Bug #33078: No Redirect to Login - TYPO3.Flow - TYPO3 Forge

TYPO3 Flow Base Distribution TYPO3.Eel TYPO3.Flow TYPO3.Fluid TYPO3.Kickstart TYPO3.Welcome Packages Applications

Bug #33078

No Redirect to Login

Added by Jörg Ohnheiser over 3 years ago. Updated over 3 years ago.

Status:

New

Start date:

2012-01-10

Priority:

Should have

Due date:

Assigned To:

% Done:

Category:

Security

Target version:

PHP Version:

Complexity:

Has patch:

Affected Flow version:

FLOW3 1.0.2

Description

I think this is a Bug with the Security Subsystem.

I'm only getting a Exception when i'm not login or i've no rights to access the controller.

But i'm awaiting a redirect to login when i've no Login Data or?

i've attached my policy and setting yaml file.

You are not allowed to perform this action.
10 TYPO3\FLOW3\Security\Authorization\Interceptor\AccessDeny_Original::invoke()

9 TYPO3\FLOW3\Security\Authorization\RequestFilter_Original::filterRequest(TYPO3\FLOW3\MVC\Web\Request)

8 TYPO3\FLOW3\Security\Authorization\FilterFirewall_Original::blockIllegalRequests(TYPO3\FLOW3\MVC\Web\Request)

7 TYPO3\FLOW3\Security\Aspect\RequestDispatchingAspect_Original::blockIllegalRequestsAndForwardToAuthenticationEntryPoints(TYPO3\FLOW3\AOP\JoinPoint)

6 TYPO3\FLOW3\AOP\Advice\AroundAdvice_Original::invoke(TYPO3\FLOW3\AOP\JoinPoint)

5 TYPO3\FLOW3\AOP\Advice\AdviceChain_Original::proceed(TYPO3\FLOW3\AOP\JoinPoint)

4 TYPO3\FLOW3\MVC\Dispatcher::dispatch(TYPO3\FLOW3\MVC\Web\Request, TYPO3\FLOW3\MVC\Web\Response)

3 TYPO3\FLOW3\MVC\Web\RequestHandler_Original::handleRequest()

2 TYPO3\FLOW3\Core\Bootstrap::handleWebRequest()

1 TYPO3\FLOW3\Core\Bootstrap::run()

Please include more helpful information!

Policy.yaml (517 Bytes) Jörg Ohnheiser, 2012-01-10 08:37

Settings.yaml (536 Bytes) Jörg Ohnheiser, 2012-01-10 08:37

Related issues

History

#1 Updated by Jörg Ohnheiser over 3 years ago

File Policy.yaml added
File Settings.yaml added

#2 Updated by Jörg Ohnheiser over 3 years ago

Similar to http://forge.typo3.org/issues/33055

#3 Updated by Johannes K over 3 years ago

Did you try to call the protected action manually, or via a Fluid generated link?
I'm asking, because to call protected action you also need to pass a csrfToken in the URL.
If the link is generated by Fluid, the URL contains the csrfToken automatically.

Another option is to annotate the action with @FLOW3\SkipCsrfProtection.

No real documentation for this yet, but here is an explanation:
[[http://media.netlogix.de/community/details/artikel/csrf-protection-in-typo3-phoenix-kindly-provided-by-flow3]]

#4 Updated by Karsten Dambekalns over 3 years ago

Category changed from - Error Handler Report - to Security

Also available in: Atom PDF

TYPO3.Flow

Issues

Custom queries