Bug #32285
Logout doesn't work anymore in FLOW3 1.0.1
| Status: | Resolved | Start date: | 2011-12-04 | |
|---|---|---|---|---|
| Priority: | Must have | Due date: | ||
| Assigned To: | Bastian Waidelich | % Done: | 100% |
|
| Category: | Security | |||
| Target version: | TYPO3 Flow Base Distribution - 1.0.2 | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | Affected Flow version: | FLOW3 1.0.1 |
Description
After updating from FLOW3 1.0.0 to 1.0.1 it is not possible anymore to logout from an authenticated session.
The issue to be introduced by commit:970c615. When I revert those changes I am able to logout again.
I've also tested it on the Blog package. There the same behavior is shown.
It displays the flash message, but in the footer the administration link is still displayed and accessible.
Associated revisions
[BUGFIX] Logout doesn't work anymore
Since eab9bf9 calling AuthenticationProviderManager::logout()
without initializing the Security Context first, returns without
actually destroying the authentication cookie.
This change fixes this by introducing a new convenience method
isAuthenticated() to the AuthentcationManagerInterface allowing the
AuthenticationProviderManager to check whether a user is
authenticated before trying to fetch the session.
Change-Id: I1c273e84f059c2f8d82d126d18a67cef4bfc7f16
Fixes: #32285
Releases: 1.0, 1.1
[BUGFIX] Logout doesn't work anymore
Since 93b608a calling AuthenticationProviderManager::logout()
without initializing the Security Context first, returns without
actually destroying the authentication cookie.
This change fixes this by introducing a new convenience method
isAuthenticated() to the AuthentcationManagerInterface allowing the
AuthenticationProviderManager to check whether a user is
authenticated before trying to fetch the session.
Change-Id: Ia31a73981a9b2f77c4f3efa251a6a5f7e732e4c9
Fixes: #32285
Releases: 1.0, 1.1
History
#1 Updated by Rens Admiraal over 3 years ago
Tested on FLOW3 master with TYPO3.LDAP package. This provider does logout.
To test: Blog package on current master
#2 Updated by Peter Beernink over 3 years ago
I see that the link to the commit is wrong. It should be eab9bf9
#3 Updated by Bastian Waidelich over 3 years ago
- Status changed from New to Accepted
- Assigned To set to Bastian Waidelich
I'll check this, thanks for reporting!
#4 Updated by Bastian Waidelich over 3 years ago
- Status changed from Accepted to Needs Feedback
- Assigned To changed from Bastian Waidelich to Peter Beernink
Hi Peter,
I can't reproduce this issue.
With a fresh checkout of the Blog distribution clicking on the "Logout"-Link in the footer successfully kills the session and I have to login again in order to administer the blog..
Did you try flushing the cache?
#5 Updated by Peter Beernink over 3 years ago
Hi Bastian,
I've tested it on a base FLOW3 1.0.1 distribution in which I installed the Blog package, I haven't tested it on the Blog distribution.
However, I just cloned it, and it seems that the Blog distribution is still using 1.0.0, so the change in question is not applied there.
#6 Updated by Bastian Waidelich over 3 years ago
Peter Beernink wrote:
However, I just cloned it, and it seems that the Blog distribution is still using 1.0.0,
so the change in question is not applied there.
I updated all packages to their master and it still works..
#7 Updated by Bastian Waidelich over 3 years ago
Bastian Waidelich wrote:
I updated all packages to their master and it still works..
Hang on, maybe I wasn't working with latest masters in fact. I'll recheck
#8 Updated by Bastian Waidelich over 3 years ago
- Status changed from Needs Feedback to Accepted
- Assigned To changed from Peter Beernink to Bastian Waidelich
Ok, I can reproduce this now.
#9 Updated by Gerrit Code Review over 3 years ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7261
#10 Updated by Gerrit Code Review over 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7261
#11 Updated by Gerrit Code Review over 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/7261
#12 Updated by Bastian Waidelich over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 9cab55e0fdf701fe0bdf857a58c7f9e79d9554d6.
#13 Updated by Gerrit Code Review over 3 years ago
- Status changed from Resolved to Under Review
Patch set 1 for branch FLOW3-1.0 has been pushed to the review server.
It is available at http://review.typo3.org/7441
#14 Updated by Bastian Waidelich over 3 years ago
- Status changed from Under Review to Resolved
Applied in changeset 6ba03e4810791eb15f43282789b8dd29d8d57c09.