Let me explain the situation before I ask the question. I have a site, domain.com. the page sub.domain.com requires a user to be logged in to access. If I allow access to sub.domain.com/login which provides a form whose action is domain.com/login, it sends the data to domain.com/login and redirects back to sub.domain.com/login like it should. However, if I try to access sub.domain.com (which requires authentication) it redirects to domain.com/login correctly, but doesn't redirect back to sub.domain.com after logging in. I found the error to be that the redirect when not logged in wasn't sending the referrer header. Is there a way to make it so that if a user tries to access a page on a subdomain that requires authentication, that it will redirect him to domain.com/login, then back to where he originally was?
Does redirect always need to redirect back to sub.domain.com? If so, i'd suggest setting the AuthComponents loginRedirect attribute to the location you want the user to be redirected to. See this page: http://book.cakephp.org/1.3/en/view/1270/loginRedirect
Also, that page says that CakePHP automatically stores the controller-action pair you were accessing before the login in your session. So maybe you should also check whether your session is shared between the domain.com and sub.domain.com.
One final comment: what does happen after login? Are you redirected to the controller/action on domain.com or aren't you redirected at all?
NOTE: I'm assuming you're using CakePHP 1.3 and use the AuthComponent for logging users in.
Ok, it all had to do with routes. I finally was able to get it working by setting up a switch statement in my routes.php file:
switch(Configure::read('subdomain'))
{
case 'subdomain':
Router::connect('/login', array('controller'=>'users', 'action'=>'login'));
}
And set up my bootstrap like so:
preg_match('/^(?:www\.)?(?:(.+)\.)?(.+\..+)$/i', env('HTTP_HOST'), $matches);
$subdomain = empty($matches[1]) ? false : $matches[1];
if( strlen($subdomain) > 0 && $subdomain != "www" )
{
if($subdomain == 'api')
$_GET["url"] = $subdomain . "/" . (isset($_GET["url"]) ? $_GET["url"] : "");
Configure::write('subdomain', $subdomain);
}
Related
Related to MSAL.js
While using MSAL.js for single sign on for azure active directory, we use loginredirect method from MSAL to redirect user, it redirect to 'null' URL. I don't know why it happen but it come from MSAL library.
We use idtoken (new Msal.IdToken(localStorage["msal.idtoken"]);) method to decode token, when we use version 0.1.1 it works fine, when upgrade the version 0.1.3 it returns error "Msal.IdToken is not a constructor". I can't understand how to call the method.
One more issue with MSAL.js is, when we provide credential for login, login does not redirect to my application, I don't understand why it is looping in login page after entering correct credential.
When we logout and again try to login, it loop on login page.
We use 'if (errorDesc != null && errorDesc.indexOf("AADB2C90118") > -1) ' because we also do forgetpassword functionality.
Below the code which we implemented for redirection
var clientApplication = new Msal.UserAgentApplication(applicationConfig.clientID, applicationConfig.authority, authCallback, { cacheLocation: 'localStorage' });
function authCallback(errorDesc, token, error, tokenType) {
if (errorDesc != null && errorDesc.indexOf("AADB2C90118") > -1) {
clientApplication.authority = applicationConfig.passwordAuthority;
}
login();
}
function login() {
clientApplication.loginRedirect(applicationConfig.b2cScopes);
}
Please give me solution for this problems.
MSAL.js already takes care of expiracy, and the IDToken is used as a token cache key. It's not supposed to be used to get information about the user (if you want to do that, it's better to call the Microsoft Graph Me endpoint.
Also note that the IDToken is not signed, and therefore, in case of compromission of something on the line (chall you don't have a guaranty that its inf
I need to catch/stop/do own stuff before redirection to the security.yml´s login_path when user is not signed in. Security example:
access_control:
- { path: ^/xy, role: ROLE_USER }
I tried to use kernel.request and kernel.controller services but these both actions are triggered after the redirection. I just need to do some own stuff, but every time I go to /xy (not signed), I am instantly redirected to login_path. And I am unable to stop it. We are using FOSUserBundle.
Thanks for help!
Define an event listener on kernel.request, then check if you are inside the appropriate page (the login page, in your case), then do whatever you want with the response (redirect, create a new response, you name it)
I want that users have to login before seeing other pages. If they try to access some other page, they have to login first.
I tried using the following, but it keeps giving me an HTTP Status 401 - Access Denied error.
http.csrf().disable().exceptionHandling()
.authenticationEntryPoint(unauthorizedHandler).and()
.formLogin().loginPage("/login").successHandler(authSuccess)
.failureHandler(authFailure).and().authorizeRequests()
.antMatchers("/login", "/#/login", "/login.html", "/login.jsp", "login", "/login")
.permitAll().anyRequest().authenticated();
Since I am using angularjs, it might have to be something with that. I however still tried to add the /#/login part, but still without any good result.
You can achieve this using routing. Have a look at the below code.
app.run(function($rootScope, $location,cacheLogOut) {
// register listener to watch route changes
$rootScope.$on("$routeChangeStart", function(event, next, current) {
if ($rootScope.loggedUser == null) {
// no logged user, we should be going to #login
if (next.templateUrl == "login.html") {
// already going to #login, no redirect needed
} else {
// not going to #login, we should redirect now
$location.path("/login");
}
}
});
});
This is borrowed from Redirecting to a certain route based on condition. I am using it for redirecting to the login page if the user is not logged in. The $rootScope.loggedUser value is set once the user is logged in.
this is my situation:
I have a lang function in mi PluginAppController, where it change the locale language and it is redirected to the referer page.
I have a flag's images menu where users can do clic over them to change language too.
Then, because I have an authentication system, I want to allow users run only this action ('lang').
The problem is that my system takes the URL, but it is the referer URL, because at the end of the lang action I redirect to the referer, so I can't allow or deny this action.
My lang action code:
public function lang($lang = 'spa'){
$this->Session->write('Config.language', $lang);
$this->redirect($this->referer());
}
Do you want to allow the access to an action named "lang"?
Then put this in your beforeFilter (AppController, not your plugin's AppController)
$this->Auth->allow('lang')
Of course, this is assuming you don't have another action in your app with that name, in which case you need to check the request and determine if it is coming from your plugin
if ($this->request->params['plugin'] == 'yourPlugin' && $this->request->params['controller'] == 'controllerOfYourPlugin') {
$this->Auth->allow('lang');
}
I have a link on the main page that is only accessible if they are logged in. However, if this link is clicked, I want to show a custom error message on the login page (a custom 'Message.auth').
i.e. I want (pseudo code)
if (referer == '/users/reserve'){
Message.auth = 'Please log in to reserve tickets';
}
else {
Message.auth = 'Please log in to access that page';
}
Where would I put this bit of code?
Provided you have auth flash messages being output in the login view, this should work:
// login action of users_controller.ctp
if ($this->Session->check('Auth.redirect')
&& $this->Session->read('Auth.redirect') == '/users/reserve') {
$this->Session->write('Message.auth', 'Please log in to reserve tickets');
}
to get referer you can call $this->referer() to get the referring URL then pass that value to your view.
see: referer