search

ZF-Commons / ZfcUser

A generic user registration and authentication module for ZF2. Supports Zend\Db and Doctrine2. (Formerly EdpUser)
BSD 3-Clause "New" or "Revised" License
497 stars 343 forks source link

Redirect paramater does not work #658

Open ivok opened 7 years ago

ivok commented 7 years ago

I am using zfcuser on ZF3 and when pass a redirect parameter to login page it does not work. In zf2 I did not have any problems. Example: /user/login?redirect=/about

Also, if I enter dummy data in form and the forms fails, but the redirect param disappererd.

ivok commented 7 years ago

Why the redirect param in query/post expects a value which is the name of the route? The getRedirect() method assembles the route by its name and return redirect string. In that way you can redirect only to a named route not a url. If I want to redirect to e specific url, let say .../product/sample-product-one, I actualy cant do this because the getRedirect() and query param "redirect" expects a name of route not a specific endpoint?

The getRedirect() method also brakes at switch statement. If I send trough redirect param a valid route name like "home/about" it is transformed to "%2Fhome%2Fabout" and the assemble() method of the router fails becouse it cannot match route name. It should be urldecoded before trying to assemble

Also the method routeExists() returns always false, no matter that I passed a valid route name, for the same reasons above?

To make this functionality partialy works, I had to refactor routeExists() method and getRedirect() method also.

But the big problem persist. In that way, we cannot redirect user to a specific url... not a named route. I want to redirect user on a specific product/article/page with id/slug/param.

Perfect-Web commented 7 years ago

i confirm that 2.x on zf3 doesnt work, i have the same problem

ivok commented 7 years ago

https://github.com/ivok/ZfcUser/tree/redirect

Here I have a possible solution with added availability of passing not only route names but a specific url route

ivok commented 7 years ago

@Perfect-Web You can use my fork as you have to point to redirect branch. But I did not made any tests. It works for me now, but not sure what future problems may occur 

"require": {
       ...
       "zf-commons/zfc-user": "dev-redirect"
}
"repositories": [
        {
            "type": "vcs",
            "url": "git@github.com:ivok/ZfcUser.git"
        }
    ],
imonteiro commented 7 years ago

Hi @ivok

I have the same issue with ZF2 (using ZfcUser v1.4.4). With your branch the redirect works as expected.

It's a very strange behavior... it's a bug? or I'm missing something?

ivok commented 7 years ago

@imonteiro This is not a bug. This is a good practice to allow only named routes. But in some cases I need this functionality and that is why I made this fork. But you have to be very careful for vulnerabilities.