringBeforeLast(parameterString, "&");
                          target += StringUtils.contains(target, "?") ? "" : "?" + StringUtils.substringBeforeLast(parameterString, "&");
                      }
      

      For example:
      User was on
      http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73
      and the session has expired. He has to be redirected to
      http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-login?continue=http%3A%2F%2Flocalhost%3A8080%2Fcma-extranet-project-webapp%2Fcma-project%2Fcma-document.html%3Flocale%3Den%26uuid%3De6b4459f-b10a-448b-ac5d-aed8d5b2bb73?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73

      unfortunately the url created is the following:

      http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73 but I've got http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73?locale=en

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              Unassigned Unassigned
              ehechinger Eric Hechinger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Bug DoR
                  Task DoD