search

tbar0970 / jethro-pmm

Jethro Pastoral Ministry Manager
GNU General Public License v3.0
35 stars 25 forks source link

Jethro doesn't preserve explicit ports in URLs #847

Open Koopa001 opened 1 year ago

Koopa001 commented 1 year ago

I have Jethro v2.32.0 installed on a Debian 11 server. I have applied Fix (https://github.com/tbar0970/jethro-pmm/issues/828 - when installing, there is no current-password to verify). There are currently no reports saved. When accessing the jethro server via http or https on different ports in any combinattion other than https on port 443, creating a new report fails. (Everything else seems to work) When setting up the config.php and accessing the site using any of the following urls http://myserver.com/jethro/, http://myserver.com:xxx/jethro/, or https://myserver.com:xxx/jethro/. Clicking on the link to create a new report goes to the url https://myserver.com/jethro/?view=persons__reports&queryid=0&configure=1. Then on this page clicking on either of the save options fails to generate a report. However if I set up the server as https://myserver.com/jethro/ everything works fine.

tbar0970 commented 1 year ago

Thanks for reporting.

Can you have a look at your conf.php and see if REQUIRE_HTTPS is enabled? If so, Jethro should be redirecting you to the https version for every page. If not, then once you've started without HTTPS it should continue that way.

(Obviously, using https for production is strongly strongly recommended)

I can't see a reason why that "create report" link would be behaving differently to any other link in Jethro. Can you go to Groups > List All and see if the "create new group" link has the same problem?

When you say "on this page clicking on either of the save options fails to generate a report" - what result do you see instead? Do the "save" buttons simply do nothing?

Koopa001 commented 1 year ago

Thanks for you reply, I will correct something from my original post. My server is runnung Debian 10 not 11. Some of the behaviour has changed a little now that I have managed to generate an adhoc report. If REQUIRE_HTTP is set to FALSE then I can log in via http or https. It remains on which ever protocol and port I logged in using, until I click on the create new report link. This ignores the protocol and port I was using and opens the page http://myserver.com/jethro/?view=persons__reports&queryid=0&configure=1. If REQUIRE_HTTP is set to TRUE then when I attempt to log in using http on port 80 or another port I am redirected to https on port 443. If I attempt to log in using https on port 443 or another port I remain on https on the port that I specified until I click on the create new report link. This ignores the port I was using and opens the page https://myserver.com/jethro/?view=persons__reports&queryid=0&configure=1. As long as I have access to http on port 80 or https on port 443, whichever it goes to, I can see the page and format the report. This is where the behaviour has now changed since I managed to generate my first report. After clicking on either of the save report button I can see the generated report and it appears on the ?view=personsreports page. Prior to succesfully generating the first report clicking either of the save buttons took me back to the ?view=personsreports page and did not display a report and the ?view=persons__reports page showed no reports.

tbar0970 commented 1 year ago

Can you please check if the same problem occurs when trying to create a group

On Fri, 13 Jan 2023 at 12:46 am, Koopa001 @.***> wrote:

Thanks for you reply, I will correct something from my original post. My server is runnung Debian 10 not 11. Some of the behaviour has changed a little now that I have managed to generate an adhoc report. If REQUIRE_HTTP is set to FALSE then I can log in via http or https. It remains on which ever protocol and port I logged in using, until I click on the create new report link. This ignores the protocol and port I was using and opens the page http://myserver.com/jethro/?view=persons__reports&queryid=0&configure=1. If REQUIRE_HTTP is set to TRUE then when I attempt to log in using http on port 80 or another port I am redirected to https on port 443. If I attempt to log in using https on port 443 or another port I remain on https on the port that I specified until I click on the create new report link. This ignores the port I was using and opens the page https://myserver.com/jethro/?view=persons__reports&queryid=0&configure=1. As long as I have access to http on port 80 or https on port 443, whichever it goes to, I can see the page and format the report. This is where the behaviour has now changed since I managed to generate my first report. After clicking on either of the save report button I can see the generated report and it appears on the ?view=personsreports page. Prior to succesfully generating the first report clicking either of the save buttons took me back to the ?view=personsreports page and did not display a report and the ?view=persons__reports page showed no reports.

— Reply to this email directly, view it on GitHub https://github.com/tbar0970/jethro-pmm/issues/847#issuecomment-1380375337, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQI5LHCJ4I2KGWJGQZOPKLWSAC6HANCNFSM6AAAAAATXPL764 . You are receiving this because you commented.Message ID: @.***>

Koopa001 commented 1 year ago

It does not occur when creating a group. It only occurs when creating a report.

tbar0970 commented 1 year ago

OK so it sounds like the http vs https behaviour is correct, but at some point it's losing the explicit port. But running on standard ports (ie not specified in the URL), everything is working correctly?

Koopa001 commented 1 year ago

I have not added any rosters or any attendance yet, but everything else works as expected if I use http on port 80 or https on port 443.

I went through every button I could find, except the rosters and attendance because I haven't added any yet. While the create reports was the only one that I originally noticed wasn't working, I have now found that others also drop the port.

When clicking on any item in the menu accross the top, the next page that appears preserves the port number. Clicking on add/create anything except for a new report preseveres the port number. So, clicking on add/create a group, congregation, family, person, etc. except create report, preserves the port number. I can click on any view or edit button and it preserves the port number. But if I click on save or update on any page (except create report which behaves as previously described), it saves or updates whatever details on the screen and goes to whatever page it is supposed to, but when it does it drops the port number and goes to http on port 80 if I was accessing via http on any port or https on port 443 if I was accing via https on any port.

On the Documents page, clicking on any file or folder also drops the port number.

I hadn't noticed the other pages that did this because they saved the information. If the page failed to open I just had to hit the back button on the browser and the information was all there to view. But the create report page didn't save the report when it did this.

To reaffirm, running on standard ports, http on port 80 or https on port 443 everything is working correctly, this issue is only occurring when running on non standard ports.

Thanks for your work on this project and for your help.

tbar0970 commented 1 year ago

Thanks. To be honest, supporting non-standard ports is probably not going to be a high-priority fix. But it's good to have the issue noted, and we'll work on it when we can.

tbar0970 commented 1 year ago

Problem with explicit ports starts here in init.php

    if (strpos(array_get($_SERVER, 'HTTP_HOST', array_get($_SERVER, 'SERVER_NAME', '')).$_SERVER['REQUEST_URI'], str_replace(Array('http://', 'https://'), '', BASE_URL)) !== 0) {
        $do_redirect = TRUE;
    }