Skip to content
Snippets Groups Projects
Commit 6033fd0c authored by catch's avatar catch
Browse files

Issue #3253889 by BR0kEN, murilohp, longwave: `?check_logged_in=1` causes...

Issue #3253889 by BR0kEN, murilohp, longwave: `?check_logged_in=1` causes `TrustedRedirectResponse` to fail
parent 040479a5
No related branches found
No related tags found
38 merge requests!7471uncessary 5 files are moved from media-library folder to misc folder,!7452Issue #1797438. HTML5 validation is preventing form submit and not fully...,!54479.5.x SF update,!5014Issue #3071143: Table Render Array Example Is Incorrect,!4868Issue #1428520: Improve menu parent link selection,!4289Issue #1344552 by marcingy, Niklas Fiekas, Ravi.J, aleevas, Eduardo Morales...,!4114Issue #2707291: Disable body-level scrolling when a dialog is open as a modal,!3630Issue #2815301 by Chi, DanielVeza, kostyashupenko, smustgrave: Allow to create...,!3291Issue #3336463: Rewrite rules for gzipped CSS and JavaScript aggregates never match,!3143Issue #3313342: [PHP 8.1] Deprecated function: strpos(): Passing null to parameter #1 LayoutBuilderUiCacheContext.php on line 28,!3102Issue #3164428 by DonAtt, longwave, sahil.goyal, Anchal_gupta, alexpott: Use...,!2853#3274419 Makes BaseFieldOverride inherit the internal property from the base field.,!2719Issue #3110137: Remove Classy from core.,!2437Issue #3238257 by hooroomoo, Wim Leers: Fragment link pointing to <textarea>...,!2378Issue #2875033: Optimize joins and table selection in SQL entity query implementation,!2074Issue #2707689: NodeForm::actions() checks for delete access on new entities,!2062Issue #3246454: Add weekly granularity to views date sort,!1974Issue #3036862 demonstration,!1591Issue #3199697: Add JSON:API Translation experimental module,!1484Exposed filters get values from URL when Ajax is on,!1255Issue #3238922: Refactor (if feasible) uses of the jQuery serialize function to use vanillaJS,!1254Issue #3238915: Refactor (if feasible) uses of the jQuery ready function to use VanillaJS,!1162Issue #3100350: Unable to save '/' root path alias,!1073issue #3191727: Focus states on mobile second level navigation items fixed,!10223132456: Fix issue where views instances are emptied before an ajax request is complete,!957Added throwing of InvalidPluginDefinitionException from getDefinition().,!925Issue #2339235: Remove taxonomy hard dependency on node module,!877Issue #2708101: Default value for link text is not saved,!873Issue #2875228: Site install not using batch API service,!872Draft: Issue #3221319: Race condition when creating menu links and editing content deletes menu links,!844Resolve #3036010 "Updaters",!712Issue #2909128: Autocomplete intermittent on Chrome Android,!617Issue #3043725: Provide a Entity Handler for user cancelation,!579Issue #2230909: Simple decimals fail to pass validation,!560Move callback classRemove outside of the loop,!555Issue #3202493,!485Sets the autocomplete attribute for username/password input field on login form.,!30Issue #3182188: Updates composer usage to point at ./vendor/bin/composer
......@@ -6,6 +6,7 @@
use Drupal\Core\Authentication\AuthenticationProviderInterface;
use Drupal\Core\Database\Connection;
use Drupal\Core\Messenger\MessengerInterface;
use Drupal\Core\Routing\TrustedRedirectResponse;
use Drupal\Core\Session\AccountInterface;
use Drupal\Core\Session\UserSession;
use Drupal\Core\Session\SessionConfigurationInterface;
......@@ -136,6 +137,12 @@ public function addCheckToUrl(ResponseEvent $event) {
if (!empty($options['#fragment'])) {
$url .= '#' . $options['#fragment'];
}
// In the case of trusted redirect, we have to update the list of
// trusted URLs because here we've just modified its target URL
// which is in the list.
if ($response instanceof TrustedRedirectResponse) {
$response->setTrustedTargetUrl($url);
}
$response->setTargetUrl($url);
}
}
......
......@@ -3,8 +3,15 @@
namespace Drupal\Tests\user\Unit;
use Drupal\Core\Entity\EntityTypeManagerInterface;
use Drupal\Core\Routing\RequestContext;
use Drupal\Core\Routing\TrustedRedirectResponse;
use Drupal\Tests\UnitTestCase;
use Drupal\user\Authentication\Provider\Cookie;
use Drupal\user\UserAuth;
use Symfony\Component\DependencyInjection\ContainerBuilder;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Component\HttpKernel\Event\ResponseEvent;
/**
* @coversDefaultClass \Drupal\user\UserAuth
......@@ -220,4 +227,57 @@ public function testAuthenticateWithCorrectPasswordAndNewPasswordHash() {
$this->assertSame(1, $this->userAuth->authenticate($this->username, $this->password));
}
/**
* Tests the auth that ends in a redirect from subdomain to TLD.
*/
public function testAddCheckToUrlForTrustedRedirectResponse(): void {
$site_domain = 'site.com';
$frontend_url = "https://$site_domain";
$backend_url = "https://api.$site_domain";
$request = Request::create($backend_url);
$response = new TrustedRedirectResponse($frontend_url);
$request_context = $this->createMock(RequestContext::class);
$request_context
->method('getCompleteBaseUrl')
->willReturn($backend_url);
$container = new ContainerBuilder();
$container->set('router.request_context', $request_context);
\Drupal::setContainer($container);
$session_mock = $this->createMock(SessionInterface::class);
$session_mock
->expects($this->once())
->method('has')
->with('check_logged_in')
->willReturn(TRUE);
$session_mock
->expects($this->once())
->method('remove')
->with('check_logged_in');
$event_mock = $this->createMock(ResponseEvent::class);
$event_mock
->expects($this->once())
->method('getResponse')
->willReturn($response);
$event_mock
->expects($this->exactly(3))
->method('getRequest')
->willReturn($request);
$request
->setSession($session_mock);
$this
->getMockBuilder(Cookie::class)
->disableOriginalConstructor()
->onlyMethods([])
->getMock()
->addCheckToUrl($event_mock);
$this->assertSame("$frontend_url?check_logged_in=1", $response->getTargetUrl());
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment