Joomla! Issue Tracker | Joomla! CMS #32897 - [4] After authentication failure, return to the login page with a GET request

? ?

Fixed in Code Base
30 Mar 2021
Medium
Build: 4.0-dev
# 32897
Diff
PhilETaylor:faillogintoget

Pending

User tests: Successful: Unsuccessful:

PhilETaylor
28 Mar 2021

Pull Request for Issue # #32895

Summary of Changes

After attempting to login with invalid credentials, you are not redirected back to the login page, so pressing refresh actually attempts to send the POST request a second time.

Administrator login form doesn't follow Post/Redirect/Get pattern

(also a quick typo fix in comment)

Testing Instructions

Attempt to login to Joomla 4 with invalid credentials.
Inspect the requests/responses with browser inspector tools

Actual result BEFORE applying this Pull Request

Request: POST of invalid credentials
Response: HTML with error message, if you refresh the page the browser asks to resend the form

Expected result AFTER applying this Pull Request

Request: POST of invalid credentials
Response: 303 Other redirect to /administrator/index.php
browser follows redirect (not always shown in the inspector on some browsers, look hard, it fooled me too)
Response: GET /administrator/index.php, if you refresh the page the browser just performs a refresh (GET) and validation message is missing as its already displayed

Documentation Changes Required

none

d85a958 28 Mar 2021

after authentication failure, return to the login page with a get

PhilETaylor - open - 28 Mar 2021

PhilETaylor - change - 28 Mar 2021

Status

New

⇒

Pending

joomla-cms-bot - change - 28 Mar 2021

Category

⇒

Administration com_login

6319131 28 Mar 2021

Simplify the code nesting

PhilETaylor - change - 28 Mar 2021

Labels

Added: ?

5fe0333 28 Mar 2021

Further simplify the code

toivo - test_item - 29 Mar 2021 - Tested successfully

toivo - comment - 29 Mar 2021

I have tested this item ✅ successfully on 5fe0333

Tested successfully in Beta8-dev updated to 29 March in Windows 10 running Wampserver 3.2.4 and PHP 8.0.2.

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32897.}

ceford - test_item - 29 Mar 2021 - Tested successfully

ceford - comment - 29 Mar 2021

I have tested this item ✅ successfully on 5fe0333

I used the Firefox live headers and selected a un/pw not for my test site - surprised to see the pw in plain text in the record! A sobering lesson!

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32897.}

Quy - change - 29 Mar 2021

Status

Pending

⇒

Ready to Commit

Quy - comment - 29 Mar 2021

RTC

_{This comment was created with the J!Tracker Application at issues.joomla.org/tracker/joomla-cms/32897.}

rdeutz - close - 30 Mar 2021

rdeutz - merge - 30 Mar 2021

rdeutz - change - 30 Mar 2021

Status	Ready to Commit	⇒	Fixed in Code Base
Closed_Date	0000-00-00 00:00:00	⇒	2021-03-30 07:43:02
Closed_By		⇒	rdeutz
Labels	Added: ?

Add a Comment

Older
Newer

Joomla! Issue Tracker - CMS

[#32897] - [4] After authentication failure, return to the login page with a GET request

Summary of Changes

Testing Instructions

Actual result BEFORE applying this Pull Request

Expected result AFTER applying this Pull Request

Documentation Changes Required

Add a Comment