search

dachcom-digital / pimcore-members

Pimcore Object, Asset and Document Restriction & Frontend Authentication
Other
54 stars 34 forks source link

Redirect after successfull login back to requested page does not work #133

Closed Sonja-Schubert closed 4 years ago

Sonja-Schubert commented 4 years ago
Q A
Bug report? yes
Feature request? no
BC Break report? no
RFC? no

Symfony: 3.4.38 Pimcore: 6.3.6 CMF: 2.5.3 Members: 3.1.0

Hi There, I've Members with Customer Management Framework running with Login, Logout and have several restricted Documents. As soon as I call a restricted document I am redirected to /members/login route. After pressing the login button, my user is logged in and I will be forwarded to the route defined in symfony config option "default_target_path". But I did not set this option neither does the members bundle. It's just the default value "/". Now I can call the restricted document manually and I am allowed to see it. But as described on symfony doc page (https://symfony.com/doc/3.4/security/form_login.html), after logging in I want to be redirected back to my first called restricted document. It seems there is no session information so the "default_target_path" is used.

bin/console debug:config security shows this: members_fe: pattern: '^/(?!(admin)).*$' logout_on_user_change: true provider: members form_login: login_path: members_user_security_login check_path: members_user_security_check csrf_token_generator: security.csrf.token_manager remember_me: true use_forward: false require_previous_session: false username_parameter: _username password_parameter: _password csrf_parameter: _csrf_token csrf_token_id: authenticate post_only: true always_use_default_target_path: false default_target_path: / target_path_parameter: _target_path use_referer: false failure_path: null failure_forward: false failure_path_parameter: _failure_path logout: path: members_user_security_logout invalidate_session: false target: / csrf_parameter: _csrf_token csrf_token_id: logout delete_cookies: { } handlers: { } anonymous: secret: null user_checker: MembersBundle\Security\UserChecker guard: authenticators:

Now my question: Is this a bug? Is any configuration needed? In this case a piece of documentation would be great.

Thank you and kind regards, Sonja

solverat commented 4 years ago

@Sonja-Schubert I just committed something to allow such redirects (https://github.com/dachcom-digital/pimcore-members/commit/8eca177c87f85da070308dc80704233ad825789e).

From now on the user will be redirected (via _target_path in query) to the desired, protected page if the login was successful.

This will be available in release 3.1.1.