Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error with not logged redirection #638

Closed
jusabatier opened this issue Aug 8, 2023 · 13 comments · Fixed by #665 or #673
Closed

Error with not logged redirection #638

jusabatier opened this issue Aug 8, 2023 · 13 comments · Fixed by #665 or #673

Comments

@jusabatier
Copy link
Contributor

Describe the bug

In the last release (2023.02.00-RC2-geOrchestra), the redirect if not connected function doesn't work with georchestra.

#415

To Reproduce

Steps to reproduce the behavior:

  1. Open a context with specific access restriction when not logged
  2. The redirect url is '/?login='
  3. So we get a redirection error since the root domain isn't intercepted by georchestra

Expected behavior

We should be redirected to georchestra's CAS login, then to the context.

Screenshots

Capture.video.du.08-08-2023.10.06.44.webm

@catmorales @MaelREBOUX @landryb @tdipisa

@landryb
Copy link
Member

landryb commented Aug 8, 2023

trying here from https://FQDN/mapstore/#/context/all_plugins/106 i get a proper redirection to /cas/login?service=https://FQDN/login/cas, but if logging in i'm not redirected to the previous url but to https://FQDN/header/ which is clearly not what we want either.

@landryb
Copy link
Member

landryb commented Aug 8, 2023

to be fully clear, from my understanding what happens is:

  • /mapstore/rest/geostore/data/106 returns a 403
  • then a request to https://FQDN/?login is done by mapstore
  • which returns a 302 with a Location header pointing at https://FQDN/cas/login?service=https://FQDN/login/cas
  • and the user is presented with the cas login page

@jusabatier
Copy link
Contributor Author

I think you have a proper redirect because your FQDN root is handled by your security proxy ?

Here I have a Wordpress on the root of my FQDN, so only georchestra's path are proxied to SP (header, console, mapstore, etc...), so if mapstore want to be redirected to login by SP it should use /mapstore/?login

I think lot of platforms use the FQDN root as a portal not handled by georchestra's SP so a georchestra's app shoud use it's own path to trigger the login.

@landryb
Copy link
Member

landryb commented Aug 8, 2023

well if that's the case i think you can configure it via localConfig.json (untested but cf geosolutions-it/MapStore2#9298)

"miscSettings": {
     "loginPage": "/?login"  // example
}

miscSettings section is just above plugins .. but looking at the code in the PR loginPage doesnt seem to be used anywhere, and it's not in the documentation near homePage so ... @dsuren1 ? was that lost during dev ?

@landryb
Copy link
Member

landryb commented Aug 8, 2023

it'd be nice to have an explanation of what's the usecase of homePage vs loginPage if both exist.

@dsuren1
Copy link
Collaborator

dsuren1 commented Aug 8, 2023

well if that's the case i think you can configure it via localConfig.json (untested but cf geosolutions-it/MapStore2#9298)

"miscSettings": {
     "loginPage": "/?login"  // example
}

miscSettings section is just above plugins .. but looking at the code in the PR loginPage doesnt seem to be used anywhere, and it's not in the documentation near homePage so ... @dsuren1 ? was that lost during dev ?

I have updated the referred PR to avoid confusion. That configuration is not valid and redirection is handled in geOrchestra directly. Currently redirection to login is done by appending /?login to host, probably it should be set this way /mapstore/?login to at least redirect to /mapstore upon login

@landryb
Copy link
Member

landryb commented Aug 8, 2023

right, got it - so that's hardcoded to /?login in https://github.com/georchestra/mapstore2-georchestra/blob/master/js/epics/login.js#L12 for now

@jusabatier
Copy link
Contributor Author

Can it be updated to /mapstore/?login ?

Maybe a way to handle the redirect after login is to use localStorage to store the last requested context :

  1. Mapstore register the requested context in localStorage before redirect to /masptore/?login
  2. User is redirected to CAS, and after login to /mapstore/ (the default context)
  3. If a requested context is registered in localStorage, the default context redirect to this one and remove it from localStorage

@jusabatier
Copy link
Contributor Author

Can it be updated to /mapstore/?login ?

@tdipisa @catmorales Any news about this ?

It's very anoying as currently our users are redirected to an error page if they're not connected.
This is a part of the MS2 and is currently not functional. Can you at least perform this correction to not have an error page ?

And maybe have a return for my previous suggestion ?

@tdipisa
Copy link
Collaborator

tdipisa commented Nov 8, 2023

@jusabatier
we have schedule a fix for next week. We will keep you posted. Thank you.

dsuren1 added a commit to dsuren1/mapstore2-georchestra that referenced this issue Nov 13, 2023
@dsuren1 dsuren1 linked a pull request Nov 13, 2023 that will close this issue
@ElenaGallo ElenaGallo self-assigned this Nov 24, 2023
dsuren1 added a commit to dsuren1/mapstore2-georchestra that referenced this issue Nov 30, 2023
tdipisa added a commit that referenced this issue Nov 30, 2023
[Backport 2023.02.xx] #638: Redirect to requested resource on login (#665)
@tdipisa
Copy link
Collaborator

tdipisa commented Dec 12, 2023

Update through #665 (comment)

@tdipisa tdipisa added Accepted and removed Accepted labels Dec 12, 2023
@tdipisa
Copy link
Collaborator

tdipisa commented Dec 12, 2023

@catmorales @jusabatier we didn't receive yet any feedback from you on this. Did you finally retest it? This update is also already included in the RC4 done by @f-necas

@jusabatier
Copy link
Contributor Author

Sorry, I tested it and it work well !

The redirection happen when not logged try to access a protected context, and the user is redirected to the context once logged in.
It also work with parameters (actions).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment