Ticket #845 (closed defect: fixed)

Opened 12 years ago

Last modified 12 years ago

[S] login looses complete url argument

Reported by: lawrence Owned by: pjkersha
Priority: required Milestone: PROD Final
Component: discovery Version:
Keywords: Cc: pjkershaw

Description

When logging in ...

If i'm logged out with a url like:

http://localhost:8080/discovery?searchString=test&textTarget=All&startDateYear=&startDateMon=&startDateDay=&endDateYear=&endDateMon=&endDateDay=&source=All&Search=Search&bboxN=30.3&bboxW=-76.1&bboxE=104.7&bboxS=-27.0

the url is preserved as a redirect all the way to the login page ...

http://ndgbeta.badc.rl.ac.uk/login?r=http://localhost:8080/discovery?searchString=test&textTarget=All&startDateYear=&startDateMon=&startDateDay=&endDateYear=&endDateMon=&endDateDay=&source=All&Search=Search&bboxN=30.3&bboxW=-76.1&bboxE=104.7&bboxS=-27.0

but when the redirect actually happens we get returned to

http://localhost:8080/discovery?searchString=test

Change History

comment:1 Changed 12 years ago by lawrence

(Actually you could also remove the spurious "Login Successful" message on the login page too)

comment:2 Changed 12 years ago by pjkersha

  • Status changed from new to assigned

Dom has reported something similar.

I think the problem is tied in with LoginController.__setup() and the way Pylons parses query strings. At the point of the wayf, each login URL displayed in the bullet list faithfully includes the correct 'r=...' argument containing your original URL.

When it reaches LoginController.__setup, the 'r' value is obtained as follows:

self.inputs=dict(parse_querystring(request.environ))
        if 'r' in self.inputs:
            c.returnTo=self.inputs['r']
        ...

I tried with a URL:

 http://localhost:8080/login?r=http://localhost:8080/discovery?searchString=coapec&textTarget=All&startDateYear=&startDateMon=&startDateDay=&endDateYear=&endDateMon=&endDateDay=&source=All&Search=Search&bboxN=90.0&bboxW=-180.0&bboxE=180.0&bboxS=-90.0

There are two '?'s in the URL. One following 'login' as you would expect but also the return URL arg 'r' also contains a '?'. I think this confuses the pylons query parser and it truncates the return address.

A solution would be to use base64.urlsafe_b64encode() to encode the 'r' argument so that there is no possibility for ambiguity. I will try this out in my sandbox but will not check in yet as it's a major change and there may be a more straightforward solution.

comment:3 Changed 12 years ago by domlowe

Phil,

It looks like you've partly fixed this but now I'm getting a unicode error which I think may be related?

URL: http://127.0.0.1:8080/wcs/badc.nerc.ac.uk__NDG-A0__ReMryRVA?SERVICE=WCS&REQUEST=GetCoverage&IDENTIFIER=TuMYrRQ4&VERSION=1.1.0&BOUNDINGBOX=-180,-90,180,90&TIMESEQUENCE=2792-06-01T00:00:00.0&FORMAT=application/netcdf&h=https://glue.badc.rl.ac.uk:50000/SessionManager&sid=NpRuhRu8UZL9dqPRXNdP7iNaTPdEgIlONBH6stg6kpo=&u=domlowe&roles=charts,chobs_subset1,chobs_subset2,chobs_subset3,coapec,era,mslp,mst,um
File '/usr/lib/python2.4/site-packages/Pylons-0.9.6rc1-py2.4.egg/pylons/error.py', line 245 in respond
  app_iter = self.application(environ, detect_start_response)
File '/usr/lib/python2.4/site-packages/Paste-1.4-py2.4.egg/paste/httpexceptions.py', line 633 in __call__
  self.send_http_response, catch=HTTPException)
File '/usr/lib/python2.4/site-packages/Paste-1.4-py2.4.egg/paste/wsgilib.py', line 225 in catch_errors_app
  app_iter = application(environ, start_response)
File '/home/dom/pylons/trunk/ows_server/ows_server/config/ndgMiddleware.py', line 53 in __call__
  return self.app(environ,start_response)
File '/usr/lib/python2.4/site-packages/PasteDeploy-1.3-py2.4.egg/paste/deploy/config.py', line 164 in __call__
  app_iter = self.application(environ, start_response)
File '/usr/lib/python2.4/site-packages/Pylons-0.9.6rc1-py2.4.egg/pylons/wsgiapp.py', line 292 in __call__
  return self.app(environ, start_response)
File '/usr/lib/python2.4/site-packages/Beaker-0.7.4-py2.4.egg/beaker/cache.py', line 180 in __call__
  return self.app(environ, start_response)
File '/usr/lib/python2.4/site-packages/Beaker-0.7.4-py2.4.egg/beaker/session.py', line 393 in __call__
  response = self.wrap_app(environ, session_start_response)
File '/usr/lib/python2.4/site-packages/Routes-1.7-py2.4.egg/routes/middleware.py', line 104 in __call__
  response = self.app(environ, start_response)
File '/usr/lib/python2.4/site-packages/Pylons-0.9.6rc1-py2.4.egg/pylons/wsgiapp.py', line 88 in __call__
  response = self.dispatch(controller, environ, start_response)
File '/usr/lib/python2.4/site-packages/Pylons-0.9.6rc1-py2.4.egg/pylons/wsgiapp.py', line 214 in dispatch
  return controller(environ, start_response)
File '/home/dom/pylons/trunk/ows_server/ows_server/lib/base.py', line 77 in __call__
  return super(OwsController, self).__call__(environ, start_response)
File '/home/dom/pylons/trunk/ows_server/ows_server/lib/base.py', line 48 in __call__
  h.redirect_to(cc)
File '/usr/lib/python2.4/site-packages/Routes-1.7-py2.4.egg/routes/util.py', line 214 in redirect_to
  target = url_for(*args, **kargs)
File '/usr/lib/python2.4/site-packages/Routes-1.7-py2.4.egg/routes/util.py', line 200 in url_for
  raise Exception("url_for can only return a string or None, got "
Exception: url_for can only return a string or None, got  unicode instead: 

http://127.0.0.1:8080/wcs/badc.nerc.ac.uk__NDG-A0__ReMryRVA?SERVICE=WCS&REQUEST=GetCoverage&IDENTIFIER=TuMYrRQ4&VERSION=1.1.0&BOUNDINGBOX=-180,-90,180,90&TIMESEQUENCE=2792-06-01T00:00:00.0&FORMAT=application/netcdf

comment:4 Changed 12 years ago by pjkersha

  • Cc dom added

Dom,

Can you try again with the latest egg - from changeset:2878?

comment:5 follow-up: ↓ 6 Changed 12 years ago by domlowe

  • Cc pjkershaw added; dom removed

Phil,

This now works perfectly the first time I access the resource, but if I then try and access it a second time (while still logged in) it gives me an access denied message, then refers me to login. At login it says I am logged in already, and doesn't do any forwarding.

comment:6 in reply to: ↑ 5 Changed 12 years ago by pjkersha

Replying to domlowe:

Phil,

This now works perfectly the first time I access the resource, but if I then try and access it a second time (while still logged in) it gives me an access denied message, then refers me to login. At login it says I am logged in already, and doesn't do any forwarding.

Hi Dom,

I can't duplicate this. Multiple access attempts to COAPEC data works without re-login when I try. What data were you accessing? Can you tell me any other background info?

comment:7 Changed 12 years ago by pjkersha

  • Status changed from assigned to closed
  • Resolution set to fixed
Note: See TracTickets for help on using tickets.