Defect #13741

Not landing on home page on login after visiting lost password page

Added by Filou Centrinov over 4 years ago. Updated 9 months ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:Accounts / authentication
Target version:3.4.0
Resolution:Fixed Affected version:2.3.0

Description

I'm not landing on the home page after login, when I've entered something at the "lost password"-page before.

How to reproduce:
1. Click on "login" link at the top or just go to www.domain.com/login
2. Click on "Lost password"
3. Enter anything (or a correct/existing email)
4. Click again on "login" link at the top
5. Enter now your user name and password and click on the login button to login
6. DEFECT : "forget password"-page is shown again, instead of home page

You can also reproduce this bug on www.redmine.org.

do_not_redirect_to_lost_password_page.diff Magnifier - Patch to ignore redirect to lost_password again after successful password change (r15775 or higher) (482 Bytes) Gregory Van der Steen, 2016-12-07 10:15

Associated revisions

Revision 16151
Added by Jean-Philippe Lang 9 months ago

Don't redirect to lost password page after login (#13741).

Patch by Gregory Van der Steen.

History

#1 Updated by Gregory Van der Steen 10 months ago

Defect is still present and reproducable in redmine 3.x.
After diving in the source code, it looks like the back_url is fetched from HTTP_REFERER and used to redirect to on successful login after password change.

#2 Updated by Gregory Van der Steen 10 months ago

Defect is still present and reproducible in redmine 3.x.
After diving in the source code, it looks like the back_url is fetched from HTTP_REFERER and used to redirect to on successful login after password change.

edit
Patch added, so tracker can be changed from Defect to Patch by someone with the right permissions

#3 Updated by Toshi MARUYAMA 9 months ago

  • Target version set to 3.4.0

#4 Updated by Jean-Philippe Lang 9 months ago

  • Status changed from New to Closed
  • Assignee set to Jean-Philippe Lang
  • Resolution set to Fixed

Patch committed, thanks.

#5 Updated by Jean-Philippe Lang 9 months ago

  • Subject changed from Not landing on home page after login to Not landing on home page on login after visiting lost password page

Also available in: Atom PDF