CODEWITHSUNDEEP
phpcakephpcakephp-3.0cakephp-3.xcakephp-3.5
Lucio Benini
Lucio Benini

Reputation: 23

Infinite Login Loop after CakePHP 3.6 update

in my application, based on CakePHP, I'm using. When I'm logging in using the URL /manager/login (corresponding to LoginController, Managerr prefix) everything is OK.

When I logout or I use /manager the result is the following:

/manager/login?redirect=%2Fmanager%2Flogin%3Fredirect%3D%252Fmanager%252Flogin%253Fredirect%253D%25252Fmanager%25252Flogin%25253Fredirect%25253D%2525252Fmanager%2525252Flogin%2525253Fredirect%2525253D%252525252Fmanager%252525252Flogin%252525253Fredirect%252525253D%25252525252Fmanager%25252525252Flogin%25252525253Fredirect%25252525253D%2525252525252Fmanager%2525252525252Flogin%2525252525253Fredirect%2525252525253D%252525252525252Fmanager%252525252525252Flogin%252525252525253Fredirect%252525252525253D%25252525252525252Fmanager%25252525252525252Flogin%25252525252525253Fredirect%25252525252525253D%2525252525252525252Fmanager%2525252525252525252Flogin%2525252525252525253Fredirect%2525252525252525253D%252525252525252525252Fmanager%252525252525252525252Flogin%252525252525252525253Fredirect%252525252525252525253D%25252525252525252525252Fmanager%25252525252525252525252Flogin%25252525252525252525253Fredirect%25252525252525252525253D%2525252525252525252525252Fmanager%2525252525252525252525252Flogin%2525252525252525252525253Fredirect%2525252525252525252525253D%252525252525252525252525252Fmanager%252525252525252525252525252Flogin%252525252525252525252525253Fredirect%252525252525252525252525253D%25252525252525252525252525252Fmanager%25252525252525252525252525252Flogin%25252525252525252525252525253Fredirect%25252525252525252525252525253D%2525252525252525252525252525252Fmanager%2525252525252525252525252525252Flogin%2525252525252525252525252525253Fredirect%2525252525252525252525252525253D%252525252525252525252525252525252Fmanager%252525252525252525252525252525252Flogin%252525252525252525252525252525253Fredirect%252525252525252525252525252525253D%25252525252525252525252525252525252Fmanager%25252525252525252525252525252525252Flogin%25252525252525252525252525252525253Fredirect%25252525252525252525252525252525253D%2525252525252525252525252525252525252Fmanager%2525252525252525252525252525252525252Flogin%2525252525252525252525252525252525253Fredirect%2525252525252525252525252525252525253D%252525252525252525252525252525252525252Fmanager%252525252525252525252525252525252525252Fprofile

An infinite loop in query string and the server return a 404.15 error.

Same configuration used in 3.5

$this->loadComponent('Auth', [
            'fields' => [
                'username' => 'email',
                'password' => 'password'
            ],
            'loginAction' => [
                'prefix' => 'manager',
                'controller' => 'Login',
                'action' => 'index',
                'plugin' => false
            ],
            'loginRedirect' => [
                'prefix' => 'manager',
                'controller' => 'Managers',
                'action' => 'index',
                'plugin' => false
            ],
            'logoutRedirect' => [
                'prefix' => 'manager',
                'controller' => 'Login',
                'action' => 'index',
                'plugin' => false
            ],
            'authenticate' => [
                'Form' => [
                    'passwordHasher' => [
                        'className' => 'DressFinder'
                    ],
                    'fields' => [
                        'username' => 'email',
                        'password' => 'password'
                    ],
                    'userModel' => 'Managers'
                ]
            ],
            'authError' => __('You are not authorized to access that location.'),
            'storage' => [
                'className' => 'Session',
                'key' => 'Auth.Managers'
            ]
        ]);

No routes has been changed, and in controller without prefixes the login/logut actions work.

Thanks for any help.

Upvotes: 1

Views: 588

Answers (3)

Mr.D
Mr.D

Reputation: 89

This might not an answer, i have not enough Reputation for adding comments! You could try to add these codes to routes.php 

use Cake\Core\Plugin;
use Cake\Routing\RouteBuilder;
use Cake\Routing\Router;
use Cake\Routing\Route\DashedRoute;


Router::defaultRouteClass(DashedRoute::class);

Router::scope('/', function (RouteBuilder $routes) {

Router::prefix('manager', function ($routes){
    $routes->connect('/', ['controller'=>'Your_controller', 'action'=>'your_action']);
    $routes->connect('/:controller/', [], ['routeClass' => 'Cake\Routing\Route\InflectedRoute']);
    $routes->connect('/:controller/:action/*', [], ['routeClass' => 'Cake\Routing\Route\InflectedRoute']);
});
$routes->fallbacks(DashedRoute::class);
});

Plugin::routes();

Upvotes: 0

ndm
ndm

Reputation: 60463

That's a bug, the authentication component compares the login action with the current URL including the query string argument, which causes a mismatch, treating the user as unauthenticated, and thus triggering a redirect to the login action, where the same procedure then starts again.

This will be fixed in 3.6.1, if you cannot wait, apply the patch manually until the new version is available.

See

Upvotes: 2

Indra Pyakurel
Indra Pyakurel

Reputation: 1

Seems like redirect not working by default. Add/Adjust followings to initialize method in AppController should work fine.

$this->loadComponent('RequestHandler', [ 'enableBeforeRedirect' => false ]);

Upvotes: -1

Related Questions