CakeDC / users

Users Plugin for CakePHP
https://www.cakedc.com
Other
520 stars 296 forks source link

CakeDC Users plugin returns full request URL instead of just path part #1002

Closed TerryKern closed 1 year ago

TerryKern commented 1 year ago

CakePHP: 4.x (in upgrade process from 3.x) CakeDC/Users plugin: 9.3.1 (in upgrade process from 8.5.x)

We noticed during out upgrading that the behaviour of the login redirect has changed. Before, with CakePHP 3.x, the login redirect URL contained only the path part of the requested URL. With CakePHP 4.x and the new Users plugin, it returns the full request URL.

CakePHP 3.x: /login?redirect=%2Fcontroller-name%2Faction-name%2F1 CakePHP 4.x: /login?redirect=http%3A%2F%2Flocalhost%2Fcontroller-name%2Faction-name%2F1

Is there a particular reason for this behaviour change? Also, it seems the redirect handlers of CakePHP Authorization plugin behave differently (like before). If not, could the behaviour be adjusted to CakePHP's behaviour?

CakeDC/Users plugin redirect handler returns the full URL as login redirect query parameter https://github.com/CakeDC/users/blame/11.1.0/src/Middleware/UnauthorizedHandler/DefaultRedirectHandler.php#L81

Before, CakeDC/Users plugin used CakePHP Authorization plugin's CakeRedirect handler https://github.com/CakeDC/users/commit/ed009e96b35ff0f9934d8672297a50f33e371a1e#diff-edbb01d537d2d3f2f3c4988703da9866d7065bcf689034316f75a9f1a1f10707L202

Both CakePHP Authorization plugin redirect handlers return only the path (and query parameters) as login redirect query parameter https://github.com/cakephp/authorization/blob/90c3a6556d2263b4a1970dfad8110ba06fba197f/src/Middleware/UnauthorizedHandler/RedirectHandler.php#L103-L107 https://github.com/cakephp/authorization/blob/90c3a6556d2263b4a1970dfad8110ba06fba197f/src/Middleware/UnauthorizedHandler/CakeRedirectHandler.php#L71-L75

The CakePHP Authorization plugin redirect handlers changed their behaviour in the following commit: https://github.com/cakephp/authorization/commit/1569b7cde9f0a9c7b81404830fd03405919fc1a7