Not landing on home page on login after visiting lost password page
|Assignee:||Jean-Philippe Lang||% Done:|
|Category:||Accounts / authentication|
I'm not landing on the home page after login, when I've entered something at the "lost password"-page before.
How to reproduce:
1. Click on "login" link at the top or just go to www.domain.com/login
2. Click on "Lost password"
3. Enter anything (or a correct/existing email)
4. Click again on "login" link at the top
5. Enter now your user name and password and click on the login button to login
6. DEFECT : "forget password"-page is shown again, instead of home page
You can also reproduce this bug on www.redmine.org.
#2 Updated by Gregory Van der Steen 4 months ago
- File do_not_redirect_to_lost_password_page.diff added
Defect is still present and reproducible in redmine 3.x.
After diving in the source code, it looks like the back_url is fetched from HTTP_REFERER and used to redirect to on successful login after password change.
Patch added, so tracker can be changed from Defect to Patch by someone with the right permissions