Item6510: forceAuthentication can create invalid URL

https://serverhttps://server/bin/viewauth

I have tracked down the issue to forceAuthentication() in lib/TWiki/LoginManager/ApacheLogin.pm. In there it sais:

   my $url = $twiki->getScriptUrl(1, $scriptName);
   if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
      # $url should not contain query string as it gets appended
      # in TWiki::redirect. Script gets 'auth' appended.
      $url = "$twiki->{urlHost}${1}auth$2";

This is wrong because getScriptUrl(1,...) will already return an absolute URL and there is no need to prepend urlHost.

I did not find a fix to get the function working properly though. The easiest workaround for me was to use the function code from Foswiki and adjust it

like this:

sub forceAuthentication {



    my $this = shift;



    my $twiki = $this->{twiki};



    my $query = $twiki->{request};







    # See if there is an 'auth' version



    # of this script, may be a result of not being logged in.



    my $newAction = $query->action() . 'auth';







    if ( !$query->remote_user()



        && exists $TWiki::cfg{SwitchBoard}{$newAction} )



    {







        # Assemble the new URL using the host, the changed script name,



        # and the path info.



        my $url = $twiki->getScriptUrl( 1, $newAction );



        if ( $query->path_info() ) {



            $url .= '/'



              unless $url =~ m#/$# || $query->path_info() =~ m#^/#;



            $url .= $query->path_info();



        }







        # Redirect with passthrough so we don't lose the original query params



        $twiki->redirect( $url, 1 );



        return 1;



    }



    return 0;



}

This works for me.

-- TWiki:Main/StefanWalter - 30 Jun 2010

Found the same problem. Here are the changes I made that fixed the problem for us.

*** ApacheLogin.pm.ORIG Sat May 29 09:33:36 2010
--- ApacheLogin.pm      Tue Jul 13 13:30:44 2010
***************
*** 91,97 ****
          if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
              # $url should not contain query string as it gets appended
              # in TWiki::redirect. Script gets 'auth' appended.
!             $url = "$twiki->{urlHost}${1}auth$2";
          } else {
              if( $twiki->{request}->action !~ /auth$/ ) {
                  $url = $twiki->{urlHost}.'/'.$twiki->{request}->action . 'auth';
--- 91,97 ----
          if( $url && $url =~ m!(.*/$scriptName)([^?]*)! ) {
              # $url should not contain query string as it gets appended
              # in TWiki::redirect. Script gets 'auth' appended.
!             $url = "${1}auth$2";
          } else {
              if( $twiki->{request}->action !~ /auth$/ ) {
                  $url = $twiki->{urlHost}.'/'.$twiki->{request}->action . 'auth';
***************
*** 102,112 ****
                  $url = $twiki->{urlHost}.$twiki->{scriptUrlPath}.'/'.
                         $scriptName.'auth'.$TWiki::cfg{ScriptSuffix};
              }
-             if ($query->path_info()) {
-                 $url .= '/' unless $url =~ m#/$# || $query->path_info() =~ m#^/#;
-                 $url .= $query->path_info();
-             }
          }
          # Redirect with passthrough so we don't lose the original query params
          $twiki->redirect( $url, 1 );
          return 1;
--- 102,112 ----
                  $url = $twiki->{urlHost}.$twiki->{scriptUrlPath}.'/'.
                         $scriptName.'auth'.$TWiki::cfg{ScriptSuffix};
              }
          }
+       if ($query->path_info()) {
+           $url .= '/' unless $url =~ m#/$# || $query->path_info() =~ m#^/#;
+           $url .= $query->path_info();
+       }
          # Redirect with passthrough so we don't lose the original query params
          $twiki->redirect( $url, 1 );
          return 1;

-- TWiki:Main.MikeSchwarz - 2010-07-13

Thanks for the patch Mike! Any chances that this gets its way into 5.0.1?

-- TWiki:Main.StefanWalter - 2010-08-16