Open jaitor1 opened 2 years ago
Lizmap version: 3.3.3
This is not a supported version. Can you try with latest 3.5.5 ?
3.3.3 is very old, released in december 2019 ... https://github.com/3liz/lizmap-web-client/releases/tag/3.3.3
I installed version 3.5.5 on my server and I get the exact same behaviour.
You can check it yourself: http://eudala2.getxo.eus/lizmap35/admin.php/auth/login/in?&auth_login=borrar&auth_password=borrar_test&auth_url_return=%2Flizmap35%2Findex.php%2Fview%2Fmap%2F%3Frepository%3Dtest%26project%3Dtest
After some test it seems that the url return param generate a redirection in all cases (user logged or not) when used in the auth/login/ url (not /in which is uses to process login form) In my case the following Url worked in lizmap 3.5 , can you try it ?
in old version (3.3) behaviour is still the same with le login/ url
After some test it seems that the url return param generate a redirection in all cases (user logged or not) when used in the auth/login/ url (not /in which is uses to process login form) In my case the following Url worked in lizmap 3.5 , can you try it ?
in old version (3.3) behaviour is still the same with le login/ url
@nworr thanks for your input.
Seems like in v3.5 the url you are giving (/auth/login?) redirects ok to map once you are logged in. But it is not different from going directly to the map (http://eudala2.getxo.eus/lizmap35/index.php/view/map/?repository=test&project=test) as you are already logged in. The url (/auth/login?) does not log in so does not really solve the problem.
A working URL should loginn and after that redirect to the map, all in one unique URL. If you are already logged in, just redirect to the map.
In v.3.3, as you mention, (/auth/login?) is not even redirecting to the map after you are logged in.
According to me, there can't be a unique URL with the desired behaviour, When not authenticated the aut_* params are used to perform a non-interactive login and redirect to a provided url , but once the user is authenticated, the login form is out of sense , so all de log in process is ignored.
Maybe a trick can be made using a public project and a custom javascript wich detect if user is connected and redirect browser to the project URL or the login URL with auth_* params
When not authenticated the aut_* params are used to perform a non-interactive login and redirect to a provided url , but once the user is authenticated, the login form is out of sense , so all de log in process is ignored.
The problem is that this non-interactive login is not working properly as you need to click the url twice to make it work. First call takes you to the manual login form site. Second time logins ok and redirects ok: http://eudala2.getxo.eus/lizmap35/admin.php/auth/login/in?&auth_login=borrar&auth_password=borrar_test&auth_url_return=%2Flizmap35%2Findex.php%2Fview%2Fmap%2F%3Frepository%3Dtest%26project%3Dtest
but once the user is authenticated, the login form is out of sense , so all de log in process is ignored.
This should be the proper behaviour but it is not working like that as it carries you to the admin panel if you continue clicking the link.
P.S.: I can't remove the feeback tag
This issue is missing some feedbacks. 👻 Please have a look to the discussion, thanks. 🦎
This issue is missing some feedbacks. 👻 Please have a look to the discussion, thanks. 🦎
Can someone remove the feedback tag? I have already provided feedback
What is the bug?
Continuation of #1980 and #1957 as they were closed and I am still experiencing the issue.
When using auth URL params (auth_login, url_password and auth_url_return) redirections not working properly.
I created a test map and dumb user/pass for this test. I modified the login form and added the allowAnyOrigin="true" to be able to log in via url parms. Don't worry about security, it is only used within a local network, in a controlled environment:
http://eudala2.getxo.eus/lizmap/www/admin.php/auth/login/in?&auth_login=borrar&auth_password=borrar_test&auth_url_return=%2Flizmap%2Fwww%2Findex.php%2Fview%2Fmap%2F%3Frepository%3Dtest%26project%3Dtest
First time you click on the link you get redirected to the login website. It does not log in although I have already entered the user and pass via URL params and it does not redirect to the specified map neither. I'm not sure if this particular misbehavior is a lizmap issue or a security misconfiguration in the administration I work for.
But second time you click on the link you get logged in correctly and redirected to the map properly.
Third time + you are already logged in correctly but you get always redirected to the admin website instead of to the map.
In short, it only works the second time you hit the link.
Steps to reproduce the issue
Already specified in bug description.
Versions
Check Lizmap plugin
QGIS server version, only if the section above doesn't mention the QGIS Server version
3.10
Operating system
Windows Server 2016
Browsers
Firefox, Chrome, Safari, Microsoft Edge
Browsers version
90
Relevant log output
No response