View Issue Details

IDProjectCategoryView StatusLast Update
0025110mantisbtauthenticationpublic2019-03-16 20:20
Reportercproensa Assigned Tocproensa  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version2.19.0 
Target Version2.20.0Fixed in Version2.20.0 
Summary0025110: Token error when login with a newly created user
Description

When login the first time with a new user, after setting the password, a token expiration error is displayed.

The problem is that the confirmation of account_update.php, after setting password, redirects again to account_update. The intended behaviour is to redirect to index.php.
On examination the page has two redirects:
<meta http-equiv="Refresh" content="2; URL='http://xxx/index.php'">
which is set by account_update, and the one that should exist and be triggered.
and:
<meta http-equiv="Refresh" content="2; URL='http://xxx/account_update.php'">
which is set by layout_api, layout_navbar_projects_menu(), and is wrong and the one the browser uses.
https://github.com/mantisbt/mantisbt/blob/release-2.18.0/core/layout_api.php#L559

so, this is related to the code that checks if the user only has one project, and his default is ALL_PROJECTS

Steps To Reproduce
  • Create a new user
  • Open the new link is a clean browser session without any previous session, cookies, etc. Use a clean private/temporary session.
  • After setting the user password, the error is displayed
TagsNo tags attached.

Relationships

related to 0007956 closedcproensa Disable project selection for users with only one project 
related to 0009826 closeddregad Single project user should default to the project, not All Projects 

Activities

cproensa

cproensa

2018-12-26 18:49

developer   ~0061106

@dregad
https://github.com/mantisbt/mantisbt/commit/cfa022bc1c7dd61d52ed22a8811811f14fbab5ae

Do you know why reloading the page is needed there?
Isn't it enough to change current project and default on the fly?

dregad

dregad

2018-12-28 11:06

developer   ~0061114

Do you know why reloading the page is needed there?

I might have added it to ensure that the project selector was correctly loaded after changing the current project, but honestly 6 years after the fact, I'm not really sure so your guess is as good as mine... ;-)

Note: with 2.0, that code moved to layout API layout_navbar_projects_menu(). The current code has an exception not to redirect if the page is manage_proj_create.php, so maybe another exception for your use case is needed here ? It is also possible that the redirect is no longer needed due to other changes in Mantis Core; and if it is maybe the same objective could be achieved with less intrusive logic than a page reload.

Related Changesets

MantisBT: master 8c704951

2018-12-31 05:53

cproensa

Committer: dregad


Details Diff
Rewrite hide project list and default project check

Previously, when a user only has one project, some things happens:
- The project selector was hidden, as it is not useful without more
projects.
- A check is performed where if current project is ALL_PROJECTS, then
current and default project are updated to the only available project.

To fix issues with that implementation, the logic has been separated:
- Helper function to check if the user has more than one project. It's
used in layout_api to decide if the project selector must be shown.
- Helper function to check if the user has ALL_PROJECTS as
current/default project when only one is available. In that case,
update current and modify default in user preferences.

Fixes: 0025110, 0025133
Affected Issues
0025110, 0025133
mod - core/current_user_api.php Diff File
mod - core/layout_api.php Diff File
mod - core/user_api.php Diff File