I get a redirect loop when I requested a page which is closed. this occurs when request is searching for a destination and it happens infinite. Because the destination is the closed page.

CommentFileSizeAuthor
#21 require_login-2986046-3012100-combined.patch5.85 KBmstrelan
#18 interdiff_10-18.txt401 bytesmetzlerd
#18 2986046-18.patch5.39 KBmetzlerd
#10 2986046-10.patch5 KBheddn
#10 interdiff_2-10.txt1.28 KBheddn
#6 Second.jpg92.55 KBm.lebedev
#6 First.jpg90.91 KBm.lebedev
#2 2863340.patch4.86 KBheddn

Comments

m.lebedev created an issue. See original summary.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
StatusFileSize
new 2863340.patch4.86 KB

This fixes the issue for me.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
Status: Active » Needs review
m.lebedev’s picture

m.lebedev commented

Hello.
It works. But... Next response have a not correct context and I again get a infinite redirect.
When I changed the LocalRedirectResponse on RedirectResponse, my problem fixed.

Thanks.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented

Re #4: can you expound what you mean? I don't follow you? The destination should be to a local resource. It includes 'internal:' as the prefix. So pushing that into a LocalRedirectResponse should not have any problems, no?

m.lebedev’s picture

m.lebedev commented
StatusFileSize
new First.jpg90.91 KB
new Second.jpg92.55 KB

Ok.
My steps:
From anonymous
1) Get /admin/structure/views
First

It's okay.
2) After that get /admin/people
Second

It's not okay. I get the ERR_TOO_MANY_REDIRECTS.

This error is may solved in this way:
Before:

      $redirect = Url::fromUri($redirectPath, ['query' => ['destination' => $path]])->toString();
      $response = new LocalRedirectResponse($redirect);
      $response->setRequestContext($this->requestContext);
      $event->setResponse($response)

After:

      $redirect = Url::fromUri($redirectPath, ['query' => ['destination' => $path]])->toString();
      $response = new RedirectResponse($redirect);
      $event->setResponse($response);
heddn’s picture

heddn
Primary language English
Location Nicaragua
commented

I cannot reproduce what you are seeing. Are you visiting multiple urls one, after another and it isn't working?

m.lebedev’s picture

m.lebedev commented

Yes, I am.

I could not determine the cause of the problem.
I checked on a clean installation of drupal and it works without problems.
But my current site has a problem. I was trying to find the cause, but failed.
As soon as there is time, I will try to fix it.

rymo’s picture

rymo
he/him
commented
Status: Needs review » Reviewed & tested by the community

patch #2 applies cleanly to 8.x-1.12 and fixes infinite redirect loop for non-anonymous paths on our production site. marking RTBC.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
Status: Reviewed & tested by the community » Needs review
StatusFileSize
new interdiff_2-10.txt1.28 KB
new 2986046-10.patch5 KB

I'm not able to reproduce the issue currently from #4/#6 currently, but off and on I am. And I think the reason is due to browser caching. Let's see if this fixes those outliers.

m.lebedev’s picture

m.lebedev commented

#10 I checked the patch. It solved my problem. Thanks.

Coops_’s picture

Coops_
Location London
commented

#10 works a treat, thanks. Clear your cache if you run into issues after applying the patch.

rroblik’s picture

rroblik commented

Patch #10 not working on my side (Drupal 8.6.2 / require_login 8.x-1.12) ...

Here is the fatal error :

ArgumentCountError: Too few arguments to function Drupal\require_login\EventSubscriber\RequireLoginSubscriber::__construct(), 6 passed in /mysite/html/web/core/lib/Drupal/Component/DependencyInjection/Container.php on line 282 and exactly 8 expected in Drupal\require_login\EventSubscriber\RequireLoginSubscriber->__construct() (line 103 of modules/contrib/require_login/src/EventSubscriber/RequireLoginSubscriber.php).

Patch applyed with composer cweagans/composer-patches

Any idea ?

EDIT : simply apply cache rebuild after patching if you are in same situation !

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
Status: Needs review » Reviewed & tested by the community

Seems like we have 2 corroborating testers of the patch in #10. So on to RTBC.

rymo’s picture

rymo
he/him
commented

like #13, I also had to rebuild cache to get past the "Too few arguments" error. should there be an update hook to eliminate that? this wasn't encountered with patch in #2.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
Status: Reviewed & tested by the community » Needs work

Good point. Needs an empty update hook to clear cache.

heddn’s picture

heddn
Primary language English
Location Nicaragua
commented
Issue tags: +Novice

Tagging novice.

metzlerd’s picture

metzlerd commented
StatusFileSize
new 2986046-18.patch5.39 KB
new interdiff_10-18.txt401 bytes

The prior example in the module had a call to drupal's clear cache functionality so I replicated it. Happy to change that if necessary.

metzlerd’s picture

metzlerd commented
Status: Needs work » Needs review
nwoodland’s picture

nwoodland commented

Patch from #18 worked great against 1.12. Thanks everyone!

mstrelan’s picture

mstrelan commented
StatusFileSize
new require_login-2986046-3012100-combined.patch5.85 KB

This patch works great but all the rearranging of use statements means I can't also apply the patch from #3012100: URL parameters not preserved after login. The attached patch combines the two together.

bobooon’s picture

bobooon commented
Status: Needs review » Reviewed & tested by the community
bobooon’s picture

bobooon commented
Status: Reviewed & tested by the community » Needs work

HttpExceptionSubscriberBase should be extended with an on403() method to handle redirects from normally access restricted pages. May have to rework EventSubscriberInterface to avoid stacked redirect responses that would totally defeat the fix.

Edit:
Should be able to use KernelEvents::EXCEPTION in getSubscribedEvents() instead of extending HttpExceptionSubscriberBase.

bobooon’s picture

bobooon commented
Status: Needs work » Reviewed & tested by the community

Issue has been fixed in latest code refactor and has been committed to the 8.x-1.x branch. New releases will be created soon.

Thanks for working on this @metzlerd and @heddn. Though the patches weren't used the discussion shed light on some fundamental implementation flaws. I'm not going into much detail since a lot has changed in the refactor but the solution involved an additional event subscriber on KernelEvents::EXCEPTION.

  /**
   * Login redirect on KernelEvents::EXCEPTION.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
   *   The event response.
   */
  public function exceptionRedirect(GetResponseEvent $event) {

    // Boolean to indicate request exception. Prevents additional login
    // requirement checks on KernelEvents::REQUEST which could cause
    // infinite loop redirects on protected pages.
    $this->requestException = TRUE;

    if ($redirect = $this->prepareLoginRedirect($event)) {
      $response = new RedirectResponse($redirect);
      $event->setResponse($response);
    }
  }

  /**
   * Login redirect on KernelEvents::REQUEST.
   *
   * @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
   *   The event response.
   */
  public function requestRedirect(GetResponseEvent $event) {
    if (!$this->requestException && ($redirect = $this->prepareLoginRedirect($event))) {
      $response = new RedirectResponse($redirect);
      $event->setResponse($response);
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getSubscribedEvents() {
    $events[KernelEvents::EXCEPTION][] = ['exceptionRedirect'];
    $events[KernelEvents::REQUEST][] = ['requestRedirect'];
    return $events;
  }
bobooon’s picture

bobooon commented
Status: Reviewed & tested by the community » Fixed

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.