| Issue 3044: | After-login redirect messes up the URL | |
| 18 people starred this issue and may be notified of changes. | Back to list |
Affected Version: 2.10-rc0-1038-ga530544 What steps will reproduce the problem? 0. Being logged out, e.g. incognito 1. Open a commit: https://android-review.googlesource.com/#/c/117730/ 2. Log in in upper right corner 3. Enter google password and choose account After login it redirects back to where you pressed Log in: What is the expected output? https://android-review.googlesource.com/#/c/117730/ What do you see instead? https://android-review.googlesource.com/#c/117730/ Note the #c which is invalid and shows 404.
Dec 5, 2014
Project Member
#2
huga...@gmail.com
Dec 5, 2014
Intermittent bugs FTW! :) It happened only once, I didn't try to repro it, just reported. I'm glad you confirmed it, wishing the best to find the root.
Dec 5, 2014
More info, it looks like the problem only happens the first time and then it is ok. The difference I noticed between the first and second time I got the login page it was that the first time, I got a page asking me to choose a google account (then I got the bad redirection url) and the second time, my account was already chosen and I only needed to type my password.
Cc:
jrn@google.com
Labels: Environment-Google
Dec 23, 2014
Issue 3066 has been merged into this issue.
Feb 10, 2015
I have the same issue, with slightly different URLs. If I open the following link in a new session: https://git.corp/r/42117 I get a login prompt, and then I am redirected to https://git.corp/r/c/42117/ which does not exist. Looking at Network in google chrome, I see the following: 1. Request URL:https://git.corp/r/login/c/42117/ Location:https://git.corp/r/c/42117/ 2. Request URL:https://git.corp/r/c/42117/ Status Code:404 Not Found Once I am logged in, it's fine : 1. Request URL:https://git.corp/r/42117 2. Location:https://git.corp/r/#/c/42117/ Using gerrit 2.10 but I already saw the problem with earlier versions.
Feb 26, 2015
This is a major annoyance for anyone that uses gerrit on a daily basis
Apr 1, 2015
I dug into this on my gerrit and think I may have an idea of the problem is. A bit of background, we use Apache in front of gerrit doing Basic auth against an LDAP. The issue we are having is that after a gerrit token expires, visiting https://gerrit.org/12345 redirects to https://gerrit.org/c/12345 (an invalid url) More concretely, in our case, it seems the flow is: 0. gerrit token expires 1. apache doesn't care about expired token, goes on to gerrit 2. gerrit doesn't run auth on /12345 and redirect to #/c/12345 (directChangeById() in UrlModule) 3. auth kicks over to /login/c/12345, token is refreshed via apache still sending valid headers 4. login redirects to /c/12345 It seems like there are multiple work arounds for our specific case, such as making /c/12345 route to /#/c/12345 or having auth trigger before the directChangeById() is hit, which would cause a redirect to happen earlier, but it seems the root cause for original reporter as well as us is that the redirectUrl is getting munged
Apr 1, 2015
Okay, did even more digging and in fact that flow is confirmed, here are more details but am still not sure what a proper fix would look like. Gerrit does not run HttpAuthFilter on anything outside of HostPageServlet so the redirect to /#/12345 happens and LoginRedirect.html is hit, which strips off the # and redirects to /login/c/12345.
Apr 2, 2015
LoginRedirect.html should not strip '#/'. The code handling the login (HttpLoginServlet for HTTP auth type) assume that URL it needs to redirect to has the '#/' in it. This was changed between 2.9.x and 2.10.x but obviously, the HTTP and HTTP_LDAP authentication types were not tested. Can you try removing the code striping '#/' in LoginRedirect.html?
Apr 2, 2015
Indeed: removing the code to strip '#/' (see https://gerrit-review.googlesource.com/66814) does work normally. From the sounds of it, the change to HttpLoginServlet was intentional, but I'm not sure what effect removing the stripping of '#/' will have on the other login types. Any other comments?
Apr 6, 2015
Issue 3273 has been merged into this issue.
Apr 6, 2015
(No comment was entered for this change.)
Status:
ChangeUnderReview
Cc: -jrn@google.com Labels: -Environment-Google
Apr 7, 2015
(No comment was entered for this change.)
Status:
Submitted
Apr 7, 2015
(No comment was entered for this change.)
Labels:
FixedIn-2.11
Apr 14, 2015
(No comment was entered for this change.)
Labels:
-FixedIn-2.11 FixedIn-2.10.3
|
|
| ► Sign in to add a comment |