mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-19 22:11:28 +02:00
Code Issues Releases Wiki Activity

Login flow consistency: Do not use redirect in admin area login box

Browse Source 
The non-admin login flow does not perform a redirect, but the admin
login flow did. This led to an inconsistency in how the authentication
error message was passed.

Fixes: https://github.com/e107inc/e107/issues/4779
This commit is contained in:
Nick Liu
2022-09-07 12:32:02 -05:00
parent b95712578a
commit 00b1d754b0
3 changed files with 23 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
e107_admin/auth.php
View File

@@ -134,12 +134,7 @@ else
{ {
e107::coreLan('log_messages', true); e107::coreLan('log_messages', true);
e107::getLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".e107::getParser()->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING); e107::getLog()->addEvent(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", LAN_ROLL_LOG_11, "U: ".e107::getParser()->toDB($_POST['authname']), FALSE, LOG_TO_ROLLING);
e107::getRedirect()->redirect('admin.php?failed');
} }
exit;
} }
@@ -274,28 +269,20 @@ class auth
// Start Clean // Start Clean
// NOTE: this should NOT be a template of the admin-template, however themes may style it using css. // NOTE: this should NOT be a template of the admin-template, however themes may style it using css.
$class = (e_QUERY === 'failed') ? "class='e-shake'" : "";
$text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} > $text = "<form id='admin-login' method='post' action='".e_SELF."' {$incChap} >
<div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div> <div id='logo' ><img src='".e_IMAGE."logo_template_large.png' alt='".LAN_LOGIN."' /></div>
<div id='login-admin' class='center'> <div id='login-admin' class='center'>
<div>"; <div>";
if(e_QUERY === 'failed') e107::lan('core', 'login');
{ $text .= e107::getMessage()->render(); // see e107_handlers/login.php L622
e107::lan('core', 'login'); $text .= "<script>
$text .= e107::getMessage()->render(); // see e107_handlers/login.php L622 window.setTimeout(function() {
$text .= "<script> $('.alert').fadeTo(500, 0).slideUp(500, function(){
window.setTimeout(function() { $(this).remove();
$('.alert').fadeTo(500, 0).slideUp(500, function(){ });
$(this).remove(); }, 7000);
}); </script>";
}, 7000);
</script>";
}
$text .= " $text .= "
<div class='panel well panel-primary'> <div class='panel well panel-primary'>

2
e107_handlers/login.php
View File

@@ -646,7 +646,7 @@ class userlogin
$this->logNote('LAN_ROLL_LOG_10', $username); $this->logNote('LAN_ROLL_LOG_10', $username);
} }
e107::getMessage()->reset()->addError($message, 'default', true); // prevent duplicates, session=true needed for admin-area login. e107::getMessage()->reset()->addError($message); // prevent duplicates
if($this->testMode === true) if($this->testMode === true)
{ {

15
e107_tests/tests/acceptance/0001_AdminLoginCest.php
View File

@@ -11,7 +11,19 @@ class AdminLoginCest
{ {
} }
// tests /**
* @see https://github.com/e107inc/e107/issues/4779
*/
public function testAdminFailedLogin(AcceptanceTester $I)
{
$I->wantTo("See a login failure message in the admin area if I put in the wrong credentials");
$I->amOnPage("/e107_admin/admin.php");
$I->fillField('authname', 'e107');
$I->fillField('authpass', 'wrong password');
$I->click('authsubmit');
$I->see("Your login details don't match any registered user");
}
public function testAdminLogin(AcceptanceTester $I) public function testAdminLogin(AcceptanceTester $I)
{ {
@@ -27,7 +39,6 @@ class AdminLoginCest
} }
private function e107Login(AcceptanceTester $I) private function e107Login(AcceptanceTester $I)
{ {
$I->amOnPage('/e107_admin/admin.php'); $I->amOnPage('/e107_admin/admin.php');