[MAGNOLIA-5955] RedirectClientCallback may duplicate the parameter in url and double the '?' Created: 16/Oct/14  Updated: 19/May/22  Resolved: 19/May/22

Status: Closed
Project: Magnolia
Component/s: security
Affects Version/s: 5.3.4
Fix Version/s: None

Type: Bug Priority: Neutral
Reporter: Eric Hechinger Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: File MAGNOLIA-5955.patch    
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

When the session has expired, the user has to be redirected to login page.
Once the user is logged again, he has to be redirected to the last visited page. To do so we:

  • Add node /server/filters/securityCallback/clientCallbacks/cma-project@location=/cma-project/cma-login?continue= {0}
  • Add node /server/filters/securityCallback/clientCallbacks/cma-project@class=info.magnolia.cms.security.auth.callback.RedirectClientCallback

Issue is that RedirectClientCallback duplicate the parameter:

                if (StringUtils.isNotBlank(parameterString)) {
                    // cut off trailing "&"
                    url += StringUtils.contains(url, "?") ? "" : "?" + StringUtils.substringBeforeLast(parameterString, "&");
                    target += StringUtils.contains(target, "?") ? "" : "?" + StringUtils.substringBeforeLast(parameterString, "&");
                }

For example:
User was on
http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73
and the session has expired. He has to be redirected to
http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-login?continue=http%3A%2F%2Flocalhost%3A8080%2Fcma-extranet-project-webapp%2Fcma-project%2Fcma-document.html%3Flocale%3Den%26uuid%3De6b4459f-b10a-448b-ac5d-aed8d5b2bb73?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73

unfortunately the url created is the following:

http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73 but I've got http://localhost:8080/cma-extranet-project-webapp/cma-project/cma-document.html?locale=en&uuid=e6b4459f-b10a-448b-ac5d-aed8d5b2bb73?locale=en



 Comments   
Comment by Philip Mundt [ 16/Oct/14 ]

Add patch MAGNOLIA-5955.patch for test cases that tests the above scenario.

Comment by Roman Kovařík [ 19/May/22 ]

Hello,

This ticket is now marked as closed due to one of the following reasons:

  • A long period of inactivity
  • Uses an old or Beta version of an application, module, or framework that we no longer support
  • The issue is no longer reproducible or has been fixed in later versions

If you are still facing a problem or consider this issue still relevant, please feel free to re-open the ticket and we will reach out to you.

Thank you,
The Magnolia Team

Generated at Mon Feb 12 04:09:57 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.