#2471: Default templates in tg.devtools generate invalid redirects.
------------------------+---------------------------------------------------
Reporter: Clicky | Owner:
Type: defect | Status: new
Priority: normal | Milestone: __unclassified__
Component: unassigned | Version: 2.0.3
Severity: normal | Keywords:
------------------------+---------------------------------------------------
While deploying a Turbogears application, we noticed sometimes users
sometime had issues going through the login form and got 404 error pages
as a result. In our environment, the app is served using Apache from a
sub-directory of the DocumentRoot, but I also managed to reproduce this
with Paste and a composite application setup.
Steps to reproduce :
1. Quickstart a new project with auth enabled.
2. Change the settings in development.ini so that the application is NOT
mounted at the root.
eg. replace `[app:main]` with :
{{{
[composite:main]
use = egg:Paste#urlmap
/yourapp = yourapp
[app:yourapp]
}}}
3. Start the webserver.
4. In your browser, go to a page which requires authentication (eg.
http://localhost:8080/yourapp/manage_permission_only).
5. Enter a bad username/password
6. At this point, your browser may indicate that a circular redirection
is taking place, or, the login form may show up again, or you may be
presented with a 404 error page (see notes below).
7. If the login form showed up, try authenticating with a valid
username/password (in my case, I used manager/managepass), you should end
up on a 404 error page.
I noticed some variations of the problem:
* when the application is served with Paste, my browser either detected a
circular redirect (step !#6) or ended up on a non-existing page
(/yourapp/yourapp/login)
* when the application is served with Apache, the redirect works
correctly, but after the first authentication attempt (with an invalid
username/password), the came_from parameter is incorrect
(/yourapp/yourapp/manage_permission_only), so that when you successfully
authenticate, your browser is redirected to a non-existing page (step
!#7).
This seems to be the result of a few extraneous url() in tg.devtools'
default templates.
AFAICT, redirect() already applies url() to its input. Therefore, the URL
gets rewritten twice (which gives a double "/yourapp" prefix in my case)
at the time the redirect occurs.
Getting rid of a few url() in
http://svn.turbogears.org/projects/tg.devtools/trunk/devtools/templates/turbogears/+package+/controllers/root.py_tmpl
seems to do the trick. I'll try to attach a patch sometime this week.
--
Ticket URL: <http://trac.turbogears.org/ticket/2471>
TurboGears <http://www.turbogears.org/>
TurboGears front-to-back web development
--
You received this message because you are subscribed to the Google
Groups "TurboGears Tickets" group.
This group is read-only. No posting by normal members allowed.
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/turbogears-tickets?hl=en?hl=en
